Author Topic: Interesting...Windows security flaws < UNIX's?  (Read 2931 times)

ReggieMicheals

  • Member
  • **
  • Posts: 186
  • Kudos: 228
    • http://osadvocacy.frih.net/
http://www.us-cert.gov/cas/bulletins/SB2005.html
Quote
This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.

A little old, but this just doesn't seem to add up...
Operating System Advocacy. I've given up on the Microsuck project, as well as any of the minisite spinoffs. You can still view the new beta site, though!

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Re: Interesting...Windows security flaws < UNIX's?
« Reply #1 on: 9 May 2006, 02:06 »
It probably counts the same thing in each distribution as its own.
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Interesting...Windows security flaws < UNIX's?
« Reply #2 on: 9 May 2006, 02:15 »
Quote from: WMD
It probably counts the same thing in each distribution as its own.

No it doesn't but they do count vulnerabilities more than once. For example...

For linux/unix...

Quote
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)


And in Windows too...

Quote
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
:)

TB

  • Member
  • **
  • Posts: 112
  • Kudos: 0
Re: Interesting...Windows security flaws < UNIX's?
« Reply #3 on: 9 May 2006, 05:14 »
Plus one must consider the whole closed/open source factor. Only Microsoft can truly know how many security holes Windows has.....assuming that they actually have people looking for them (a little voice inside me is saying they probably don't).

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #4 on: 9 May 2006, 11:04 »
"Winamp Arbitrary Code Execution" ???
Is winamp part of Windows or something?
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Interesting...Windows security flaws < UNIX's?
« Reply #5 on: 9 May 2006, 11:33 »
It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #6 on: 9 May 2006, 19:30 »
Quote from: Aloone_Jonez
It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once.
Even then it's still numbers.

Something like "one year on default Ubuntu + updates and one year on default Windows XP + updates - who's been safer?" would be more useful. (I can't imagine Windows not having it's ass handed to it because, afterall, it ships with IE with ActiveX enabled.)
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

inane

  • Member
  • **
  • Posts: 107
  • Kudos: 233
    • http://www.myblogspace.net/inaneframe
Re: Interesting...Windows security flaws < UNIX's?
« Reply #7 on: 10 May 2006, 02:48 »
These people are ran by the National Cyber Security Division and according to Wikipedia "An audit of the division, conducted by DHS's inspector general Clark Kent Ervin, cast a negative view on the division's first year. Although the report praised the formation of the US Computer Emergency Readiness Team (US-CERT) and its cyber alert system, the division received criticism for failures to set priorities, develop strategic plans and failing to provide effective leadership in cyber security issues."

Secondly keep in mind that they probably run on some POSIX variant...

Pathos

  • Member
  • **
  • Posts: 518
  • Kudos: 416
Re: Interesting...Windows security flaws < UNIX's?
« Reply #8 on: 10 May 2006, 10:16 »
The numbers are not indicative of the true number of security flaws.

but I think we have to realize XP has had no real enhancements since it was released and has been getting security reports for years and has only been making changes as required.

Linux is always being extended and I don't think its had the same coverage that windows has had in the past.

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #9 on: 15 May 2006, 06:18 »
How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier.

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Interesting...Windows security flaws < UNIX's?
« Reply #10 on: 15 May 2006, 06:26 »
Quote from: H_TeXMeX_H
How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier.

Well I've read on more than one occassion from security professionals that in  *nix OS's, it is generally easier to escalate priviledges than in Windows.


How would this "test" of yours work anyhow?
:)

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #11 on: 15 May 2006, 06:34 »
I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack.

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Interesting...Windows security flaws < UNIX's?
« Reply #12 on: 15 May 2006, 06:45 »
Quote from: H_TeXMeX_H
I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack.

Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon.

How about IIS6 vs Apache?  If it were that, my money would be on Windows/IIS6.
:)

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #13 on: 16 May 2006, 06:17 »
Come on ... I'm sure a real 1337 haxxor can hack anything :D

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Interesting...Windows security flaws < UNIX's?
« Reply #14 on: 16 May 2006, 07:07 »
Quote from: toadlife
Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon.

How about IIS6 vs Apache?  If it were that, my money would be on Windows/IIS6.
You mean "(Windows Server 2003 or Windows XP Professional x64 Edition) and IIS6", seeing as that's all II6 runs on.
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.