• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Most Unsecure OS? Yep, It's Linux

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
All that is actually claimed is that

more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions.
Click to expand...

This does not mean however that Linux is the most insecure, just that more insecuritys have been reported in the first 10 months of 2002, its simply not the same thing... you have to count every single exploit, virus, trojan before making such a statement imho

Alternative View and Opinion on the Report - The Register
 
Last edited:
It's on a Windows site, I can't trust that. I also wouldn't trust a Linux site to make such an outrageous claim either.

...many Linux distributions lack the sophisticated automatic-update technologies modern Windows versions contain.
Click to expand...

I know that alot of main stream distros offer an easy update program. RedHat, Mandrake, Gentoo, Debian to name a few.

-DarkArctic
 
DarkArctic said:
It's on a Windows site, I can't trust that. I also wouldn't trust a Linux site to make such an outrageous claim either.



I know that alot of main stream distros offer an easy update program. RedHat, Mandrake, Gentoo, Debian to name a few.

-DarkArctic
Click to expand...

The question is are the sophisticated enough?
I think at least Debian's system has some flaws and isn't very userfriendly at some points.
 
Well this isn't a particulary objective source. Also, the only real statastics in the report are:
First, the Aberdeen Group says that Windows-based Trojan horse attacks peaked in 2001, when CERT released six such advisories, then bottomed out this year, when CERT didn't issue any alerts. However, Trojan horse-based attacks on Linux, UNIX, and open-source projects jumped from one in 2001 to two in 2002.
Click to expand...

I don't know about you, but that doesn't sound like enough information to justify "Linux is the most Unsecure OS."

Regarding update tools, Red Hat has a particulary effective system, IMO. A program running in the background checks for updates periodically, and upon finding applicable ones, changes the color of a small icon in the corner of your desktop for green to red. Simply click on that icon, enter the root password and a few downloads later, your system is updated. No rebooting is required, unlike Windows. Red Hat even offers to email you whenever an important update becomes available.

IMO, this article is dripping with bias and provides little to none evidence for the claims it makes.

EDIT: Some of the reader comments for that article are interesting, although the accuracy is debatable:

For example, close to none of the several critical flaws of IE and Outlook Express ever appeared on this list. As to the Linux advisories, they also deal with server software like BIND oder NFS.

On the other hand it has become Microsoft's policy to reduce the number of fully published security issues and instead tend to fix most of them silently months later in some service pack without ever telling the users.

So simply counting CERT advisories doesn't make any sense. But that might be exactly what Microsoft has in mind.

In any case, when you complain "we'll never know how secure Linux is", you are simply plain wrong.

Just use the source, Paul. Try that with Redmond's code...
Click to expand...

There is a difference between security issues related to various applications and security issues in the OS itself. If Aberdeen were honest, the counts would add up far differently. In Linux it is easy to turn off network services or applications revealed to have problems, without having to shutdown or reboot. The patch can be obtained and applied, and services restored, without reboot (usually). In Windows, you always have to shut it all down for reboot, even if it is running as a server, after security patches are applied. This means security of operations with Windows is ALWAYS affected. Security of operations of Unix based systems, like Linux, will always be less affected, due to the layering and seperation between OS, network services, and applications. Windows, with it's monolithic approach to everything can be automated by the web, creates a major security problems every time any exposure is found. Linux, when the OS actually has a problem, that problem is localized and containable. Patching it is hours or days away, many business processes remain possible, and the update is free of constantly changing EULAs and Microsoft-forced modifications and unexpected default resets of options.

You can keep your Windows...but be extremely cautious about security flaws. When Windows has a crack in the door, the whole house is exposed, for weeks and months. When Linux has a crack, a room might be entered...for a few hours or days. When the patch from Microsoft comes, it may gum up other stuff, and require you to give up more rights to your PC to Microsoft. Linux always leaves you in charge.
Click to expand...

The author decides to revise his 'verdict' in one of his resposnes to a reader comment:

Editor's note: Actually, I'm not really saying that Linux is less secure. What I'm saying is, when someone says Linux is more secure, no-one ever challenges it. When the reverse is proposed, people get crazy. This doesn't make sense: There is no evidence, anywhere, that Linux is more secure than Windows in the real world. There just isn't. That's really what I'm saying. --Paul
Click to expand...

Does that sound a bit different from "Most Unsecure OS? Yep, its Linux" ?

Some more discussion of the article for those who are interested:
http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=96509133&m=5300971045
 
Last edited:
Read the full "study".. It's a one page report listing CERT report counts. Not only are they counting *all* of open source projects but they're also counting all variants of unix packed into one big headline of "linux is insecure".

not to mention read the terms and conditions

These sponsored reports, white papers, and supplier profiles provide analysis that may be useful in support of internal technology planning processes, sales training programs, and external customer education programs.
Click to expand...

Sponsored reports, sponsored by whom ???
 
Last edited:
UnseenMenace said:
Sponsored reports, sponsored by whom ???
Click to expand...

Hmm, I wonder... ::cough:: M$ ::cough:: :)

I think we can establish that this 'study' is of no real value.
 
It is my opinion that any study sponsored wholly by ANY os vendor can not be entirely trusted:)

Any modern OS can be made pretty secure, with a bit of tweaking.

I do not know of any OS that any Joe Sixpack can install without trouble that will be secure- not Windows (of any flavor), nor Linux (in its EASY distros.)

Linux does have a big advantage in this area, IMO, because the source IS available; with MS stuff one must trust MS to feel secure.....

I use both but I do have some concerns about MS being trustworthy;) but I'd have to say that my Windows rigs are more secure BECAUSE I know a bit more about how to secure them, I'm still learning Linux so I am sure I have a BUNCH of holes left on them!
 
SBeaver said:


The question is are the sophisticated enough?
I think at least Debian's system has some flaws and isn't very userfriendly at some points.
Click to expand...

As already mentoined RedHat's is a very easy icon. Gentoo (which I use) has one simply command for checking for updates to any and all packages on the system. 'emerge -u world' is all I have to type in. And I just put that in a script so that it updates overnight. Debian has a similar command line for their apt-get. It can be presumed that Mandrake has something easy as well considering it's an easier distro to use. If it's not an easy update tool then I'm sure that they wouldn't have but it in Mandrake anyways. All I'm saying is that making an update tools doesn't seem to be that difficult. Some I even find better than the Windows version. :)

-DarkArctic
 
rogerdugans said:

I use both but I do have some concerns about MS being trustworthy;) but I'd have to say that my Windows rigs are more secure BECAUSE I know a bit more about how to secure them, I'm still learning Linux so I am sure I have a BUNCH of holes left on them!
Click to expand...

I personally don't have any problem with MS trustworthyness.
A lot of other people seem to have though, with no real reason for it.
I've been using Microsoft's products since the win 3.1/dos 6 days and I have newer had any mistrust in Microsoft.
The fact that I have become so attached to Windows and DOS has made a little hard to let go when I have tried Linux (don't this a few times in the last year and the year before) and I still can't say that Linux can get anywhere near reaplacing Windows on my main machine.
The reason is so simple, they just seem to HAVE TO make even the most trivial task a big pain by making hard-to-use software.
I think I went a little off topic here... ;)

My point is really that the report could be true from a very strange point of view but even if it wasn't true that wouldn't change my thinking a bit.
I learn from XP-erience as I said ones in the XP-beta days.
Installing Linux (assuming it is safe from the start) and installing Windows + securing it takes just about the same time and if you allready know windows but not Linux/Unix then that's not a big enough reason to make me switch considering all the downsides Linux has.
 
Well, the security of a linux system depends entirely on the distro and the knowledge of the admin. I think Linux has more potential to be secure than Windows, and more often than not, it will take less amount of time to secure it.

For example, let's say you want a webserver. If I were to set up a Linux webserver, I would use Debian, and only install the base system (basically enough for it to boot). Then, apt-get apache and a few other tools. Now, you only have to worry about the server on the system, in this case, apache. Simply put, a proper linux distro comes with everything disabled, and you must enable the services you desire. Windows is the exact opposite. Hence, in most cases, Linux is more secure simply because it is running less services.

Somewhat off topic rant:
A friend of mine installed mandrake recently, and while looking through the system, I noticed that virtually every daemon known to man was running. Even telnet, which has been pretty much obsoleted by ssh (sshd was also installed and running). It seems that the newbie distros seem to be following in MS's footsteps more and more...
 
Johnny Knoxville said:
It appears that linux is now officially the least secure operating system. i wondered why i heard about more security holes in linux than windows...

http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
Click to expand...

Of course, what the article fails to mention, and what you fail to comprehend, is that when they talk of "linux", they are speaking about 10-15 different distros from 10-15 different companies lumped together.

They compare 10-15 companies to 1 company.

Simple statistics will tell you that if you lump all "non-microsoft, but eunning ON M$" companies in with M$ and compare that number of holes to linux, you'd see that Linux is much more secure.
 
Re: Re: Most Unsecure OS? Yep, It's Linux

dribblesnort said:


Of course, what the article fails to mention, and what you fail to comprehend, is that when they talk of "linux", they are speaking about 10-15 different distros from 10-15 different companies lumped together.
Click to expand...

Its not just different distro's that they are lumping together under the title 'Linux is Insecure' it is ALL *nix such as Unix, BSD etc
 
You must log in or register to reply here.

Similar threads

ZetaRevan
How-to: Linux Gaming Explained (2023 version)
Replies
0
Views
2K
ZetaRevan
ZetaRevan
F
Pihole Build Thread - A Complete Walkthrough
Replies
2
Views
624
freakdiablo
F
(G{in}[AK)TION]
my experience so far on making another attempt at having another go at linux.
Replies
9
Views
1K
knoober
knoober
Max0r
SSD system area rewrite death (no wear levelling there)-- is that a thing?
Replies
12
Views
1K
Max0r
Max0r
Al_bundy
Alucryl - 3DFX - CNC - Retro pc
Replies
2
Views
389
EarthDog
EarthDog
Back