Open source more secure than Windows?

Discussion in 'NZ Computing' started by EMB, Dec 3, 2007.

  1. EMB

    EMB Guest

    EMB, Dec 3, 2007
    #1
    1. Advertisements

  2. EMB

    thingy Guest

    Interesting that the bug is in BSD and Windows....(assuming it is the
    same bug)..........

    Anyway, the argument is long and hard on which OS is secure. I do not
    think either are secure enough myself but both have come a long way.

    Reporting.

    The open source community is just that, open, so this means all bugs get
    reported in an open manner and get reviewed and worked on. This is good
    and bad, a user/admin gets to see what the issues are out there and can
    try and guard against them even if there is no immediate fix....the bad
    part is companies and in particular MS use these numbers to claim that
    Linux etc has more bugs....we can also see how long it takes to fix bugs
    and fix bugs that are a greater threat.

    Commercial companies dont have open bug lists, so in effect "we" dont
    know how many bugs there really are and cannot take steps to mitigate
    the risk....

    So there is no comparision of apples with apples...

    Patching

    It would seem to be more of a concern of a Windows admin that when a OS
    patch is applied the OS or application could break and terminally....so
    Windows admins in particular would seem slow to patch issues even once a
    patch s known...In the seven years I have been patching Unix and Linux I
    only recall one instance of "me" suffering such an event...and it was minor.

    Securing

    There would seem to be an equal amount of information out there on
    securing a Windows box or a Linux box...however one thing I have never
    seen is the effect on performance once you lock a box down....ie the
    effect on Linux seems marginal, not so sure on Windows....

    Root kits

    There would seem to be a huge concern that with Windows once a root kit
    is in the system it is all but impossible to find and eradicate, so the
    only way to guarantee a clean machine is a rebuild. However these days
    if I suspected a root kit on a Linux box I would rebuild it anyway....so
    I am not so sure the difference is material.

    Viruses

    Big loser here for Windows, Linux and Mac effectively are immune.

    Exploits

    A rising trend (just watch 2008) that is a concern and here I think
    Linux is suffering badly......ie web attacks, PHP/web etc seem to be
    common ways that a Linux box gets hacked....some of this is down to lazy
    if not in-competent Linux admins not doing their job and keeping boxes
    patched and secure....some of it is sloppy PHP programming.....Windows
    does no better IMHO.

    A common theme for me here is the rising complexity of OSes,
    applications and lack of skills, time or interest from admins/developers
    to do their job properly. One of the biggest causes of un-wanted
    downtime has always been user/admin error and looks like its staying
    that way...

    regards

    Thing
     
    thingy, Dec 3, 2007
    #2
    1. Advertisements

  3. EMB

    Malcolm Guest

    Came across this in alt apache.configuration and you wonder why...
    (sigh)
    http://groups.google.com/group/alt....read/thread/9340669d48e6122c#ac773c434a3366f9
     
    Malcolm, Dec 3, 2007
    #3
  4. EMB

    geoff Guest

    Dunno, but I can understand how publishing all the details of one's app can
    do anything other than facilitate somebody to dick with it, be it in a
    functional or security sense.


    geoff
     
    geoff, Dec 3, 2007
    #4
  5. EMB

    thingy Guest

    thingy, Dec 3, 2007
    #5
  6. EMB

    thingy Guest

    the bad guys know this anyway....if there is a hole in an app i want to
    know about it...I cant dodge what i cant see....

    regards

    Thing
     
    thingy, Dec 3, 2007
    #6
  7. EMB

    shane Guest

    thingy did scribble:
    noooooooooooooooooooooo
    Security by obscurity is the only way to go...
     
    shane, Dec 3, 2007
    #7
  8. EMB

    thingy Guest

    yeah right.............

    thing
     
    thingy, Dec 4, 2007
    #8
  9. EMB

    thingy Guest

    Another interesting issue is who is responsible for the bug.....with
    open source it is usually pretty straightforward...with Windows it can
    take a considerable time to get MS to acknowledge its OS owns the bug.
    Instaed MS would rather than get the vendors like adobe and firefox to
    block a vector that wouldnt be an issue if the OS was not the real hazard...

    So yeah Linux has more bugs because a Windows bug is only a Windows bug
    if MS says so.....pass the tui...

    regards

    Thing
     
    thingy, Dec 4, 2007
    #9
  10. EMB

    Ross Guest

    Yeah?
    How many people are testing Breadbox Ensemble /Geos 4.0 (an updated
    Geoworks) for exploits?
     
    Ross, Dec 4, 2007
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.