digg

Facebook Connect Join Digg About

Microsoft FUDwatch: Windows vs. Linux security

blogs.cnet.com It's been at least a week since the last bout of Microsoft FUD hit the wires, so I guess it was time for a new wave. Today's FUD comes from an article Microsoft released on how its security compares with that of Linux. It should come as no surprise that Windows comes off as the Second Coming while Linux is left on the wrong side of Acheron.

Who dugg this? Made popular Nov 26, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

139 Comments

show profanity settings
expand all
  • nousplacidus, on 11/26/2007, -7/+58"With a proprietary product you entrust all security to the vendor. That may work most of the time. But for those times when it doesn't...well, you're worse than on your own. You're on your own without the legal right to help yourself. That doesn't sound like much of a security proposition to me."

    That is beautiful, and it is the very reason that OSS advocates point out how long it takes MS to put out patches, because without them patching the software you and your business are out of luck.

  • Wargalas, on 11/26/2007, -4/+44I feel dumber for having read your comment. I WANT a patch to come out as soon as possible. In fact, there are people who release vulnerabilities the day after "patch tuesday" simply because they know they have at least a month until Microsoft actually does anything about it.

    That's why all my servers are running Linux and that's why there's never been a successful attack on my servers or a virus running rampant through the network.
  • cenarta, on 11/26/2007, -9/+42It's pretty laughable that MS can put out a report where they claim to be more secure. As I read the article I was recounting in my head the first time I installed SQL Server on Windows Server 2003. I had a buddy of mine on the phone (my experience is with MySQL on nix systems) and laughed when I heard the panic in his voice when I told him that I had finished installing it and the box was connected to the internet. Apparently there are gaping security holes/exploits that script kiddies troll for by going through ip ranges. He told me he has seen a SQL server installation be exploited within minutes of being installed.

    I don't know about you guys, but I have never ever experienced that in any *nix environment ever. Oh well, we ended up scrapping the server anyway. The truth is security is simply done right in *nix, in Windows it always felt band-aided to me. I only make that statement from personal experience.
  • OBKenobi, on 11/26/2007, -12/+43After over a decade of development, Microsoft never even bothered to make a decent task manager. It's almost as if they don't want users to have control over their computers.
  • Sep11insidejob, on 11/26/2007, -5/+27***** I dugg you up by mistake.
  • 4DFX, on 11/26/2007, -8/+29Of course. Because they want the computers to have control over their users.
  • reginalduk, on 11/26/2007, -3/+23from the same lyrics...

    Well then Microsoft jumped in the game,
    copied Apple's interface, with an OS named,
    "Windows 3.1" - it was twice as lame,
    but the stock price rose and rose.

    Then Windows 95, then 98,
    man solitaire never ran so great,
    and every single version came out late,
    but I guess that's the way it goes.

    But that bloatware'll crash and delete your work,
    NT, ME, man, none of 'em work.
    Bill Gates may be richer than Captain Kirk,
    but the Windows OS blows!
    And sucks!
    At the same time!
  • Wargalas, on 11/26/2007, -4/+21It feels "band-aided" because it IS "band-aided" I have friends who work at Microsoft and they have all said that Windows should be scrapped and rewritten from the ground up. It's like if you owned a 1985 Ford Pickup that was decent when it came out, now it has rust holes everywhere, but you can't get rid of it and get a new truck.
  • elipabst, on 11/26/2007, -2/+19So you'd rather be running an insecure system the majority of the time rather than fix vulnerabilities within a day or 2? You sound like a lazy admin who would rather have less to do at the expense of your networks security. Good luck getting 0wned.
  • Hermmunster, on 11/26/2007, -5/+21Linux is proven secure (though no OS can be completely secure). Windows has proven insecure (though no OS can be totally insecure). The only thing that matters is the fact that one OS (Windows) gets taken down on a regular basis and a lot of that is due to their design, while the other OS (Linux) was designed to keep it more secure and compartmentalized.

    Since Microsoft has no "single" entity to confront it they can continue to blatantly lie about the OS and to mix words to mislead the world+dog. But honestly Linux is proving itself more and more capable every day while Windows is proving itself more and more insecure every day. Linux is growing by leaps and bounds while Vista is writhing in pain due to software obesity and privacy violations along with poor design.
  • inactive, on 11/26/2007, -2/+17So your point is you don't care about being up to date, and would rather have someone make it easy to keep up.
    Fine.
    But don't confuse your "I need it simple" crap with security.
    Don't congratulate them on dumbing it down for you.
  • yodaj007, on 11/26/2007, -2/+17They aren't idiots. Before SQL Server 2003 came out, they were right.
  • TehDoctor, on 11/26/2007, -3/+17Certainly, Tezdoll, but your servers are doubtless behind routers or gateways, the overwhelming majority of which run modified Linux or Cisco IOS, which is a POSIX, unix-like operating system.
  • yodaj007, on 11/26/2007, -1/+13What do you think the term "distribution" means? True, Ubuntu and Red Hat both have Apache, but Apache updates their own software and the distributors get it from Apache. You can get updates directly from Apache. You can update the kernel from kernel.org. How hard is this to understand? Look up the word "distribution" dumbass.
  • CapEnt, on 11/26/2007, -0/+12Yeah! This counts the thousands of sysadmins crying out there for a decent task manager? Just to remember you: Windows are used on servers too.
  • blackmage439, on 11/26/2007, -8/+19"Interoperability by design is a key element that is enabled through the Microsoft development model."

    And by "interoperability" Microsoft must be referring to legally shutting anti-virus developers out of Vista with a big "No kernel for you!", thereby gimping all other anti-virus programs, and forcing its users to trust Windows Defender instead of the anti-virus program of their choice...
  • FyberOptic, on 11/26/2007, -3/+14THIS JUST IN: Microsoft tries to promote their products as best. Why do we care? Linux and Apple users do the same damn thing all the time. Even things like Firefox claim to be the "fastest, safest, and best" browser, but two of those are absolutely proven not true, and one of them is opinion. That doesn't stop them from advertising it as such anyway. And nobody cries fowl then. Hypocrisy is grand, aint it?

    And speaking of Firefox, that's still the only browser Digg is accepting comments from lately. No Opera, Safari, or even IE. Talk about bad programming.
  • yodaj007, on 11/26/2007, -3/+14He never said anything about Oracle or putting a server out on the internet with all ports open. WTF are you talking about?
  • ninjad, on 11/26/2007, -1/+12the article didn't mention that linux security issues and bugs are patched much faster than in windows.
  • CapEnt, on 11/26/2007, -2/+10Several Linux distros exist, but all share the same software with the same patches, just varying in how they are configured and the default set of software.
  • Stonekeeper, on 11/26/2007, -0/+8That's like eating excrement for breakfast.
  • philhatesyou, on 11/26/2007, -1/+9I have compensated for your mistake.
  • monikerd, on 11/27/2007, -0/+8FUD is all they have left.
  • brianary, on 11/26/2007, -5/+12No reported vulnerabilities, but doesn't Microsoft generally keep that stuff secret? There have been two service packs, and several post-sp2 hotfixes.
  • Hermmunster, on 11/26/2007, -0/+7There are a lot of small systems integrators and other support groups that want significant improvements to the diagnostic tools in Windows (such as MSconfig). When Vista came out they had ample opportunity to make such a change. It is important that we have these facilities because it is through these facilities that we can more effectively diagnose issues. Now, even though 99% of the user base could care less, to that remaining 1% it is extremely important to them. We need a tool that is significantly more flexible and more easily navigated, but we got the same old piece of ***** found in XP.

    So, you are way off base when you say that because 90%+ of users don't care about it, because the 1% that supports those 90%+ do care.
  • bmartin, on 11/26/2007, -1/+8Why don't you study the structure of what makes Linux secure? Without that knowledge, you can't really contribute anything useful to a conversation such as this one. Linux was designed bottom-up with security in mind; Windows uses band-aids.
  • vertexoflife, on 11/26/2007, -0/+7You know, for a name like think freely this guy has a really closed mind.
  • Hermmunster, on 11/26/2007, -0/+7The only real concern for compatibility should be in standards. What I mean is standards that are approved by standards organizations tasked with approving them for the world at large. Generally this means open standards not closed standards.

    You are right though in that large businesses (and that's the real differentiating key phrase here) won't readily adopt. But your are wrong in that you believe that there's a higher cost of support and fewer training staff (in a relative sense). What you probably don't remember, because maybe you weren't in the field then, was that when we transitioned to Windows from DOS or even from the typewriter to the computer, we had the same issues. There was no real warranty of service, there was a significantly higher overhead for administration, no guaranteed updates, higher costs to support, training issues, little to no compatibility, and certainly no standards).

    Honestly, those are just excuses. One must wonder who has been filling your head with that sort of nonsense.

    As for your public terminals--I suspect it is a matter of company policy that prohibits it rather than any legal or practical (real or contrived) cause.

    We can surmise this because certainly there have been hundreds of thousands of customers in every kind of government that do use Linux (the Ubuntu flavor, among others) and they are successful in complying with standards, have established training programs, have warranty of service through their support contracts, etc.

    In fact, there are many countries standardizing on Linux. There are whole city governments in Europe that have adopted and use Linux, and that means tens of thousands of workstations at single locations using the Linux OS and they have the tools and the software, and they are complying with standards.

    Your argument may seem to be a practical one that is meant to influence people to your side of the argument but in reality it is way off base. Governments around the world have adopted it, businesses across the world have adopted it, educational institutions, large US businesses are using it and developing for it, from Sun, from IBM, from NASA, from major car companies. The list is endless. Yes, many also use Windows too.

    And remember the open doc format is the one format that has been achieved ISO standardization where Microsoft's OOXML has failed this achievement.
  • krische, on 11/26/2007, -5/+11Exactly, thats what Apple did with OS X, sure it seemed like a rough change at first, but now it seems to be working out for the best.
  • LlamaKing, on 11/26/2007, -1/+7"As many as one in every 10 Web sites is infected with malware"

    This is straight from the Microsoft article. I bet that the other 9 are running Linux. Way to bend the facts ;).
  • EEdesigner, on 11/26/2007, -3/+9Ah, Microsoft....just like Dan Rather...."Fake, but true." Sorry, but my wife and I have successfully transitioned to a Microsoft free home environment. Things just work.
  • Danikar, on 11/26/2007, -2/+8I'd say the only good reason to use windows anymore is for gaming. And hopefully in the next decade or so that will be remedied. I use Linux, Mac OS and Windows. In terms of difficultly to use, learning curve, and security for a normal user. I would say it doesn't really matter. But, I hope Linux is where the future turns because Open Source allows for our computing to be more dynamic. Proprietary software will probably never die, and in some cases that is probably a good thing, but hopefully we will not be so dependent on it. No company has the right to be the gatekeeper.
  • TehDoctor, on 11/26/2007, -0/+5Sure the majority isn't clamoring for a better manager, but if Windows had something better than that pitiful excuse for a process-control frontend, many people would learn to use it to make their system operate more smoothly. Controlling processes isn't that hard, but if there's no way to do it, you'd never know.
  • OroCHU, on 11/26/2007, -1/+6That view assumes a monolithic security model, as in Windows. The general philosophy in *nix is to create many small, independent utilities/modules. This leads to a model that is compartmentalized rather than monolithic, such that each module should not trust any other module, preventing a flaw in one module from compromising anything else (aside from one in the kernel, of course).
  • andycr512, on 11/26/2007, -0/+5What claims did I make? Let's go through them.

    "When you say "vulnerabilities", you mean -published- vulnerabilities."

    That much is pretty safe to say. Microsoft doesn't publish unpublished vulnerabilities - when they do, they become published.

    "Obviously Microsoft will not publish something if people don't know about it already; they will patch it quietly when they find a fix and move on."

    This behavior has been seen many times. It's par for the course in proprietary software.

    "With Linux, that can't be risked since everyone has access to the source code, so it is more likely that a vulnerability will be discovered - both by the good guys and by the bad. There are more "good guys" than bad,"

    Again, a very safe assumption. Open source code means easier to discover vulnerability to those looking at the code. There are good and bad people looking at the code. There are more people interested in improving the software than there are in exploiting it.

    "so they see the vulnerabilities and patch them quickly, thus creating the higher incidence of vulnerability reports as well a higher number of patches."

    What claims did I make here? That Linux developers patch unfixed, self-discovered patches more often than users of Windows (which is obviously true since users of Windows don't get the source code), resulting in a higher number of published vulnerabilities. I would think this would be obvious.
  • vafada, on 11/26/2007, -1/+6I agree. The only reason I dual boot is because of games. If i can play my games (TF2, HL2, Unreal, bioshock, etc) in Linux, i won't bother dual booting my machine.
  • lengau, on 11/26/2007, -0/+5@EntropyFan - If I'm thinking of the same security flaws he is, there was a period of several months from the discovery to the patching of those flaws. It could quite easily have been a completely patched system and it still would have been exploited.

    Second of all, putting a server online with all ports open is VERY different from directly connecting a machine to the internet. He mentioned directly connecting it, not opening up all 65535 ports.
    Sorry, you lose. Play again.
  • lengau, on 11/27/2007, -0/+5http://www.microsoft.com/technet/security/current. ...
    For example: http://www.microsoft.com/technet/security/Bulletin ...
    http://www.microsoft.com/technet/security/Bulletin ...
    http://www.microsoft.com/technet/security/Bulletin ...
    and don't forget http://www.microsoft.com/technet/security/Bulletin ...
    Of course, Microsoft aren't the only ones reporting bugs. http://www.ngssoftware.com/advisories/mssql-udp.tx ...
    http://www.imperva.com/application_defense_center/ ...
    Next time though, it would be nice if you'd http://*****.com
  • init100, on 11/26/2007, -0/+5"There are so many incredibly uneducated people on Digg."

    Don't mistake a different opinion for a lack of education. But of course, you just see what you want to see.
  • vertexoflife, on 11/26/2007, -1/+6For a name like think freely this guy has a pretty closed mind.
  • baalzebub, on 11/26/2007, -1/+6i feel i don't have control over the software on my systems unless i have the source code to build as i see fit to build it Free Open Source Software (Linux) offers this fine grained control...
  • init100, on 11/26/2007, -1/+5"But one thing that really pisses me off and turned me off Linux and Macs was the fanboism."

    Because there is no such thing as a Windows fanboy. /sarcasm
  • slythfox, on 11/27/2007, -0/+4Part of the "many eyes" concept is that end-users may stumble across issues, not developers. These issues can be reported and fixed. From my experience with using Open Source applications, it is easier to report bugs, and they are less likely ignored by developers. Furthermore, I feel as if I have a duty as an end-user using free software to report issues.
  • cenarta, on 11/26/2007, -0/+4Except for the fact that I was loading the server many years ago, right when server 2003 came out. So yes, it was a copy of SQL Server 2000, but at that time it was the ONLY copy of SQL Server.
  • OBKenobi, on 11/27/2007, -1/+5Yeah. A program made by a couple of people that all of Microsoft never thought of making in all the years of Windows' existence. How about Autoruns? In all the years of Windows existence, Microsoft never thought that users need control over applications that launch at startup.

    I doubt Microsoft is that stupid. Or are they?
  • zwaldowski, on 11/26/2007, -0/+4Pot, meet kettle. Blocked.
  • Stonekeeper, on 11/26/2007, -2/+6"and IIS has been, BY FAR, the most secure web server on the market."
    Nurse! Bedpan!
  • inactive, on 11/26/2007, -1/+5Really? No. There have been two Service Packs and endless Hotfixes. Perhaps these were just to make "admins" think that they're doing some work... Or maybe they were trying to fix all the undisclosed vulnerabilities....
  • pcpimpster, on 11/26/2007, -0/+4You mean SQL Server 2005, there is no 2003 of SQL
  • cenarta, on 11/26/2007, -0/+4oh yah, forgot to add that we WERE NOT exploited because I had everything behind my OpenBSD pf firewall and I hadn't opened up any outside ports to this box. My buddy relaxed after I reminded him of that fact. Sorry, I should have put that in my original comment.
    pf, never leave home without it :)
  • Fetching more discussions...
    Show 51 - 100 of 139 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.