Digg

Discover the best of the web!
Learn more about Digg by taking the tour.

Hell freezes: Windows listed as most secure OS

internetnews.com — Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.

Bury

estvir 1 year 107 days ago, made popular 1 year 106 days ago

2276 diggs
digg it

366 Comments
Who Dugg It?
Blog It
Email It

SolCheetah, on 10/12/2007, -205/+69It's too bad they didn't include an OS that's actually fairly secure, such as OpenBSD in this study.
- godamit, on 10/12/2007, -105/+289Not a popular opinion, but I agree. Windows XP with all patches and service packs, firewall and proper anti-virus is stable as the Great Wall of China.
- fintheman, on 10/12/2007, -57/+142This should be interesting
  
  I take it that the fanboys will "think" they know more than the security researchers at one of the largest and one of the most trusted security companies in the world.
  
  Symantec, historically, has never been "friendly" towards Microsoft either.
- Pile, on 10/12/2007, -64/+55Symantec is talking about secure OSes? Maybe if you don't have any of their products installed.
- SultanTravi, on 10/12/2007, -105/+155The thing is, people assume that Mac OS X is more secure.
  They're wrong. It's just that no one wants to write malware and viruses for an OS if they won't spread, and won't hit many people.
  
  On my Vista and XP partitions, I never have problems. In the rare event of a virus, it gets locked down immediately. My computer doesn't crash, and it doesn't get viruses.
- Asianwaste, on 10/12/2007, -37/+115As bad as people harp on Windows XP being buggy and vulnerable, you have to give some points to Microsoft for endlessly sending fix after fix, and the patches for the bugs in the patches. Sometimes I think sending those error reports after Windows encounters a serious problem and must shut down does squat, but then days like these where I might be convinced that someone is actually looking at them.
- RedLion, on 10/12/2007, -36/+46pile: if you don't believe symantec then read this independent zdnet story where they came out with a similar conclusion @ http://blogs.zdnet.com/security/?p=135 (yes, this story has also a graph)
- zybch, on 10/12/2007, -34/+177Its gotta be so frigging tough for MS to even get windows working.
  Because of their huge user base they can't do an 'Apple' and just toss out all backwards compatibility and rewrite the OS from scratch with security and stability in mind! I don't doubt that MS could create an almost totally secure OS if they didn't have to worry about making windows so compatible that even old DOS programs from 15 years ago work without any major problems.
- Hellmark, on 10/12/2007, -55/+30In the report, they said that MS had the fewest number of patches. Well, if you release updates slowly (ie, Just once a month), or do not take care of all issues, the same can be said.
  
  Also, when it comes to linux, what all figures in for vulnerabilities? Since linux is highly customizable at install time, that can be hard to say. Is it just Kernel vulnerabilities, is it including them in commonly used applications too? Gotta compare apples to apples, and that can be difficult with linux.
- saggygrandma, on 10/12/2007, -89/+42Windows is where all of Symantecs revenue comes from, of course they will scare monger you in to buying windows. Its not like you would bother buying their AV for mac! Their antivirus is ***** bloatware anyway....
- Odweaver, on 10/12/2007, -33/+22If you install the right stuff it can be stable, but then again you have to know the right stuff, last weekend I attempted to fix a computer illiterate family friend's brand new laptop of two week with windows vista on it, and on the same day I removed 17 viruses from his xp box that was fully patched and using norton, he didn't notice a damn thing was wrong untill I installed avast and ran a boot-time scan and found the viruses.
- Pile, on 10/12/2007, -43/+25That's how they arrive at the bogus figures.
  
  When they tally Windows patches, they only count the core windows update patches. They ignore patches for the other services and applications like Office.
  
  When they tally the competitors patches, they count everything, including goofy little services that most people may not even be using or have installed. Since Unix gives the user exponentially more free software and application options, there will be more systems that will be updated... this in no way is ANY reliable indicator of the security of the operating system.
  
  They're comparing apples to peanuts. Show me a study where they itemize each patch they count and we can look at the patches and determine if they're relevent or they're some stupid patch for a subsystem that was abandoned five years ago and happens to still be available on a distribution library.
- ufia, on 10/12/2007, -37/+26Symantec, the same company who got bribed to ignore Sony's rootkit in virus-scan.
  
  How much pocket change they received to say Windows is most secure OS?
- i64X, on 10/12/2007, -24/+73>> saggygrandma
  
  If your comment made any sense, wouldn't Symantec be calling Windows the LEAST secure operating system in order to try to get you to buy their products to protect it?
  
  >> pile
  >> they only count the core windows update patches. They ignore patches for the other services and applications like Office
  >> They're comparing apples to peanuts
  
  You're comparing an office suite to an OS.
- arbiterxero, on 10/12/2007, -24/+23Page 92
  "For each individual patch from these vendors, the time lapse between the patch release date and the
  publish date of the vulnerability is computed."
  
  Published, not initially found.
  
  So if microsoft doesn't tell you it's a vulnerability, that day doesn't count, instead of KNOWING there's an issue, you're running blind... I feel MUCH safer.
- Hellmark, on 10/12/2007, -30/+42Look at that, people getting dugg down for asking how the vulnerabilities were compared. Is it a bad thing to ask questions about the validity of a statement now a days?
  
  Just tell what all was included. Was it just kernel patches, browser patches too, commonly used software?
- Jagdwulfe, on 10/12/2007, -30/+25I am wondering how much Microsoft paid off the people that wrote the article ;)
- Tenoq, on 10/12/2007, -38/+43Can't argue with the figures, but the conclusion is wrong. The conclusion should be that "Windows security vulnerabilities are patched faster than any other OS in the last year."
  
  Least vulnerabilities != most secure OS.
  Least exploits = most secure OS.
  
  Regardless of how many or how quick MS patches their OS, it still has 99.9% of all the malicious code written for it. By default, it makes anything else more secure, regardless of the number of vulnerabilities discovered.
- bmeckel, on 10/12/2007, -23/+14only problem is that the windows ones are viruses, where the mac one's are small and not important.
- Quix, on 10/12/2007, -33/+39"The thing is, people assume that Mac OS X is more secure. They're wrong. It's just that no one wants to write malware and viruses for an OS if they won't spread, and won't hit many people." - sultantravi
  
  So what exactly does "secure" mean? Does it mean "difficult to attack" or does it mean "not attacked very often?" The Windows fans rejoice from this report (thank you estvir, Microsoft's Digg PR spokesman), but it's an INDISPUTABLE fact that Windows users are the victims of FAR more attacks (yes, even proportionately speaking) than OS X users. This story is spin at its greatest.
  
  What's more secure: a door with a deadbolt in Compton, CA or an unlocked screen door in Astoria, OR?
  
  Hold on to that false sense of hope, Windows users. You can digg up as many stories like this as you'd like, but my experience (as both a long-time Windows user and an OS X user) plus the experience of my neighbors/relatives for which I'm often asked to do spyware removal work says anyone claiming Windows to be a safer user environment is yanking your chain and laughing about it.
- shrewduser, on 10/12/2007, -21/+17"
  If your comment made any sense, wouldn't Symantec be calling Windows the LEAST secure operating system in order to try to get you to buy their products to protect it?
  "
  
  not if they see a trend of people (especially enterprise people) moving away from windows and no longer requiring their "services".....
- TheShad0w, on 10/12/2007, -19/+20BS http://www.openbsd.org/security.html Digg me down I don't care. Until they can claim OpenBSD's track record they aren't anything special.
- HeliumHigh, on 10/12/2007, -13/+40@godamit
  You do know the great wall of china failed to keep the huns out right?
  
  As far as stable and secure, ya, it actually is. MS almost dropped longhorn/vista to get SP2 out. SP2 did a pretty good job of patching stuff up. I still don't like to touch anything other then sites I already know are good in IE7, but its actually getting up to par. I will argue though, that linux still has a better security implementation method. Windows had to be kicked by a firewall into playing nice on the internet playground, linux on the other hand has been very secure for a long time. And if you want crazy security, try OpenBSD. That thing is rock solid.
- zdiggler, on 10/12/2007, -23/+6My password is blank, only user is Administrator no firewall, no virus checker. Only thing I use it WinPatrol to monitor start ups and new services.
  
  I have highschool kids and their friends come over and download music, go on websites etc and Never EVER found any virus or Trojans when I do scan.
  
  No body nows day write virus anymore. Just stupid programs for marketing. :(
- malkir, on 10/12/2007, -23/+32Did any of you bother to count the severity of the vulnerabilities? Microsoft wins most insecure by that metric. Did anyone claiming that Symantec hates Microsoft even consider in their tiny little head that Symantec would not exist except for insecure Windows Platforms? Use your heads people.
- changyang1230, on 10/12/2007, -15/+93What's happening to Digg today? Microsoft fanboy day?
  
  I don't disagree with the article, but it's just weird to see digg crowd actually digging up pro-Windows comments.
- ajchavar, on 10/12/2007, -14/+24i think one thing most people overlook is that most of the problem with viruses lies with the user, if youre a moron, you'll be more prone than someone who knows how to use a computer "safely."
  
  all the OSs are pretty much equal if a person is using them who knows how to protect themselves.
- rasterbator, on 10/12/2007, -24/+47You are coming to a sad realization. Cancel or Allow?
- solemnraven, on 10/12/2007, -22/+7@zybch
  have you ever tried to run 9x games/apps on an NT(NT4, 2k, XP) OS?
  didn't think so (it works maybe 1 out of 10 times)
  
  windows 2000(NT 5 technically) and XP (NT 6) were only so good at compatibility b/c the only changes were pretty much cosmetics and slightly enhanced functionality. Where as, 9x to NT and now NT to Vista are core level upgrades to the o/s.
  
  Vista is (semi)backwards compatible FOR NOW using a virtual pc type method.
  Which, while faily slow and resource intensive, works pretty well.
  BUT,
  MS ALREADY has plans to totally REMOVE backwards compatibility in one of the first service packs for the os.
  for "Security reasons" they say, but who knows with them.
  
  you just wait and see.
- Hellmark, on 10/12/2007, -7/+15@solemnraven - XP is NT 5.1
  
  @changyang1230 - and digging down anything that isn't pro microsoft. Ask valid questions, or make valid statements, and you get dugg down. Doesn't matter what you say.
  
  @zdiggler - Without any malware scanners, how can you find malware? Thats like saying, "I don't have an answering machine or caller ID, but no one calls me when I'm not home!"
- SVPirate, on 10/12/2007, -28/+72I've never heard such a crock of BS in my life. This is a half-assed article that draws a false conclusion by looking at a narrow field of facts. Microsoft on average patch holes faster than anyone else, this does NOT make their OS the most secure, NOR does it mean they are the kings of the OS hill. They HAVE to do this to keep on top of the huge number of vulnerabilities in Windows and stop their users' computers being exploited. And do you know the worst thing about all this? DESPITE this super-amazing rate of vulnerability patching they have failed (with XP at least) to stop millions of PCs being turned into Spam and DDoS zombies. I know some of it is due in part to user idiocy but it's not their fault their new PC shipped with such a festering pile of junk of an OS. I'm just thankful Vista actually makes some attempt to stop this kinda crap happening from the get-go, but I really don't even hold out much hope for it being as secure as it is now in 2 years time.
  
  OK I'm done you can start digging me down now...
- avihappy, on 10/12/2007, -20/+8POLL TIME!!!!
  
  Do you believe this?
  No ----> http://impoll.net/cgi-bin/v.cgi?p=1511&r=0
  Yes ----> http://impoll.net/cgi-bin/v.cgi?p=1511&r=1
- solemnraven, on 10/12/2007, -9/+3@Hellmark
  forgive my minor error.
  
  the facts still stand, and the people digging me down, obviously never deal with any computers made after the year 2000
  or worked in any kind of IT field.
- avihappy, on 10/12/2007, -15/+7Results So Far of my Poll!
  
  No (14)
  |||||||||||||||||||||||||||||||||||||||||||||||||| 58%
  Yes (10)
  |||||||||||||||||||||||||||||||||||| 42%
  
  Total Votes: 24
- nofxjunkee, on 10/12/2007, -9/+3@zybch: MS has absolutely no obligation to support decrepit 16-bit DOS programs and they are doing more people a disservice by keeping so much legacy support (can you imagine the hacks present in Windows' code?) than they are helping a few. Whether or not monetary compensation has a role in the legacy support is pretty irrelevant. As the OS used by 90% of the population they should look to serve as many of them as possible. Removing cruft should be part of regular maintenance. Obviously they have to tread carefully because of their large user base but they have the resources to do it properly.
  
  They need not rewrite the OS as you claim Apple did (they used an existing one), they can just maintain their own code. Ha, by which I mean they *should* be able to maintain their own code.
  
  [obligatory, slightly adapted, Tarantino quote: "People here must think it's MS fanboy day... it's not MS fanboy day is it? ... No. It's definitely not MS fanboy day."]
- cbrack, on 10/12/2007, -14/+13"Not a popular opinion, but I agree. Windows XP with all patches and service packs, firewall and proper anti-virus is stable as the Great Wall of China."
  
  Stable was DEFINITELY not the right word to use there.
- 21chrisp, on 10/12/2007, -8/+3"What's happening to Digg today? Microsoft fanboy day?
  
  I don't disagree with the article, but it's just weird to see digg crowd actually digging up pro-Windows comments."
  
  You're coming to a sad realization.. oh sorry wrong article.
  
  I think the MS fans have some pent up rage.
  
  Total number is not a very good gauge for security though. It only takes one major flaw to take down an OS. You have to compare how many major flaws were around and total number of days they were unpatched. The total number of days a single major flaw was left unpatched for a year would be the most important metric. I have a feeling that would change the results.
  
  Either way, MS has improved a lot over the past several years and deserves credit for that much.
- Devils, on 10/12/2007, -8/+3@zdiggler:
  Then you underestimate your "high school kids". I'm sure as hell you either have no idea what you're talking about or your kid has fixed up your PC for you. Go check, I'm sure those crazy "high school kids" (I love how were just... so STUPID! Hrm, I wonder if thats... your guy's fault?) don't surf phishing and cracker websites, I'm sure they're using Firefox and I'm sure your kid knows how to block the pop ups and stop the spy ware using the host file or with their favorite application (usually open source) like EVERYONE ELSE IN MY GENERATION.
  
  God people like you piss me off. Hurry up and drop dead so I can inherit the earth.
- Hellmark, on 10/12/2007, -4/+1@solemnraven - Yeah, minor mistake, just figured I would point it out to you while I was posting. It is no biggie.
- Devils, on 10/12/2007, -8/+16I think the easiest way for us webmasters to test this out is to go out and download some of the security frameworks. Run the Packet-forest security assessment tool (its a port scanner). Notice the number of exploits setup for a 'stock' Windows SBS03 server (this is what I have running, sorry, cant test it on any other version) compared to the number shown when scanning a netBSD server running apache2.0. If you would like to go ahead and try these exploits, youll notice that this framework provides a numerical base for the "difficulty" of penetrating target machine. Any time you identify via portscanning that a machine is running netBSD, freeBSD or openBSD (hehe, and my gentoo linux server, but thats another story) will give you a difficulty of "999999999" with a built in comment appearing that says "good luck!" if you attempt it.
  
  I think the largest opensource 'crackerhacker' framework speaks for itself.
  
  Windows needs about 3 applications to be 'secure' and about 50 updates from SP2 to current and updates for Windows Defender and ClamWin anti-virus. After that its to Spybot Search and Destory, update, immunize, restart. Now comes the fun part, disable as many services as possible. If you dont print, turn off print spooling, if you have no speakers, turn off windows audio. if you have no other users, turn off user switching and dynamic user accounts and security account information. Enable classic shell and install Firefox2. Add my own list of bad sites to the host file. Disable IE6/7 to everything except windows update. Turn off windows update and add a script that times your updates using an opensource implementation of the cron system for windows (uses ALOT less ram). Restart. Update EVERYTHING again. Finish disabling windows error serivces, BITs and almost all other LAN services including DHCP (add a static address). Now, I go to my router and configure my firewall there. NOW I can restart, plug in the ethernet, and BAM! A working machine!
  
  Linux:
  dhcpcd eth0
  ifconfig eth0
  ping -c 3 google.com
  echo "huray! teh intran3tz!"
- scooter17, on 10/12/2007, -5/+2@godamit
  
  God damn Mongolians!!!
- JonForTheWin, on 10/12/2007, -4/+21Yeah because we all know a memory leak in mplayer is JUST AS SERIOUS as spyware that runs in kernel mode.
- phoggey, on 10/12/2007, -8/+3I love it how people say some stuff, and then they go
  
  "ok i'm through, digg me down."
  
  then everyone digs them up. well, digg me up!!
- Yoshi39, on 10/12/2007, -1/+4@devil
  I thought I'd verify your claims (nothing personal but I simply don't trust stuff I read on the internet) however I was unable to find a tool called "Packet-forest security assessment tool"could you provide me with a link?
- rhesuspieces00, on 10/12/2007, -3/+3Something else that should be considered is that the period when this survey was conducted included the "month of apple bugs." (Which might have been intentional.) Not to say that those exploits weren't legitimate, but when several of the top security researchers get pissed at apple (for good reason - there was a digg article about it recently) and decide to devote the bulk of their time and energy to finding problems with one OS, and then publish those exploits without giving apple advance notice, its going to severely skew the results. I'm not trying to defend Apple here. As a long-time mac user, I would really like to see Apple start taking security seriously BEFORE malware becomes a problem, not after. But that said, this survey is meaningless.
  
  Moreover, Symantec has a long history of FUD. There business model depends upon convincing people that their OS is insecure and that the appropriate course of action is to purchase products from Symantec.
- r3zonance, on 10/12/2007, -4/+6"The thing is, people assume that Mac OS X is more secure.
  They're wrong. It's just that no one wants to write malware and viruses for an OS if they won't spread, and won't hit many people"
  
  That has nothing to do with how secure an OS is. That's just how targeted the OS is by the bad guys.
- sirhomer, on 10/12/2007, -5/+4All this means is Windows is patched more then other OS in the market, what does that tell you?
  
  The title is wrong.
- BassJunkie, on 10/12/2007, -2/+3I find it more interesting to look at the severity rather then the number of problems: Windows: 39 with 12 classed as serious and Red Hat with 203 with only 2 classed as serious? and just because MS had a shorter time to sort out fewer higher risk issues they are more secure then an OS that had only 2 serious errors, which might have been sorted fairly sharpish!
  
  I'm not trying to bash windows as I think for all the bad press MS takes they do a great job of trying to keep on top of the security holes problem and as another user said a bit further up they haven't ever (or rarely) get viruses/malware and if they do they know how to deal with it! When computers start misbehaving 90% of the time it is down to something the end user has done, either by installing a ton of malware with kazaa or opening that i love you.jpg.exe attathment from that person they don't know! A little bit of knowledge and a few choice programs can go along way to securing a computer, along with some common sense!
- brlittle, on 10/12/2007, -2/+6@fintheman:
  
  With all due respect: Blow me.
  
  Did you actually _read_ the report? What it says is that Windows is most secure, based solely on how fast it turns around fixes. This is basically a meaningless measure, taken by itself, and as reported, it's twisted completely out of context.
  
  So Apple took 66 days, on _average_, to patch flaws, eh? How many were rated critical? Ah...now how many Windows flaws were rated critical?
  
  Yeah, now you're cooking with gas there Sherlock.
  
  I'll take my Mac with its ONE critical flaw, wait the extra few days for the patch, and still be safer than your PC with its TWELVE critical flaws, over that same period.
- lukas88, on 10/12/2007, -6/+1@brlitte
  Apple and linux have less critical "security flaws" because there are less people trying to exploit them.
  
  Impressive, considering linux and apple only have to defend against, at most, a small, unruly mob. In contrast, windows has to defend against a ***** army of hackers.
  
  There are reasons to dislike microsoft. The security of the operating system is not one, and it hasn't been ever since SP2.
- zachblume, on 10/12/2007, -2/+1Here's my theory. Windows can be as secure, if not better than Linux or apple. The thing is, Linux and apple typically have safe DEFAULT settings. You turn it on, security is pretty much set not to suck (okay, maybe a few things need to be done, but you know what I'm saying. You won't be compromised in less than 3 seconds like a window machine will when connected to the internet). You turn windows on, then install clamwin firewall and spyware terminator, get rid of a bunch of processes, the sucky windows built-in firewall, make sure this is turned on and that is off and on and on and on...
  
  Once you get a windows setup perfect though, it IS a thing of beauty. Windows is power. You have to know how to use it.
- OBKenobi, on 10/12/2007, -3/+1[quote]Not a popular opinion, but I agree. Windows XP with all patches and service packs, firewall and proper anti-virus is stable as the Great Wall of China.[/quote]
  
  Unless you're a pirate, you have to buy those applications. The ones that come with XP are practically useless against real threats as shown in tests. So add their cost to XP's, and don't forget that the AV usually comes with a one year license, so you'll have to pay again next year.
  
  Ofcourse Symantec would rather have you using Windows and potentially their products rather than OS X or Linux, which don't need Symantec's bloatware to be secure.
Inqu, on 10/24/2007, -63/+237*waits for the Linux and Apple fanboys heads to explode*
- Akaji, on 10/24/2007, -128/+43This is Symantec. Why would anyone care what they say, especially knowledgable nerds?
- RedLion, on 10/24/2007, -43/+133Akaji: because they backed their statements up with facts?
- JamesWilson, on 10/24/2007, -76/+15Norton is teh sux0r, Microsoft's is worse though.
- BZKyle, on 10/24/2007, -74/+26Were the other OSes Windows ME, Windows 98, Windows 3.1, and Windows 95?
  
  ;)
- FoolishMortal, on 10/24/2007, -67/+18They said widely used. Can anyone name another operating system widely use?
  For better or worse, Windows is in a class of its own, and is the only widely used operating system.
  The number of users of Apple, Sun, or Linux OS's doesn't even come close to the number of Windows users, so of course it is the the best secured operating system most widely used.
- tarynme, on 10/12/2007, -49/+9Makes me proud to be an Apple fangirl - we seem to have better reputations than the fanboys.
- Pile, on 10/12/2007, -32/+18I've been running FreeBSD since 1994.. Never had any compromises ever. Handled millions and millions of hits per day and some of the net's largest web sites. Google, Yahoo and others run on FreeBSD. It's no piddly operating system - it's solid and secure.
- hipnerd, on 10/24/2007, -55/+203Let's compare the numbers in a different way. How many of those vulnerabilities were "high priority" or "severe"?
  
  From the article:
  
  Windows
  "12 of which were ranked high priority or severe"
  
  Red Hat Linux
  "only two were considered high severity,"
  
  OS X
  "only one was high priority"
  
  So Windows had six times more severe vulnerabilities than Red Hat Linux and 12 times more than OS X. That's not exactly a ringing endorsement.
  
  Lies, damned lies and statistics.
- com2, on 10/12/2007, -24/+51BTW: Win 95 is a "very secure" OS. It is secure in the sense that NO ONE writes virus' for it anymore so it is every bit as secure as OSX. :)
- abhiroop, on 10/12/2007, -23/+46@hipnerd,
  
  although thats true it took apple a lot longer to fix the 1 vulnerability (on average) than it took microsoft...
- hipnerd, on 10/12/2007, -18/+30abhiroop: I don't dispute that.
  
  My point was fairly simple and not particularly controversial: You can take the same set of facts as given in the article and use them to prove the exact opposite "fact": that Windows is the _least_ secure operating system. I suspect this is true regardless just because it is the most popular OS, and thus is the largest target for crackers and viruses.
  
  I'm not really advocating one position or the other, but I would be interested in hearing why people disagree with me, rather than just anonymously digging me down, which was what was happening earlier.
- kidd3ckz, on 10/12/2007, -27/+1snarf. comments are gay.
- arbiterxero, on 10/12/2007, -20/+13What you have to realize is that reports like this, when you read the fine print, it doesn't become a 'vulnerability' until it is accepted as such by the vendor.
  
  They aren't 'vulnerabilities' when they're first found, it's when the vendor admits there's an issue and logs it.
  
  So microsoft game's the system by not admitting faults until they're close to having a patch.
  
  Sorry, don't buy it.
  
  PS: Microsoft likely told symantec that they'd better stop trashing them in the news, 'or else', but that's just a guess.
- taotehue, on 10/12/2007, -9/+24BSD is really the most secure of all systems, but all systems do have ways to being broken.
- RedLion, on 10/12/2007, -4/+10arbiterxero: what about Apple? http://slashdot.org/it/07/03/21/0040255.shtml
- arbiterxero, on 10/12/2007, -10/+14indeed, apple is no savior in this area.
- SVPirate, on 10/12/2007, -7/+14@ hipnerd
  
  Hear, frickin hear, finally a voice of reason speaks out!
- 2shae, on 10/12/2007, -7/+11Oh come on...you don't actually believe that Windows is safer than the others.
  And even if it was true, it's only because you'd have a $50 anti-virus installed + $30 anti-spyware and which you have to pay yearly to keep yourself protected against the roughly 240,000 "know" threats (not for the unknown).
  
  Why not look for something else?
- yournamehere, on 10/12/2007, -12/+5hipnerd,
  6x and it has almost 20x the installed user base plus hardware configurations in the tens of thousands to account for...
  
  yeah, to me that means it's doing better.
  
  it's a long fall off your high horse
- hipnerd, on 10/12/2007, -4/+10How does the size of the user base come into play when considering the number of security vulnerabilities? There really isn't a correlation between user base size and security, except that larger user bases allow viruses to spread more easily and are more attractive to crackers. But that wasn't what they were looking at here.
  
  Last time I checked, Linux supports nearly the same amount of hardware as Windows -- with the exception of a few peripherals. If supporting a ton of old legacy hardware is causing security problems in Windows, they should drop that support. All that said, I don't think this is a major issue, either.
  
  It's legacy _application_ support that has caused security problems for Windows, not legacy hardware support. Making sure that your Windows XP machine could still run Windows 2000, 98, 95, 3.1 and DOS applications added layers of complexity to the OS that made it much harder to manage security. Contrast that with Apple, which completely redesigned their OS multiple times without much in the way of backwards compatibility.
- Liquidmark, on 10/12/2007, -9/+22"*waits for the Linux and Apple fanboys heads to explode*"
  
  You'll be waiting a loooooooong time.
  
  Symantic makes money off of Windows. They want the MOST suckers/people possible using Windows. The make NO money on the other platforms.
  
  Tell you what, ANYONE who believes this crap, should just delete your Anti-virus,adware,malware,spyware, WHATEVER software and go at it bareback from now on. Windows is the MOST secure OS right? So what do you have to fear? WHY are you spending money on AV software?
  
  I'm waiting.
- sumskater41, on 10/12/2007, -4/+1this is probably true actually... so much stuff has been released to protect windows users from getting all the viruses out there... the only thing is that there aren't really any viruses out there for macs, so they don't focus on that.
- Gizza, on 10/12/2007, -3/+1I haven't had any anti-virus or anti-spyware installed for about 5 years and never had any problems. When I did install an anti-spyware app to do a scan (spybot) it found nothing more than tracking cookies. And if I have a virus that I cant even notice, well then that's better than an anti-virus app that I can notice slowing my computer down.
  
  Besides, if this wasn't true why would Symantic say this? Wouldn't it make more sense for them to say Vista is a load of garbage with 100s of already known vulnerabilities to get ppl to buy their products?
- Yoshi39, on 10/12/2007, -3/+3"although thats true it took apple a lot longer to fix the 1 vulnerability (on average) than it took microsoft..."
  Yes thats true but the article states that it took microsoft 21 days on avarage to release a patch that would mean that with 12 severe vulnerability you where vulnerable for 252 days last year, OsX had one severe which took 66 days to fix. That means that someone using windows you where vulnerable to attack 186 more days last year the someone using OsX...
- geekitechture, on 10/12/2007, -3/+6@2shae who wrote:
  
  "Oh come on...you don't actually believe that Windows is safer than the others.
  And even if it was true, it's only because you'd have a $50 anti-virus installed + $30 anti-spyware and which you have to pay yearly to keep yourself protected against the roughly 240,000 "know" threats (not for the unknown).
  
  Why not look for something else?"
  
  You're kidding, right? I ran XP Pro for a year and am running XP Home now. I have never paid a dime for anti-virus, anti-spyware, or any other protection for the OS. While you have a valid point that some sort of protection seems necessary, given XP's track record well into SP2, since the last patches to SP2 I have had nothing unhealthy on my computer in at least six months...no adware, no spyware, no viruses, no trojans, no rootkits, no hijacked home pages....NOTHING.
  
  This is what I use to protect my XP Home:
  
  SP2
  Free AVG Anti-Virus
  Free AVG Anti-Spyware
  Free Spybot
  Free AdAware
  Free Sygate Personal Firewall
  
  For free diagnostics I have free HookAnalyzer (exclusively for rootkit detection) free HijackThis! (it has many uses) and free CCleaner (excellent for cleaning and maintenance).
  
  Not to beat this to death, but all the above-mentioned programs are FREE, they are GREAT, and my XP Home is FINE. Without me spending a dime on it.
  
  Why don't you go stuff a sock in it?
- Phate8263, on 10/12/2007, -1/+2Running edgy eft, never had a virus, below is my list of additional software installed to protect me:
  
  ...
frankbough, on 10/12/2007, -92/+12...and Symantec are really very well known as being Microsoft fanboi's........
- estvir, on 10/12/2007, -13/+41I hope, for your sake, that you're being sarcastic.
- taotehue, on 10/12/2007, -16/+7Semantics's revenue comes from patching Microsoft products. There is a clear issue here, even if Semantic's had minced words with Microsoft on Vista, its still in their best interest to have Microsoft sell even more products that will be shipped with Norton pre-installed.
- MackDiesel2010, on 10/12/2007, -11/+5factual informatiowned
- nofxjunkee, on 10/12/2007, -4/+3Symantec bashes MS security in order to sell it's AV software and other crap. We all know this.
  
  And now Vista is coming out, supposedly more secure than XP. Suddenly MS has AV as well. So Symantec bashing Vista is pretty understandable for a few reasons. They want people to doubt it so they can continue to sell their apps, and it's possible they want people to stick with XP for a while so they can continue to profit off of it as well.
  
  Symantec may appear to not like MS, but MS is Symantec's bread & butter no matter how you look at it. Read the headlines that Mythos posted again and think about the motives Symantec has for each one. All I see in those headlines are $$$ in the Symantec CEO's eyes.
- metalhead3767, on 10/12/2007, -3/+1I think its odd for semantic to be releasing information like this to the public. I would of expected them to keep this information internal to the company. When they make most of there revenue selling programs to fix viruses and malware I would of thought the last thing they would be telling their customers is that there is nothing to worry about.
JakeBo, on 10/12/2007, -76/+94The biggest thing I see here is that Microsoft is quick to admit a problem and make a fix. Linux and Apple seem to just say we have no problems. If you don't admit a problem it is kind of hard to fix the problem. Keep up the good work Microsoft.
- acorn22, on 10/12/2007, -61/+30Are... you serious?
- drlha, on 10/12/2007, -19/+58Right, because Linux distros and Apple never release security patches do they?
- Darcy, on 10/12/2007, -6/+44I don't think that's fair, from what I've seen most Linux distros are actually pretty good at dealing with vulnerabilities and have no real problems acknowledging security issues. Though I do think apple need to change their attitude before they get burnt.
- cheeseron, on 10/12/2007, -3/+28I don't know what you're talking about, as most major linux distros release security patches pretty quickly.
- chrono13, on 10/12/2007, -17/+12Linux seems to do the opposite: http://bugme.osdl.org/
  
  Windows flaws listed where? Annoyances.org? Google Search "Windows"?
  
  Counting just the ones I see regularly, there are dozens of reproducible Windows bugs that are ***** all annoying and quite a few that can actually cause problems.
  
  I'm sure there are hundreds, maybe thousands that Microsoft has. They sit on them, and work on security instead, because they are attempting to undo decades of wrong decisions (full privilege instead of least, dozens of open ports by default, no passwords by default, hidden admin accounts with blank passwords by default, etc).
  
  When can we expect these bugs fixed? Oh... that's right, Vista. They have a vested interest, a financial interest in NOT fixing bugs.
  
  Windows XP Home, 30 open advisories, some "Highly Critical": http://secunia.com/product/16/
  These aren't new bugs. These have been around a while, and are being exploited.
  
  All five Ubuntu releases (some no longer supported) combined: 0 open advisories http://secunia.com/search/?search=Ubuntu
  All six Fedora releases combined: 9 open advisories, highest rated "Not Critical" (lowest): http://secunia.com/search/?search=Fedora
  
  But it is more than that. It is about the design and defaults as well. Gaining user privilege in Windows means owning the entire system, while the same in Linux, while still very serious, means much less. And defaults? How many open ports does Ubuntu ship with open? Zero, because despite what Microsoft would have you believe, security is not an elusive and difficult beast. It starts with secure design, continues with sensible and secure defaults, and the 'never ending' part is patching code and making minor, rare, adjustments to the design and defaults to keep them secure.
  
  There was never any excuse for their apathy toward security, no excuse for them leaving "Highly Critical" holes open for months on end. And there is especially no excuse for those who settle for, and think this level of insecurity, of poor design and poor defaults is "the best".
- YourDoom123, on 10/12/2007, -4/+9ever heard of a bug report? linux cannot function without an open bug reporting mechanism...it's as important as the code itself. Its too bad one of the debian systems weren't compared, i would have liked to see how they placed. this report only seems to compare company driven os's, no community driven ones. I would really have liked to see how some of them fared.
- heffae, on 10/12/2007, -5/+11Actualy Linux (and by Linux I mean the vast majority of common Linux based apps) are very good at admitting bugs and vulnerabilities most major OSS projects have a public bug tracker and forums to comment on them so Linux clearly isn't trying to hide anything under the rug. But as some else pointed out their are three types of falsehoods, Lies, Damn Lies, and Statistics. All they did was count patches and while they mentioned it it doesn't look like they took the severity or how easy it was to exploit into account.
  
  They were comparing, Solaris, Red Hat Enterprise, Mac OSX and Windows XP. Two are servers and Two are desktop OS's. How many more updates or patches would we see of XP was intended to sit on the internet severing webpages or routing mail. Solaris and Red Hat being primarily servers have far more services setup out of the box and their for a lot more things that may need patches If you want to compare Solaris, RHEL, and Server 2003 that's fair.
  
  All in all this is either a bad study or they left a lot of information out.
- alx242, on 10/12/2007, -9/+5@jakebo: That is where you are plain wrong. MS have always maintained a state of "we have no problem" henche why they had so many problems. I can't speak for Mac but living in the Linux world there has always been an open statement if a security hole existed. That is the way things gets fixed so quickly in the OSS world, by being open about it. MS has lately been forced into learning that this kind of behavior actually increases security rather then using security by obscurity.
  
  Be happy about MS finally starting to understand what measures needs to be taken to secure their OS but in no way believe they invented this behavior!
- TheShad0w, on 10/12/2007, -6/+9There is a major difference, the *nix community doesn't see the need to make headline news with its vulnerabilities. You want to know why? Because by the time it is widely known 9/10 times its already patched and released.
- sv650touring, on 10/12/2007, -5/+6jakebo's complete ***** statement with +27 diggs pretty much proves that the vast Macwing conspiracy on digg is imaginary. In fact I think the Mac fanbois have shot themselves in the foot and made enemies of too many diggers with their own *****.
  
  PS, I'm typing this from a fully patched and up to date (and fully *****) XP machine
  
  God, I just love it when the fanboys and the bashers get together...
- benitojuarez, on 10/12/2007, -3/+5problem exists between keyboard and chair for those who have a fully patched yet "fully ***** up" copy of xp installed.
- grumpyrain, on 10/12/2007, -1/+5>There is a major difference, the *nix community doesn't see the need to make headline news with its vulnerabilities. You want to know why? Because by the time it is widely known 9/10 times its already patched and released.
  
  I would agree, but would add that the headline news about vulnerabilities isn't exactly on Microsoft's wish list. It tends to be the security vendors that put out the press releases. Don't take my work for it, find me the 10 most popular viruses and worms in the past 3 years, and count how many of them were released 'after' Microsoft had patched them. Answer: Nearly all of them. Microsoft release a patch, script kiddies then start poking around the old versions of the files with the knowledge that they probably have a week or two before most people patched. You will also note that since XP SP2, these attacks are significantly rarer. SP2 switched on the firewall and turned on Automatic Updates. These two facts are not a coincidience.
- sv650touring, on 10/12/2007, -0/+2PEBKAC? Sorry homes. It's a snappy comeback, but not the truth. WinRot is real. If you can tell me what I've done wrong, feel free.
  
  Opera & Firefox only - no IE use
  Symantec corporate security ***** software (probably causing half my problems) & CounterSpy
  behind a hardware firewall
  classic view with no visual effects
  
  Actually I can tell you exactly what I did wrong: I allowed time to pass without a reinstall. With XP, reinstallation is considered standard maintenance.
- j_bellone, on 10/12/2007, -1/+1Schedule Defrag. Uninstall those applications that you don't use (we all have them.) Get rid of the junk in the task bar and start using antivirus software that has a lower footprint (e.g. AVG.) My system runs fine, has run fine for over a year and only time it has problems is when I start installing ***** I don't need.
Waiting2awake, on 10/12/2007, -46/+75"12 of which were ranked high priority or severe," - For MS.
" two were considered high severity," - Red Hat
" only one was high priority." - Apple

Tell me again how this means MS won? Also, not sure how Apple is set up, but here it makes no mention of where the flaws were. With MS, it is just the OS, whereas with Redhat it can be the OS itself, Open Office, or VIM, or K3B, or any of the other programs that it comes with. I certainly hope they weren't considering them as well - but I think they were...
- mirunit, on 10/12/2007, -25/+33Microsoft won because they had less overall, and were proactive in pushing out patches.
  
  "With MS, it is just the OS, whereas with Redhat it can be the OS itself, Open Office, or VIM, or K3B, or any of the other programs that it comes with."
  
  Wrong, Redhat does not manage OOo or 3rd party patching. That is the job of the respective dev teams.
- l0gden, on 10/12/2007, -12/+25I don't understand why your being dugg down. You are absolutely right. What matters here is not the raw numbers of vulnerabilities but the severity of the vulnerability. While it is good to see fewer vulnerabilities overall in the worlds leading OS until the high priority ones are less than the other two I don't think that the statement "most secure OS" is a fair characterization.
- albi123, on 10/12/2007, -17/+7They also consider the fact that Windows has 90 something percent of the market share, thats why MS won.
- Pile, on 10/12/2007, -14/+10There is some serious statistical manipulation if they're claiming there's less patches for Microsoft than non-Windows-based OSes. That's totally BS.
  
  Every single month there are several major security patches for various versions of Windows; some times these are in the dozens. Under the Unix variants, there may be several major patches a year, if any. This story is total windows propaganda. And coming from Symantec it makes perfect sense - Symantec is depending upon MS to not encroach any more into their fleeting market share so they're doing some serious butt-kissing here.
- Buttercup, on 10/12/2007, -15/+5way to go microsoft fanboys, digg down someone who makes a logical argument.
  
  i agree, its not the quantity of bugs, its the quality. if you have 12 bugs that cripple your system vs only 2 or even only 1, i would say that you lose. and as for their mesuring of linux, redhat represents only a small part of the linux community. you can't accurately measure "bugs in linux" based on only one distribution.
- Extracheese, on 10/12/2007, -7/+10Im pretty sure they took into account the severity of the vulnerabilities, after all, they do mention them in the first place. We don't we don't really know how "Severe" is Severe. And if you're going to be so nitpicky, you would figure that severe problems would be patched much faster than trivial vulnerabilities. The terms themselves could be no more indicative than our "Terrorist threat levels."
- drlha, on 10/12/2007, -13/+3"I don't understand why your being dugg down."
  
  Because of the fanboys.
- hipnerd, on 10/12/2007, -7/+2@waiting2awake : I duplicated your point and posted it earlier in the thread although later in time. I did not see your original post, because it was Dugg down at the time. Sorry about that.
- geekee, on 10/12/2007, -6/+10FTA
  "During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.
  
  Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days.
  
  The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.
  
  Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple (Quote) has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority."
- saska, on 10/12/2007, -1/+3I think alibi^ is on the right track. If you accept the assertion that the majority of malware, viruses, and exploits are written for an operating system with the greatest market share, you will expect that there will be a greater number of vulnerabilities in the OS with the largest market share and you adjust your findings based on that likelihood. Especially when you consider that one of the factors in their judgment is responsiveness to the exploit, that responsiveness increases in importance the more users the OS has. Of course, we can't really know because that part of their logic isn't shared.
  
  I think the other thing not taken into consideration here is the fact that exploits with critical business impact are most often a function of applications and not the OS. You don't necessarily get your grubby mitts on a database of credit cards through the OS, you do it through the application that has access to the database itself. In this way, the report is skewed in favor of Symantec itself and its assertion that you need antivirus software for your operating system.
- Hellmark, on 10/12/2007, -5/+2Mirunit, no the other programs are not managed by redhat, but really, very little is. Redhat's job is to bundle software together, make sure it plays happy together, and offer support to people who need it. Only thing I can think of off the top of my head that Redhat makes themselves is RPM. Everything else pretty much, from the kernel on up, is managed by their own, non redhat related teams. It is a valid question though, of what are the vulnerabilities related to? Is it for everything that Redhat distributes (which would include things like OO.o, Firefox, etc), things they actively code on, or the kernel itself? That article doesn't seem to answer that.
  
  So, lets look at the Symantec Threat Report directly (available at http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport ). In the key findings portion of the over view, Linux is only mentioned once, with the NVidia binary drivers having a buffer overflow vulnerability (page 21). In the main report itself, the Vulnerability trends portion, page 41, suggests that third party components distributed along with the OS (in the case of Red Hat, is literally thousands of programs), when it is mentioned that "with the exception of Microsoft, all vendors were affected by longer turn around times for patches for third-party components that are distributed with each operating system."
  
  That tid bit of information makes it kind of unnerving, as it is essentially comparing apples to oranges, since Windows has decidedly few third party components with it, as compared to the average Linux distribution (Redhat included, since they were the one mentioned in the report) which has thousands of third party modules, components, and applications, but with the vast majority not being installed by default, or even being used on most machines.
- Hellmark, on 10/12/2007, -5/+2To those digging me down, at least post a counter point.
thestorm, on 10/12/2007, -35/+23ok, hold on. I have to stop crying from laughing so hard. Ok, first - i'm a network admin in a Windows environment.
I also use osX and ubuntu a lot. There is no way on this earth this can be true. If someone is being sarcastic,
it is pretty funny. To Microsofts credit they work hard at fixing problems that come up, but so do apple and those
who work on linux distros. The spyware and virus situation alone is really bad in an MS environment, add all those
updates on top of that, you can spend so much time on vulnerabilities it's unbelievable
In all honesty, ms products take a while to mature. I just don't like to take part in Bill Gates and company
never ending beta test.
I would like to see the names of those who did the study, and show the facts they came up with to support it.
- i64X, on 10/12/2007, -7/+15If you're the systems admin for your environment and you have big problems with spyware and viruses then you're doing something wrong. I've been the admin at my place of employment for two years and have yet to have one virus infection or case of spyware or malware on my network. If there's an avenue for those things to get in to your network, that's where you're supposed to be the one to enumerate those risks and implement procedures to mitigate them.
- CrazyZ, on 10/12/2007, -3/+8If you have that many problems, sorry, but you are not a very good admin. I've been a unix, linux, netware, and windows sysadmin for over 15 years now and have never had any major issues in the security realm. My biggest problems with all platforms has consistently been hardware and ***** software related.
JamesWilson, on 10/12/2007, -23/+15LMAO!
- chicken101, on 10/12/2007, -18/+13There's a difference between having vulnerabilities and having exploited vulnerabilities. When is the last time someone got a virus on linux? I'm sure it happens, but it is rare.
- Mattie, on 10/12/2007, -8/+13@chicken101
  "There's a difference between having vulnerabilities and having exploited vulnerabilities. When is the last time someone got a virus on linux? I'm sure it happens, but it is rare."
  
  Nice job speculating, but I'll tell you right now you're misjudging. I run a number of live Linux servers on the net. The volume of server attack attempts is incredible. My only servers I currently feel comfortable with are the SUSE boxes I have running AppArmor. Seeing some of the things it has caught, you can tell it really is open season on Linux/*nix servers out there, just as it is for Windows. It's so very easy to neglect a patch here or there, and the auto-patching capabilities of a lot of Linux software isn't really there (nor do some people want vendors to change this).
  
  Clearly things are a bit different behind a firewall, but saying that viruses don't hit Linux is indicative that you aren't really aware of the high-volume of server rootkitting going on out there. It's not like most worms are deleting files, defacing things, or clogging networks-- the rooting going on these days seems to be more focused on finding a quiet botnet to do DDoS+spam+webspam+fileserving.
  
  With such a heavy emphasis on keeping automated intrusion quiet by attackers, you really have to keep an attentive eye. Don't imagine that it's safe out there for any OS variant.
- alx242, on 10/12/2007, -7/+5@Mattie:
  
  You call an intrusion of a system and exploit of that system a virus? That is wrong! Do not confuse DDOS:ing and an insecure system being exploited by any script language a virus. That is either a hacked system or malicious machine screwing things up. It's not a free roaming virus! The amount of viruses on Linux still remains bleak in comparison on any level!
Langeh, on 10/12/2007, -22/+13Well, Symantec isn't exactly my favorite source for my security related needs...
- myfanwy, on 10/12/2007, -6/+16maybe, but use a reputable source like secunia.com and you'll get similar results
- zybch, on 10/12/2007, -5/+12But symantec has ALWAYS been anti-MS. Thats makes this study thing so interesting.
- swindmill, on 10/12/2007, -11/+11anti-windows or not. Symantec relies on MS for revenue
Dayz, on 10/12/2007, -26/+9The reason they said that is because Windows users are the only ones who use Symantec Products
- Shizlanski, on 10/12/2007, -11/+12Um so wouldnt they want people to think windows is insecure so they all rush to buy their products?
deadlikeoscar, on 10/12/2007, -23/+11April Fool's has indeed come early this year!
BrainInAJar, on 10/12/2007, -10/+29Symantec faces an interesting problem.

On the one hand, if people switch to other, more secure OS'es, they've just shot themselves in the foot by eliminating their market.

On the other hand, if people are too well convinced of windows' security, they've also got no market, because "windows is totally secure, why bother buying security products"
- geekee, on 10/12/2007, -9/+4"
  On the one hand, if people switch to other, more secure OS'es, they've just shot themselves in the foot by eliminating their market."
  
  There are no OS's that are provably more secure.
- BrainInAJar, on 10/12/2007, -7/+2"There are no OS's that are provably more secure."
  
  and there is no way to prove that there aren't celestial teapots orbiting the sun either, what's your point?
- tb0n3r, on 10/12/2007, -1/+2Symantec doesn't only develop security software for Windows. It's a large part of their market, yes, but they have offerings for a lot of other operating systems.
OfF3nSiV3, on 10/12/2007, -14/+14Linux can be just a crappy as Windows
i've had Windows XP for years without firewall or antivirus and never got a virus or spyware
it's just a matter of configuration and know how to use
- myfanwy, on 10/12/2007, -11/+11how do you know? most viruses nowadays aren't noticeable (i.e. don't overload the cpu/internet connection), purely so people don't get suspicious and install AV, etc.
- Fhionnlaoch, on 10/12/2007, -4/+10I only use the automatic Windows Firewall, along with my router's firewall, and VPN if I'm off my network. I haven't used an anti-virus in years in Windows. I maintain one (Sophos) for my parent's computer, however, and they never get any viruses either. Or spyware.
  
  I'm willing to take the chance of getting a virus, rather than waste resources on an AV.
bradspry, on 10/12/2007, -23/+11Symantec is full of *****.
totorototoro, on 10/12/2007, -11/+3all the more reason to stick with XP instead of switching to Vista, seems like.
enivid, on 10/12/2007, -38/+11I heard Vista is 100% secure with the following hw configuration:
- no wifi
- no RJ45
- no modem
- no keyboard
- no usb ports
- no mouse
- no firewire
- no irda
- no bluetooth
- no RS-232
- no // port
- ezikiel2517, on 10/12/2007, -19/+10Don't forget the power cord ;)
- Asianwaste, on 10/12/2007, -3/+13It'd be 100% secure if you kept everything on that list and took retards like you away from any electrical appliance and sharp things.
DigitalJester, on 10/12/2007, -13/+4Leading 'Commercial' competitors.

So, not many server OS's then? *cough* Linux, *bsd *cough*
nevaseez, on 10/12/2007, -17/+131 word, OpenBSD
buts its so secure it should be called ClosedBSD
- Pile, on 10/12/2007, -15/+7There must be a bunch of Symantec/Microsoft employees modding any non-obsequious comment towards them down. Good job kiddies.
Ogedei, on 10/12/2007, -18/+4digged cause the title made me laugh!
- enivid, on 10/12/2007, -9/+3shouldn't you say "dugg cause the..."
- Ogedei, on 10/12/2007, -8/+1I coulda...
  
  I chose digged instead. :)
Appleologist, on 10/12/2007, -14/+7I think what Symantec should emphasize is the number of critical vulnerabilities...12:1 puts it into a better perspective.
PittPanthersFan, on 10/12/2007, -26/+2Since when is Microsoft an OS?
- staticten, on 10/12/2007, -5/+18you tryin' to be funny there PitterPan?
Kickboy, on 10/12/2007, -19/+16Symantec no friend of Microsoft? Without Microsoft's inscure OS, Symantec wouldn't have nearly as much money as they do.
- WileEPeyote, on 10/12/2007, -2/+4Well then the smart thing to do would be to say it is not secure...
Zanneth, on 10/12/2007, -25/+15Sorry, but how does "fewest number of patches and the shortest average patch development time of the five operating systems" qualify as the most secure OS? As far as I can tell, this just says that MS doesn't have the time to spend on fixing the security holes which is why they don't release that many patches.

I've always heard that Mac OS X has a lot of vulnerabilities, but I still have yet to see a Mac OS X system get infected with malware. In my opinion, this article takes into respect the completely wrong aspects to look at when deciding what is the most secure OS. Buried as inaccurate.

And I'm NOT AN APPLE FANBOY. I use my PC with a triple boot of Windows Vista, XP Pro and Ubuntu just as much as my Mac.
- zybch, on 10/12/2007, -14/+13"And I'm NOT AN APPLE FANBOY"
  
  Um, yeah, you are!
offthewagon, on 10/12/2007, -16/+25Dugg for the sheer anger and rampant denials it will elicit.
gquaglia, on 10/12/2007, -22/+9I wonder how much money changed hands to make that claim possible.
- Darcy, on 10/12/2007, -6/+14Give it up.
Sanchez, on 10/12/2007, -16/+24How predictable, since no one can find a hole in this pro microsoft story, they start twisting words and throwing petty insults at Symantec and Microsoft.
- Pile, on 10/12/2007, -15/+10There's no need to find a whole. There is no substance to this story, from which a hole could be cut out.
  
  First off, Symantec is not an objective party to the Windows-vs-other OS field. You cannot trust Symantec to be an unbiased source.
  
  Second, anyone who knows anything about PC security knows that Symantec products are some of the worst in the industry. Even the guys at Best Buy/Geek Squad know you have to be a fool to put Symantec on your machine. In fact, There have been a number of critical security vulnerabilities INTRODUCED by Symantec software under Windows!
  
  Third, they left out a bunch of important, popular OSes from the study.
  
  Fourth, the way they qualified and quantified patches was inequal across OSes. They counted main operating system patches under Windows, but counted patches for all kinds of peripheral systems under the other OSes. If you counted the "critical" vulnerabilities in common Windows applications, Microsoft would come out at the bottom of the list.
  
  Since I've made a post that makes complete sense, it'll probably end up -38
- i64X, on 10/12/2007, -5/+13>> Second, anyone who knows anything about PC security knows that Symantec products are some of the worst in the industry.
  
  [Raises hand] I know quite a bit about system and network security (7 years experience, MCSE+Security) and if you indeed do ask someone who knows something about security they'll tell you that users are the greatest danger to a system or network, not viruses or spyware. It's an administrator's job to make sure that the network stays as impervious as possible to stuff like that - and if they do a bad job, no matter what the OS, then it's their fault, not the OS' fault.
  
  I'd say 95% of the time when an incident happens on a system or network it's the fault of an uneducated user messing something up either intentionally or unintentionally... not a virus or "hacker."
  
  I think you're arguing Symantec being an unbiased source in the wrong direction. If they wanted to drum up business for themselves, why would they call Windows the most secure OS when that's the OS for which they sell security products? Wouldn't it make more sense to call Windows the LEAST secure so they could try and sell some more virus/spyware/etc. scanners?
- j_bellone, on 10/12/2007, -4/+9Right and you don't consider the vast differences in market share a factor as well, either, right? You just so happened to omit that part. Please. Why would they go around saying that the Operating System is secure when they want to sell the software?
- barius, on 10/12/2007, -6/+4@sanchez
  
  Several people have already pointed out flaws in the logic of the article. The article has a good point, but it is not unassailable proof of MS superiority, so get off your MS fanboi soapbox.
  
  @pile
  
  I dugg you.
  
  @i64x
  
  The article isn't disputing the stupidity of users, it was about software vulnerabilities. I am also an experienced network admin, but unlike you I will refrain from bitching about my idiot users in a topic where it has no meaning.
  
  @j_bellone
  
  What the heck does market share have to do with the number of vulnerabilities reported or the speed at which they were patched?? Answer: NOTHING. An OS could have 0 market share and have many or few reported vulnerabilities. If anything, Microsofts' proprietary nature should favour it in this report because the black-hats will not have reported any vulnerabilities they found.
jpt62089, on 10/12/2007, -14/+2Thing you need to pay attention to is (according to the article) Windows had 12 "High priority or Severe" vulnerabilities. Red Hat has 2 high priority vulnerabilities. Mac OS X has 1. I would say more severe/high priority vulnerabilities is worse overall.

I am glad to see that Windows is more secure than people say/think it is though.
- jpt62089, on 10/12/2007, -11/+3What? You would rather have more severe vulnerabilities and have less total than less vulnerabilities and more low priority vulnerabilities?
- Darcy, on 10/12/2007, -5/+8Nobodies saying Windows doesn't still have problems (so don't panic), it's just that those problems are not has bad as the Apple & Linux worshipers would like everyone to think. And in comparison to other OS's, Windows doesn't fair to badly at all.
  I think it's the change in attitude towards security where Microsoft deserves most credit.
fangcho, on 10/12/2007, -15/+18I think many of you are missing the point here. It's not how secure you are, it's how many enemies you have..

Microsoft = most hated
OS X/Linux = no one bothers..
- barius, on 10/12/2007, -3/+2Enemies maybe, as long as you're not implying market share since that myth has been blown out of the water by several real-world examples such as Apache vs. IIS.
- Darcy, on 10/12/2007, -1/+2@ barius, The only myth here is your Apache v IIS nonsense. For a start Apache has had more vulnerabilities than IIS over the last few years, and secondly the difference in market-share is a lot smaller (IIS=35% - apache = 59%). Market-share is by far the biggest factor here, with over 95% of the DT OS market, Windows is pretty much the only OS that security researchers and attackers are interested in. Firefox is a great example of popularity leading to the discovery of more vulnerabilities, it used to be known as the safest browser on earth, but I don't think anyone other than the biggest FF fanboys would still believe this is to be true.
jtherrien, on 10/12/2007, -5/+15Zdnet has a report card on Vista's security: http://blogs.zdnet.com/security/?p=135

Check it out. Shocked?
- Pile, on 10/12/2007, -9/+4More bogus data.
  
  You will note when they make reference to vulnerabilties for Unix OSes they include peripheral processes. When they make the same comparison with Windows, they leave out the patches for these same types of applications under Windows. I'm sure if there was an OpenOffice patch, it would be listed, but they wouldn't count a patch to MS Office. Since Microsoft separates the windows update from the OS and application sections, they can confuse people as to how many actual security patches and vulnerabilities there are. In the Unix world, they don't separate the patches into different groups to give users a false sense of security.
- i64X, on 10/12/2007, -8/+7Well if I install Ubuntu and it installs a ton of ***** that I don't want it to (or even know is there) and those applications have holes that allow an attacker to do something to my system by default install, then yeah - I hope they would count those.
  
  Last time I checked Office doesn't install with Windows, so I can see why they'd count that separately.
- generalloy, on 10/12/2007, -2/+8"Well if I install Ubuntu and it installs a ton of ***** that I don't want it to (or even know is there) and those applications have holes that allow an attacker to do something to my system by default install, then yeah - I hope they would count those.
  
  Last time I checked Office doesn't install with Windows, so I can see why they'd count that separately."
  
  Ubuntu/Debian has a repository of 18 000 packages. Are you telling me that 18 000 packages are installed by default? Of course not; but then this test is extremely flawed anyways--eg., you don't count on vulns fixed, but severity and time to own a machine in the wild.
  
  So yes, if you want an equivalent in the "real world", you would count Office vulns or you would isolate the packages you want to test. Unless people just communicate with WordPad these days...
- Hellmark, on 10/12/2007, -3/+6@i64X - you've obviously never installed a Linux distro have you? When installing, you have a choice over every single package installed. There is nothing "installed that you don't know about".
- Sneakernets, on 10/12/2007, -5/+3jtherrien, wow.
  
  hey here's a job for you. you see that orange bar? it means FIXED. the blue bars on that graph are the UNFIXED.
  
  now look at vista's. you see any orange? All I see is blue. so if I scaled these proportionally, who would win in the "fixed" category? Novell.
  vista hasn't been out long enough to be thoroughly owned yet. It's got good grades now, but the others have been in school longer.
  
  on a funny note, it could also mean how many people even bought windows vista...
- Illidan, on 10/12/2007, -3/+7"Provided by Microsoft's Trustworthy Computing"
  
  Not to rain on your parade or throw doubt upon the accuracy of the data, but shut the hell up about ZDnet claiming it o.o
- jtherrien, on 10/12/2007, -2/+4So many of you fail at reading. I never made any positive or negative comment about Vista or claimed the study was from Zdnet. All I did was link to an article on Zdnet. Make your own opinion.
idesign, on 10/12/2007, -16/+8Buried as inaccurate.
- i64X, on 10/12/2007, -6/+8Do you have some research to show us?
hiandbaii, on 10/12/2007, -8/+10Hehe, the Great Wall of china only scared away people. It didn't do anything when the Mongols came. Thats the problem with windows. Its not that it stinks, its that more people "attack" it because more people use it. The operating system is not terrible. In addition, Microsoft has an image problem more than a technical problem. We think Windows XP is terrible on security because every says so. However, the truth is that Windows XP is as protected as the Mac OS. Its just that the threats to Windows is more severe so in comparasion, XP looks like a piece of garbage.
- Pile, on 10/12/2007, -15/+9Nice idea, but not true. The FreeBSD kernel in OSX is a lot more secure than any version of Windows, even Vista. This is a fact. Don't talk about things you don't know about.
- Darcy, on 10/12/2007, -8/+8Well Pile, if you say it's a fact then it must be a fact. Well done for pointing out that fact.
  
  (Don't worry about providing any proof, it's not needed)
- dscx, on 10/12/2007, -5/+8Before you get all smart and sarcastic, the 'proof' is right there in the article itself; Windows has more high priority/severe vulnerabilities. I have to say I'm really shocked by the comments for this article, I know digg users generally go with the flow but there's been no real mention of how inaccurate the title is.
  
  Talk all you want about how Microsoft patches quicker (I would expect them too, their vulnerabilities are a lot more numerous, prominent and dangerous) or how people write malware for windows because it has a large user base, but nobody can claim to know the incentives of *all* exploiters - I'm sure many would see OS X/Linux as a challenge. System security is very hard to quantify so don't be so ***** naive as to say that Windows is outright more secure than other O/S's.
diggnationdevon, on 10/12/2007, -10/+8I agree with this
- YourFuzzyGod, on 10/12/2007, -6/+0Good for you.
SuperSneaks, on 10/12/2007, -6/+0Dugg b/c now I am going to freeze in Hell.
slippeh, on 10/12/2007, -16/+13rofl @ all the people trying to rationalize by saying "omg 6x more severe vulnerabilities!! evil Microsoft Windows is not the most secure OS!!!!"

Shut the ***** up, the lot of ya.
- Sneakernets, on 10/12/2007, -7/+4Yeah, like, rationalization and accuracy is soooo lame, like, totally.
- slippeh, on 10/12/2007, -1/+1Apparently you don't know what I meant by trying to rationalize. Hint: I didn't mean "to treat or explain in a rational or rationalistic manner."
YourFuzzyGod, on 10/12/2007, -10/+2It seems like if you have 90% of the market share, that you should have enough money and people to come out with patches faster than the competition. That just makes since. No digg for you!
zangief, on 10/12/2007, -6/+10Who even gets viruses these days? Come one, you have to be dumb to open email attachments from people you don't know or look at bad website with out an anti virus program.
kierskoe, on 10/12/2007, -8/+3@mythos.... yeah symantec are not going to criticise microsoft OS's, i mean its not like they want people to believe that the OS they are using isnt secure unless they buy their product..... why that would only make good business sense.

@fangcho ... set up a mail server, *nix, windows or Novell..... now see how many people are "attacking" you.

This article is by far the biggest joke ive read today, maybe even in the whole week.

Digg me down, i dont care.... your only making digg look like its full of idiots.
brickbat, on 10/12/2007, -9/+19Zenneth is right even though he was dugg down.

The most important points of the whole article seem to have been missed by most comments here;

"12 of which were ranked high priority or severe, were found in Microsoft Windows"

"...of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity"

OSX: "Fortunately, only one was high priority."

They are basing their security ranking on the turnaround time and total patches- not on the number of severe or high priority vulnerabilities. If you are asking me which is more secure, then based on their data, I would say its OSX. If you are asking who fixes vulnerabilities faster, then its Microsoft. And its a cheap shot the way they say fortunately like its luck or something
- hipnerd, on 10/12/2007, -6/+11Actually, Red Hat's turnaround time was only 13 days compared to Microsoft's 21 days.
  
  So Red Hat actually patches vulnerabilities much faster than Microsoft. They were marked down because of the number of vulnerabilities detected. But that could be deceiving. If MS fixes 20 problems in a single patch, does it count as one vulnerability or twenty? Linux's model for patching problems encourages many frequent "micro-patches" rather than a few large mega-patches.
- Sneakernets, on 10/12/2007, -5/+4COULD be deceiving?
  
  it IS deceiving! I had to read this article twice and I've yet to understand their logic.
- WileEPeyote, on 10/12/2007, -5/+3Just to straighten out the issue...
  
  Unpatched Vulnerability = Unsecure OS. The longer the time between discovery and patching the greater the possibility that you will get burned. It doesn't matter if it's 12 or 1...
- Sneakernets, on 10/12/2007, -4/+4wileepeyote, you're absolutely correct. however, looking at the comments, we're the minority here on digg.
  
  Slashdot covered this story today also, and they had a riot over it. Funniness aside, this is severely flawed logic and symantec should be ashamed of themselves.
- hipnerd, on 10/12/2007, -2/+1I would be actually interested to see what the turnaround time was to patch only the severe issues. If Apple fixed the major issues quickly but had their average dragged down because they didn't patch a minor bug for a few months, I don't think I would be very bothered by this -- but we have no way of telling.
  
  This report is sloppy at best, intentionally misleading at worst.
Sneakernets, on 10/12/2007, -17/+29FUD. Buried as inaccurate.

Saying windows is secure because of less patches released is like saying Ethiopians are healthier because they see less doctors.
- YourFuzzyGod, on 10/12/2007, -9/+5You'll get dug down, but that was fuggin' funny.
- Sneakernets, on 10/12/2007, -4/+14I know, but.. Those statistics...
  
  Just Look at them.
  
  If you DO read the article for the counts:
  Windows - 39, 12 severe, average 21 day fix,
  Mac - 49, 1 severe, average 66 day fix,
  Red Hat - 208, 2 severe, average 13 day fix.
thecheatah, on 10/12/2007, -11/+6This is just amazing. Microsoft has brainwashed people into thinking that they are the best!

Someone needs to study this phenomenon.

From my personal experience of fixing everyones computer, I have format theirs almost once a year.

I myself used windows xp a while ago and managed to get by without getting a virus for a year then I started to notice weird things running on my computer and had to format it.

The LAST thing I worry about with my Linux setup is security.

I am just amazed at how people think.
InklingBooks, on 10/12/2007, -6/+7The report makes about as much sense as one that examines how well protected a community is against crime. It goes to Manhattan in NYC and discovers that everyone triple locks their doors and never goes out after dark except in well-lighted areas. Then it goes to Manhattan, Kansas and finds people regularly leave their doors unlocked and are casual about going out after dark.

Finally, it concludes that it's safer living in NYC than in Kansas because the people in NYC spend all their time fretting about and fighting crime.
- Phyltre, on 10/12/2007, -3/+2Except you're disproving your own point without realizing it. Think: who is triple-locking the doors? The user or the people who made the doors?
  
  To properly extend the metaphor: The triple-locked doors are safer, because they can be triple locked. They were designed that way at the factory. The factory is responsible for making safe doors, no matter what the end-user decides to do with them. Thus Microsoft wins because they ARE bustling about concerning safety. That's what the maker should be doing, so the end-user doesn't have to. Who cares WHY they're so safety minded--it's enough that they ARE, because that determines whether you get an infection or not.
diggsIt, on 10/12/2007, -8/+2Your copy of Windows is secure from Microsoft's point of view. You pay for it and they still own it - along with your computer.
VeganG, on 10/12/2007, -8/+3Symantec sells software made for Windows.

Nuff said.
AM088, on 10/12/2007, -4/+1Symantec might be no friend of Microsoft, but they get most money for fixing Microsoft's insecurities, don't they?
Tweakedenigma, on 10/12/2007, -5/+3I for one will say that its good to see MS getting its act together on this front. Although many here are correct in saying the MS had many more high priority vulnerabilities. Also this was for a 6 month period and it is also worth noting that MS has lost many times before. This study also didn't take into account not only number of Mal ware that can hit a system but how much damage could be done by it as well.

Now just as a side note to the MS, OSX, Linux, BSD fanboy's & Girls more OS options are good for all of us and really if we stopped with the smug superiority complex we have all developed we might not argue as much. Really does anyone really care that I use Linux insted of of MS, OSX or BSD?
tirofiban, on 10/12/2007, -10/+40It's true, Windows is the most secure. I mean, I never get spyware or viruses on my Windows computer.

But, like every other day I'm reinstalling Ubuntu and OS X on my other computers. I cannot believe how quickly my Ubuntu and OS X computers keep getting infected. I think these computers keep getting infected because there really isn't any good antivirus or antispyware software out there for Ubuntu or OS X.

If I have to go to a really shady, suspicious web site, I'll choose Windows. And I don't look back. That's how confident I am about Windows.

Plus, Symantec knows what they are talking about. In the rare case where a Windows computer gets infected, Norton always, flawlessly removes the evil program in question, causing no harm whatsoever to my Windows machine.

Also Symantec knows a lot about Linux and OS X, so they are the best source to judge Linux and OS X security.

Thank God we have Windows and Symantec!
- Sneakernets, on 10/12/2007, -8/+13You just won yourself a digg. That made my day.
- Kwipper, on 10/12/2007, -6/+2I see what you did there. ^_^
- Phyltre, on 10/12/2007, -7/+4The thing is, there's no site I can imagine that I could visit with my Windows computer right now that could possibly infect it. I mean, you got plenty of snark in that post, it's well-written, the internets love satire...but Windows is much more secure than it was in the old days.
  
  I think it's just another case of the technologically literate people (who are more likely to be running alternatives such as Linux) picking on the mainstream technologically impaired, who will more likely use Windows-based systems. They're more likely to infect their systems, so of course their system of choice is looked down upon as "less secure."
- kfilip, on 10/12/2007, -1/+1...and the award for Funniest Post On Digg Today goes to... tirofiban!
01100100, on 10/12/2007, -6/+6Key phrase here is "better overall than its LEADING COMERCIAL competitors." Not saying it is the ultimate secure OS of all. BSD anyone?
- dscx, on 10/12/2007, -5/+5BSD? See OS X?
- antiNeo, on 10/12/2007, -2/+4@dscx
  OS X was forked from BSD (and NEXTSTEP) years ago and since then most of the BSD influence has disapeared. It still has the Unix architecture, but I doubt it is as secure as OpenBSD. To quote from openbsd.org, "Only two remote holes in the default install, in more than 10 years!"
- BrainInAJar, on 10/12/2007, -1/+4you are categorically incorrect.
  
  OSX is /NOT/ from BSD... OSX is the mach microkernel, with some freebsd userspace utilities tacked on top... it's a common myth that OSX "comes from" BSD
Rosstafari, on 10/12/2007, -7/+15Another miscategorization. This one belong in the Bizarre News section.
Me1000, on 10/12/2007, -6/+3smells like symantec is getting greedy, they know they cant sell norton on the Mac, so they tell people to use it on winders!

And while OS X is not perfect, it is certainly better than winders!
If you want to run anti-virus in the background using system resources then go with windows!
OS X has the same security without the useless anti-virus!
- mrfresh, on 10/12/2007, -2/+1I wouldn't say OS X has the same security as Windows.
  
  XP seems certenly better than Vista. I am sure over time, as with XP, Vista will get more secure.
  
  I didn't get a chance to check on the full report, but one thing that I haven't heard much of is the type of exploits affecting each system. The number of exploits is good to know, but the type of exploits can give a bigger picture. Statistics don't give a full representation of an issue...
  
  And IMHO, there is now way in HELL Windows is the most secure OS. It could be said its best in the "widely-used operating systems", but Windows is the ONLY most "widely-used operating system".
n8glenn, on 10/12/2007, -4/+7Let's see now, Microsoft comes out with a new OS which is supposedly so secure you won't have to worry about viruses, then the Anti Virus guys say that the OS is not secure and is still at risk for viruses. Then they turn around and say that the OS is better than all the others anyway. Am I the only one who thinks that symantec is just trying to keep people buying windows, and then buying symantec to keep it safe from viruses? From personal experience, I would never believe that Microsoft is the most secure. NEVER! And sure, you can trot out the old "no one uses Linux and mac so why write viruses?" argument, but the fact is windows is much more vulnerable to attack than most Unix based systems because it was not designed to be secure to begin with, period.
- Sneakernets, on 10/12/2007, -5/+4Bingo. That's why they wrote this article. And apparently, it's WORKING too. That's what makes it so damn sad.
kalemba, on 10/12/2007, -5/+11this is from the onion, right?
Show 51 - 100 of 133 discussions
Login or register to add a comment

Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.

Hell freezes: Windows listed as most secure OS

Login or register to add a comment