Topic: Linux fan concedes Microsoft is more secure (Read 7440 times)

toasty0 · « **on:** February 17, 2005, 11:17:45 pm »

Vulnerability research claims shocking results

Iain Thomson at the RSA Conference in San Francisco, vnunet.com 17 Feb 2005

A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concludedthat Microsoft produces more secure code than its open source rivals.

In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.

"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."

The pair examined the number of vulnerabilities reported in both systems and the actual and average time it took to issue patches. In all three cases Windows Server 2003 came out ahead, with an average of 30 "days of risk" between a vulnerability being identified and patched compared to 71 from Red Hat.

But the academics acknowledged that some intangibles, including the relative attractiveness of Windows as a target for hackers, could skew the results. Nevertheless, many attacks these days are aimed at Linux servers rather than Windows systems.

"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."

The pair said that they lacked the funding to test other operating systems, such as the Apple OSX kernel, although they thought it was "amazingly" stable.

The long term aim is to set up a website so that system administrators could assess security vulnerabilities before investing in computer platforms.

"You would be a fool to make platform decisions without thinking about security," said Dr Ford. "When you choose a platform you have to factor in the costs of intrusion. It is not just the costs of a break in; it is the time spent running around making sure no one gets in."

http://www.vnunet.com/news/1161323

Nemesis · « **Reply #1 on:** February 18, 2005, 06:17:30 pm »

A question for you toasty. Why did you post two threads on this exact same study instead of posting both variant stories in one thread? I suggest killing the other thread as it is redundant.

Here is a link to the 2nd story

Quote from: toasty0 on February 17, 2005, 11:17:45 pm

In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.

Not enough information to really evaluate this. For one thing they don't even tell who funded it and what the goal of the "research" was. Most such studies are not done just for kicks.

I looked up Security Innovation and found this interesting quote: (not specifically referring to this article by the way)

Quote

This represents the twenty-third project that Security Innovation personnel has undertaken for Microsoft in the past several years.

Is it really surprising that a company that gets paid for so much research by Microsoft is supporting Microsoft? Until further details emerge I have to treat this as a suspicious rather than factual.

A quote from the 2nd article:

Quote

The setups were hypothetical, however. Both were in the most basic configuration

So hypothetically if someone were to set up minimal servers and apply no effort to secure them then maybe (Redhat) Linux is less secure? How about if two competent people each set up an actual useful server? Sorry toasty this sounds like Microsoft paid for FUD.

Commander Maxillius · « **Reply #2 on:** February 18, 2005, 09:40:07 pm »

Ya know what I think every time I read about security problems?

Shoulda got a Mac

;D;D;D;D;D

Pestalence_XC · « **Reply #3 on:** February 19, 2005, 12:41:42 am »

Quote from: Maxillius on February 18, 2005, 09:40:07 pm

Ya know what I think every time I read about security problems?

Shoulda got a Mac

;D;D;D;D;D

You see the major security flaws that I posted on Mac OS X that Windows solved years ago? Amazing that the flaws in BSD which were found almost a year ago anr showing up in OS X because people at Apple can't write their own software, they have to plagerize another OS and in doing so, they copy over the same security flaws...

Also, you can't play SFC on a MAC.. so what good is a MAC.. also, PC far surpasses MAC in graphics in today's standards, that is unless your MAC is running a PC video Card like the Geforce FX or 6800 Ultra series... OOps, I don't think mac has advanced enough for that high of quality graphics..

And Mac Softwae.. how much software do they have available as compared to PC.. how long does it take to port software over to Mac, so what is current for Mac? I prefer cutting edge games now, not 2 years from now, if they ever get ported... that is unless i want to run a WINDOWS emmulator on a mac to get the Mac to act like a PC because I can't admit that a PC ROXXORS..

anyhow, I see only about 2 to 3 people praise Mac.. and I agree it is a stable system, but very far from being secure.. Mac only found out about their multiple security flaws in OS X in Jan 2005, however BSD, the source code for OS X, knew about the problems for over a year.

also, there are hundreds of MAC specific macros, trojans, viruses, etc floating around, plus many more coming now that the Mini PC by Apple is coming out...

Just do a web search on Google or MSN Search and find out about the problems that Macs are now having...

I prefer my PC where I can get updates to my software every 15 days from Microsoft that seal security flaws instead of having an OS where the makers of the OS can't even check their own plagerized code for flaws a year after the software is in use on the open market in places like Banks or Multi-Million dollar corporations.. man talk about security flaws..

sorry, I just keep seeing you post the same thing without any evidence to back up Mac.. no offense intended Maxillius, but PC's blow Macs away on all fronts currently, at least until Mac can properly integrate a DOS mode to operate PC software and when they fix the flaws in the Core Kernel of the OS X OS and upgrade their graphics to PC standards.. Mac and Apple use to be the best, but in 1999, PC took the lead on graphics and hasn't let go.. Mac stated that they were going to start using PC Video Cards so that they could get back into the graphics game.. I'm not sure if they have done it as of yet, but seeing as how Mac is looking to PC Chipset Manufacturers to get back ito the running says a lot...

Sorry if this upsets anyone, but I just thought it should be pointed out..

_Rondo_GE The OutLaw · « **Reply #4 on:** February 25, 2005, 03:03:12 pm »

This wassome years back but I always thought (heard) that Linux was the preferred system for hackers...

Death_Merchant · « **Reply #5 on:** February 28, 2005, 11:09:49 pm »

Quote from: Pestalence on February 19, 2005, 12:41:42 am

sorry, I just keep seeing you post the same thing without any evidence to back up Mac.. no offense intended Maxillius, but PC's blow Macs away on all fronts currently, at least until Mac can properly integrate a DOS mode to operate PC software and when they fix the flaws in the Core Kernel of the OS X OS and upgrade their graphics to PC standards.. Mac and Apple use to be the best, but in 1999, PC took the lead on graphics and hasn't let go.. Mac stated that they were going to start using PC Video Cards so that they could get back into the graphics game.. I'm not sure if they have done it as of yet, but seeing as how Mac is looking to PC Chipset Manufacturers to get back ito the running says a lot...

Sorry if this upsets anyone, but I just thought it should be pointed out..

Is that Equine Graveyard forum still up?

FYI: My Apple stock was nearly $90 before the split today. It is now $44.86.
I bought ~4 years ago at $21

...and I've NEVER had a virus or Spyware on any Mac I've ever used. Ever. As in not one instance. Zero, Zilch, Nada, The Big Goose Egg

Disclaimer: Old DM only speaks for himself. He also prefers Coke to Pepsi, MaryAnn over Ginger, Sean Connery over Roger Moore, and thinks the nonexistent Starship Enterprise would beat the nonexistent Star Wars Star Destroyer, and Old DM is often dead-nuts wrong -> just ask his wife...

toasty0 · « **Reply #6 on:** February 28, 2005, 11:17:04 pm »

Quote from: Death_Merchant on February 28, 2005, 11:09:49 pm

Quote from: Pestalence on February 19, 2005, 12:41:42 am
sorry, I just keep seeing you post the same thing without any evidence to back up Mac.. no offense intended Maxillius, but PC's blow Macs away on all fronts currently, at least until Mac can properly integrate a DOS mode to operate PC software and when they fix the flaws in the Core Kernel of the OS X OS and upgrade their graphics to PC standards.. Mac and Apple use to be the best, but in 1999, PC took the lead on graphics and hasn't let go.. Mac stated that they were going to start using PC Video Cards so that they could get back into the graphics game.. I'm not sure if they have done it as of yet, but seeing as how Mac is looking to PC Chipset Manufacturers to get back ito the running says a lot...

Sorry if this upsets anyone, but I just thought it should be pointed out..

Is that Equine Graveyard forum still up?

FYI: My Apple stock was nearly $90 before the split today. It is now $44.86.
I bought ~4 years ago at $21

...and I've NEVER had a virus or Spyware on any Mac I've ever used. Ever. As in not one instance. Zero, Zilch, Nada, The Big Goose Egg

Disclaimer: Old DM only speaks for himself. He also prefers Coke to Pepsi, MaryAnn over Ginger, Sean Connery over Roger Moore, and thinks the nonexistent Starship Enterprise would beat the nonexistent Star Wars Star Destroyer, and Old DM is often dead-nuts wrong -> just ask his wife...

OMG, no virus or hack against the MAC OS?! This can mean only one thing, Digitalman, hackers, spoofers, and script kiddies have abandoned the Mac too.

Death_Merchant · « **Reply #7 on:** February 28, 2005, 11:39:27 pm »

Quote from: toasty0 on February 28, 2005, 11:17:04 pm

OMG, no virus or hack against the MAC OS?! This can mean only one thing, Digitalman, hackers, spoofers, and script kiddies have abandoned the Mac too.

chuckle....

Well bless their little hacker hearts

Clarification: Old DM prefers ORIGINAL Coke over Pepsi. He cannot abide the abominations that are "New", "Vanilla", or "Cherry" Coke. Also, what's with blue Gatorade? Nothing consumable in nature I can think of is EVER blue, save for mold.

Nemesis · « **Reply #8 on:** November 29, 2021, 02:49:21 am »

Quote from: toasty0 on February 17, 2005, 11:17:45 pm

Vulnerability research claims shocking results

Iain Thomson at the RSA Conference in San Francisco, vnunet.com 17 Feb 2005

A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concludedthat Microsoft produces more secure code than its open source rivals.

In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.

"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."

The pair examined the number of vulnerabilities reported in both systems and the actual and average time it took to issue patches. In all three cases Windows Server 2003 came out ahead, with an average of 30 "days of risk" between a vulnerability being identified and patched compared to 71 from Red Hat.

But the academics acknowledged that some intangibles, including the relative attractiveness of Windows as a target for hackers, could skew the results. Nevertheless, many attacks these days are aimed at Linux servers rather than Windows systems.

"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."

The pair said that they lacked the funding to test other operating systems, such as the Apple OSX kernel, although they thought it was "amazingly" stable.

The long term aim is to set up a website so that system administrators could assess security vulnerabilities before investing in computer platforms.

"You would be a fool to make platform decisions without thinking about security," said Dr Ford. "When you choose a platform you have to factor in the costs of intrusion. It is not just the costs of a break in; it is the time spent running around making sure no one gets in."

http://www.vnunet.com/news/1161323

This study was NOT done by Linux enthusiasts. They were employees of a company that does studies for order (outcome as desired by the person/company paying). It was never actually proven that Microsoft paid for it but where there were no Linux experts doing the Linux setup the Windows setup not only had MS employees working on it but they provided CUSTOMIZED code to make the Windows install better.

A redo supervised by Linux enthusiasts and Microsoft employees did result in Microsoft having a narrow win. The Linux programmers thanked Microsoft for helping them find where they were behind so they could fix things.

Javora · « **Reply #9 on:** November 30, 2021, 01:56:46 pm »

Well here’s a necro thread if I ever saw one…

Nemesis · « **Reply #10 on:** November 30, 2021, 04:58:44 pm »

I've been looking for a different thread and found that one among others. Decided to update it.

Tulwar · « **Reply #11 on:** December 01, 2021, 10:22:55 am »

As far as I know, there is no Linux variant that suffers from the piece of spyware MS calls a kernel.

Nemesis · « **Reply #12 on:** December 01, 2021, 04:34:54 pm »

There is, when they run Linux within Windows. Cruelty to kernels.

I had a Netbook with Win7 on it. I also had a Chromebook with similar specs and was doing a lot of Internet downloads at the Library (being unemployed at the time). The Chromebook A/ could connect much more reliably B/ had higher speeds it could reach C/ averaged about 3.5 times as much downloading per hour. I converted the Netbook to Linux and the A/B/C comments above applied to the Netbook vs Chromebook as the average downloads were around 10 times faster than the same Netbook with Win7 and the peak speed was 5 times higher and if anybody in the Library could connect that netbook would instead of it being knocked offline whenever someone sat near me with a desktop replacement laptop.

For me Linux is on my machines and other than short times after buying a new laptop (burning it in before wiping Windows for Linux) has been for over 10 years. Of course I'm not much of a gamer anymore but that was more due to all the spyware and required internet connection even to play single player games. I like my privacy.

Javora · « **Reply #13 on:** December 12, 2021, 03:00:43 am »

How has Google influenced Linux?

Nemesis · « **Reply #14 on:** December 12, 2021, 10:10:28 am »

Couldn't really say, mostly by kernel contributions as they use the kernel in their own in house server Linux, also in Android and of course the Chrome OS. Most of what is a Linux distribution is in the user land tools and desktop environments where they make their own proprietary variations. Microsoft also makes kernel contributions now.

knightstorm · « **Reply #15 on:** December 23, 2021, 02:11:30 pm »

Guess they fixed the $#@^ing penguin!
https://youtu.be/sCQQFJDkJlA

News: