6 Months On, Vista Security Still Besting Linux 478
Martin writes "Great report on security vulnerabilities for MS/Linux/OS X. This is a revised version of the one Jeff Jones did back on March 21: Windows Vista — 90 Day Vulnerability Report. This time he did what the Linux community had asked. Everyone complained that he did the report based on a full Linux distro including optional components, not on just a base OS install. So this time he did both; Vista still came out on top. I was shocked that Apple was even on the list as I believed all those Mac commercials!"
Fine... (Score:5, Interesting)
What? Can't do that with Vista?
I'll take Linux, thank you.
This seems to (Score:2, Interesting)
Re:easier to use as well (cue the fanboys) (Score:4, Interesting)
Yes, Linux is not entirely user friendly yet. No denying that. But maybe you mean 1%, as you said... It's not really a good troll your way.
And yes, apt-get is a -lot- easier. Why? Because you left the steps out on the Windows side where you search for some utility on the web and have to wade through search results that mean nothing and attempt to find what you want, or you could just apt-get install it. 1 step, not several.
As for your game installation example, maybe you should pick something actually made FOR Linux, instead of hacked onto it later. Darwinia, for example: http://www.darwinia.co.uk/downloads/demo_linux.ht
Check out those complicated instr... err, no. You just download and run the file. Okay, you have to make it executable first. Just a bit of security there. At least it didn't ask you 'cancel or allow?' about 5 times.
Including the steps to set up video properly is a bit disingenuous unless you include the steps for Windows as well. Including finding and downloading the proper drivers for sound, video, motherboard chipset, etc. Is it easier on Windows? A bit, yes. But the steps still exist.
Re:easier to use as well (cue the fanboys) (Score:4, Interesting)
I installed quake 3 On my first day of Linux. Copied the files from the disk, ran the linux stuff for Id. IN all I had to use 3 maybe 4 commands total, and the only web site I went to was Ids site. It was basically the first thing I installed after doing my redhat installation. I never really got into using linux, but its not the quagmire you for believe it to be.
Re:Fine... (Score:4, Interesting)
People do though, thats the thing.
I've spotted many security issues, and the fact that we see more reported every week is proof enough that people do look at the source. If nobody looked we'd have no new reports, right?
Re:Fine... (Score:5, Interesting)
Sorry, I have to laugh. (Score:3, Interesting)
Its human nature. Its far easier to take an easy shot at someone else other than act. Oh sure I can say I will fix it, but fact is its easier to say so on some message board that take the action.
Look, with Vista they have a vested interest in correcting the bugs. For those in Linux I cannot overcome I can only hope someone else sees it as important enough to warrant a fix. Thats the crux of it. Sure I could do it, if I had time, if I had the knowledge, if I had the resources. Saying "with Linux you can just change it" is akin to handing someone a bunch of parts and telling them if they don't like the car they can fix it. Being able to use something, having an generalized knowledge of how it works, is all a far cry from being able to actually change it.
So while cheap shots at MS are the forte of many we can't forget that just because its open source, its linux, that we have the power. The opening is there, just don't expect someone to walk through it
Re:Fine... (Score:3, Interesting)
Re:Useless studies (Score:5, Interesting)
But i'd still rather run Ubuntu. Anybody who thinks installing windows is easier than linux, hasn't installed feisty fawn. My last 4 windows installs have come up in 640x480 4bit because the video card wasn't recognized, the sound didn't work, and the network card didn't work. Not to mention it took forever to install. I boot ubuntu on the same machine (in minutes) and everything works perfectly. In fact, the feisty fawn install disk has become part of my windows install. I boot the live cd, download the drivers i need to my thumbdrive, reboot into windows and install them. Point being: Not only is Linux EASIER to install, it's made Windows EASIER to install too. now THATS a good operating system.
Faulty Logic (Score:4, Interesting)
You also sweep away all of the *many* other ways to participate in a project to help it along.
Finally, nearly all OSS projects are driven by one or two people coding with other contributions (testing, bug reports, documentation, packaging, translations) kicking the projects into high-gear. There are a few that are so big the leaders code contribution is a small part, but that's the rare exception.
OT Rant: OO.org team: please move to GTK+.
Re:Did I miss something (Score:3, Interesting)
obligatory humor (Score:5, Interesting)
lets be fair... (Score:3, Interesting)
just remember there are 3 types of lies, "lies, damn lies and statistics".
Not that im claiming he's wrong mind you, just that history has proven to be a battle of seemingly erroneous statistics stacked on top of one another that seem to claim totally different things.
Is it going to make me switch to vista? no... But i cant say i really care either, probably the most insecure part of my home server is the code i've written for it!
Re:Fine... (Score:3, Interesting)
If this were true, we'd have no third-party reports on closed source software, but that's clearly not the case.
I acknowledge some people will look at the source, but finding a vulnerability and fixing it (and testing the fix) are two completely different things.
Re:No, still not a good comparison (Score:3, Interesting)
So, this is self-performance review. I'm guessing he's vying for a pay raise.
Re:Fine... (Score:5, Interesting)
Re:A few points (Score:3, Interesting)
It's in use way more than is Linux:
http://marketshare.hitslink.com/report.aspx?qprid
Vista: 3.74%
Linux: 0.70%
And here are status for Germany, which would be more friendly to Linux than Vista:
http://www.webhits.de/webhits/browser.htm [webhits.de]
Vista: 1.0%
Linux: 0.5%
Re:Exploited verses exploits (Score:3, Interesting)
Windows (older versions but common exploit) hides known extentions by default. Users are admins by default. Opening MyNakedWife.jpg.exe was an exploit that nailed many a Windows user. No warning of any kind was given, the software was installed.
Linux by default nobody runs as root. Ubuntu takes it up a notch. Even if the
You think if Joe Sizpack was running Linux he _wouldn't_ click that file promising him "free smileys" or constantly keep his stuff up to date?
With Linux much like modern Windows, they phone home and look for updates. Being offered an update from a 3rd party is still a problem for Windows users and less so for Linux users. Example.. Go to any flash site without flash installed. The untrusted site may or might not send you to get the official flashplayer. In linux, you have to follow the instructions to go to Adobe and get the tarball for the flashplayer 9, then unpack, and install. It's a little more work, but you generaly get it from a trusted source.
Another common Windows exploit requiring a fault between the chair and keyboard used fake picutres of Windows error messages. Clicking the little x in the corner of the box is as much of an install button as the rest of the photo. This was also a common Windows social engineering trick to get the clueless to click on the install button. Linux does not install root level software by a click on a webpage when not running root. Since most Linux users don't run root, this exploit is broken. The exception is Firefox plug-ins that users can install in their browser.
Short attention span Windows users who can one click install your botnet software for you are easy to find. There are millions of them. Even if there were as many Linux users as Windows users, you would find many fewer willing to follow your social engineering.
Maybe you know some Linux exploits of the fault between the chair and keyboard that is as simple as hidden extensions, executible IM messages, and webpage install buttons disguised as a error dialog box that I should know about. If you do, fill me in..
Reading closely... (Score:3, Interesting)