WARNING -- LENGTHY READ -- TOOK ME ALLOT OF TIME -- REFERENCES INCLUDED -- PLEASE DEBATE THE IDEAS AND NOT A SINGLE STATEMENT, IM SIMPLY NOT A WRITER AND CAN NOT MAKE SURE EVERY WORD I TYPE IS PERFECT! THANKS!
Microsoft is in a very tough position. Most people use Windows, so the majority of scams, viruses, spyware, etc. are written for this operating system. It’s not that Mac or Linux is more secure, it’s that Windows is in the spot light.
Reference and good read:
http://www.newsfactor.com/story.xhtml?story_id=0010003L8438
If you look hard into security websites and other places, you will find a host of problems and hacks for Linux. It’s been standard statistics and knowledge that Linux and Windows in the server market have around the same failure and compromise rate for security failures. The other factor is cost of ownership. There is much controversy over both of these topics, so here are a list of some great references. Many Linux supporting documents are scattered across different sites, while Microsoft tends to include these documents in their websites. Because of this, and because of googles page rank system; it is hard to find pro-Microsoft documents that are not on the Microsoft site. Read the above article, as for it explains most of this.
Cost of Ownership References
http://www.microsoft.com/mscorp/execmail/2004/10-27platformvalue.mspx
http://download.microsoft.com/documents/customerevidence/11484_Rayovac_Case_Study.doc
https://thesource.ofallevil.com/windowsserver/facts/topics/tco.mspx
http://www.cyber.com.au/about/linux_vs_windows_tco_comparison.pdf
http://www-1.ibm.com/linux/RFG-LinuxTCO-vFINAL-Jul2002.pdf
Security Failure Rate References
http://www.microsoft.com/presspass/...icanLinuxWindowsTCOComparisonPart2-Yankee.pdf
http://www.securityfocus.com/unix
http://www.securityfocus.com/archive/88 <-Windows
General
http://www.newsfactor.com/
http://linux.slashdot.org/
http://slashdot.org/search.pl?tid=201 <-Windows
http://www.antionline.com/
http://dmoz.org/Computers/Hacking/Cracking/ <- Includes some Amazing Sites
The largest security hole in any computer system is not the operating system but in the users who access the systems. Read any credible book on Cracking (dont you dare say hacking), and you will find a large section on social engineering, and compromising systems based on human error. Its the easiest way to crack a system. Ive read books with chapters dealing in how to dumpster dive for the sole purpose of gaining info used to crack systems.
For Example, one practice used by people is:
Scout out a "secure" site, a local large company. Watch how they operate, and look at how they work both on a public level (websites, knowledge bases, open forums, phone calls, etc). Look at how security desks allow people in their doors. Watch carefully and you could find a loop hole. Call sales, find out about products. Get names and locations of where to meet people. If you need to, set up a meeting. Act like a client. Go to the meeting, learn about the company, their products, lingo, etc. Then gather the guts, and the willingness to get into the fold, make a plan and follow through. If your good, I would give you really good chance of getting past the physical security. Once in... well then it doesnt make much difference what the external network firewall is.
Another Example:
Call up a person from a major company and act as a member of the companies IT staff. It is amazing how much info you can get out of the person you call. In fact it may be you who is giving out this info!
http://en.wikipedia.org/wiki/Pretexting
http://www.securityfocus.com/infocus/1527
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.cybercrimes.net/Property/Hacking/Social Engineering/PsychSocEng/PsySocEng.html
This is important, and I know people may cry fowl stating that I am teaching people how to do illegal things. That I am violating forum rules. However I am really teaching people how to AVOID being a victim. The best defense is to study your enemy. Look into everything they do, how they do it, and what the results are. Read your copy of 2600 or Black Book, and go to the sites about Cracking and Cyber Crime. Educate yourself on how to do harm, and then use that knowledge to protect yourself from others doing harm to you. The cyber criminals are going to the sites dedicated to protecting you from security violations; so don’t be ignorant and fail to see thier side.
If you are IT staff, you BETTER be doing this. It is important to read about the latest ways people take advantage of these complex systems. Please for the love of god, go to the black hat sites, and READ... Then READ more... Join the forums, and if need be pretend you are a bad guy. Knowledge is power, and power is safety.
If you are a adverage user, a company employee, an executive, or a human that owns a computer... Then PLEASE READ about social engineering. Learn about Phishing, Pharming, etc... Watch your browsers address bar, dont leave guests unattended in your place of work, dont give out any system information over the phone/email unless you know exactly who you are talking to, and even then be very carefull. Even the telephone systems may also be mis-used, cracked, or monitored.
In my mind the worst security tech problem around is unsecured wireless routers. Drive around with a lap top, and see how many unsecured wireless networks you can access. If you are one of these people, just think what someone may do parked out in front of your house with a lap top. They could access child porn, or break into any security system... When they trace back the IP Address they will get you, and NOT the guy who actually did these activities.
Microsoft doesn’t build wireless switches... Yet we are not talking about Linksys and the other companies who do. We are talking about big bad Microsoft, the company with all those billions of dollars. The Jealousy we have for this companies, and the deionization that occurs due to their market position (read first reference). Please secure or turn off your wireless routers. Someone who is reading this IS on a unsecure wireless router. It may be you.
http://www.computerworld.com/newsletter/0,4902,89039,00.html?nlid=MW
http://www.microsoft.com/windowsserver/facts/default.mspx
People complain about a few of Microsoft’s software activation policies. You don’t have to read far down in the list of this forum to find a post about it. Yet Microsoft is very public about every bit of data they gather. How they gather it, and what they do with that data. There not out selling this data, nor are they really gathering anything important. Yet hundreds of companies have broken this trust. Big companies like the REAL PLAYER, who secretly gathered information on their customers without ever acknowledging that they were doing so. When they were caught they quickly switched their Licensee agreement, but luckily this didn’t prevent the lawsuit. Their not the first, or the last... just an example!
“Microsoft Spyware” on this forum
http://www.ocforums.com/showthread.php?t=493332
Real Player
http://www.micro2000.co.uk/techtips/techtip_media_player_watching_spyware.htm
Microsoft Privacy Information
http://privacy.microsoft.com/
When Microsoft gains and controls a market place, they tend to abandon that tech. Yet time after time people have stepped up and re-lite the fire of innovation. Look at FireFox, WinAmp, Zend Studios, ZoneLabs, Spybot Search and Destroy, Mac OSX... The list goes on, and in each case it lights the fire under Microsofts *** and Microsoft responds with some great products.
Who benifits... Well first is the people who recognize and take advantage of the market. Then the users who need these programs and can pay for them. Then ultimately Microsoft develops programs that compete with these products and offer them to us poor soles who cant pay for the thousands of seperate applications that would be needed to run a system Microsoft sells for a few hundred dollars. Aint free markets great
Good Read
http://linux.oneandoneis2.org/LNW.htm
So if you like Linux, then by all means go and use Linux... Its a great solution.
If you want to really change things, then start getting involved. Head over to OSDN and join a team. Start writing code, and start working to make things better. Talk to your friends and co-workers about security, and how to REALLY protect themselves. Its not tough to do, just takes a few minutes and a patient student.
I have worked on many open source applications. I plan on getting back to the Open Source Application that I have a passion for; PostNuke!
http://postnuke.com/
Mike
EDIT - I do not think I am a Microsoft fanboy. They discourage me, and they act like bullies. I wish Linux was at the top. I feel that much of the hatred of Microsoft is not justified. I feel that there are many reasons to why people don’t like them, and that they are always the target because they are the biggest. I Love that Macs exist, and we should all hope that they remain in the back of the pack. They encourage the market, yet Mac Dominance would be horrible do to their restrictive licenses.
Why should we sit and complain about what is wrong with the world without coming up with solutions on how to make it right.