zombie, do you read these?
quote:
Aberdeen says Microsoft products have had no new virus or trojan horse advisories in the first 10 months of 2002, while Unix, Linux, and Open Source software went from one in 2001 to two in the first 10 months of 2002, that in the same 2002 time period "networking equipment" (operating system unspecified) had six advisories, and Mac OSX had four.
In other words, all except Microsoft had increases in reported vulnerabilities this year.
let's consider some real life reasons why this might be the case. Might it be because to discover a hole in a piece of open source software, to a certain extent, all you need to do is read through the code? The reason that bugs are discovered so frequently is that they are easy to spot, and quickly fixed, again due to the ease with which the problem is corrected. This allows open source software to develop at a rate undreamed of by a closed source, proprietary development model. The most important factor is NOT how many holes and/or bugs that are found in the software, it is more likely to be how quickly such things are rectified. The other side of this coin is that while ALL the holes in a new piece of software might be discovered in a few weeks with an open source program, a similar closed source program could still be yeilding new bugs in ten years' time, if it's still used. This is due to the fact that if you can't read throught the source code, the only way you can find (and therefore report) bugs is by trial and error. It is the software equivelant of painting your mouldy house with the cracked walls, quickly selling it and then moving to Aberystwyth before the new owners find out what you did.
[edit]aha! we're talking about viruses now are we? sorry, i thought we were talking about bugs. well, let's see the statistics about how much damage was done to data by each of these 'viruses'. As i have said before, run a program in linux and it can only access files that the user who runs it has access to. Most 'high risk' network things run anything they need to as 'nobody' i have heard, and certainly anybody who'd run an unknown program as root has to have their head examined. In windows, run some program and duck for cover. Maybe there's so many viruses for windowsthat never get dealt with that people no longer report them? ever think of that?
quote:
And yet, here I sit with my virus-free, trojan-free Linux box, receiving tons of viruses and trojans from Windows users (that don't affect me), watching news item after news item about sites run on Windows servers getting defaced and broken into.
hmm. i think that says it all. those who choose are perfectly free to wade through the shit but don't try and fool yourselves.
quote:
According to what I've heard from my many sysadmin and network security specialist friends, no OS or network-connected software is secure unless it's administered properly and security patches are applied as soon as they are available.
so the bottom line is that you can either believe system administrators and network security specialists....
or you can believe zombie90210. 'nuff said.
[ November 15, 2002: Message edited by: [calum@localhost]$ ]