OT: Nix less secure than Windows.

[Baron Munchausen]

Whoa! Every single brand/variant of Linux and Unix is lumped together vs. MS Windows, which has only a few versions. If this was broken down into specific versions I think it would look a bit different. Not only would the number of bugs for each version be less than MS Windows, but the severity of the bugs would be very different. How many of the Unix/Linux bugs are root exploits? Nearly all Windows 'security' problems give admin level access and total control of the machine because the inner workings of the OS kernel are not secure. If you can get around the outer layer of security checks you are then free to do what you want. Very few *IX bugs are this bad because these systems were designed from the ground up with security in mind. On top of that, most of the *IX bug require local access, while nearly any Windows flaw can be exploited through Internet Explorer, meaning you can get 0wned while surfing the web. Only actual flaws in your web browser (generally Mozilla Suite/Firefox) allow that to happen with *IX systems. Local exploits are only a risk when your users are out to get you, not when some random website carries a jiggered file.

[Thermodyne]

Do your home work, if it gets past one version, it gets past most of them. Take out the Unix and osX and you still have a lot of flaws. The thing that needs to be known here is that Nix is not in and of itself safe. You need to take the same steps as windows users.

[Baron Munchausen]

Quote:

Thermodyne said:
Do your home work, if it gets past one version, it gets past most of them. Take out the Unix and osX and you still have a lot of flaws. The thing that needs to be known here is that Nix is not in and of itself safe. You need to take the same steps as windows users.

No one has claimed that *IX is inherently 'safe'. Many have claimed that it is more secure than Windows. Which is not very difficult to achieve. But I think it's the authors of this study who need to 'do their homework'...

http://news.zdnet.com/2100-1009_22-6021867.html

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorized," Mark Cox, a consulting software engineer at Red Hat, said. "For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."

In addition, Steven Christey, an editor for Common Vulnerabilities and Exposures, an organization that maintains a common vulnerability database, said that the statistics were no basis for comparison of the relative security of Windows and Linux/Unix, because they had been collected from different sources with different criteria for the collection of flaws.

...

Secunia thought that the nature of the reported vulnerabilities also made it difficult to compare security on the platforms, as Linux/Unix researchers concentrate on vulnerabilities in local privilege separation, while Windows researchers look at possible remote vulnerabilities.