I never said it was all code, but it's the single most tested code because of the large user base.MS still have a 90-95% lead on desktop systems, but that doesn't translate to all the code on the planet!
All three.So do the script kiddies do it because it's an easy target, it's more profitable or just because they are pis*ed off at MS ?
As quoted from microsoft.comI don't have experience of 2008 server, but 2003 certainly doesn't come with services off by default !
To improve performance and security in the Windows Server 2003 family, several services have been disabled by default that were previously enabled on Windows 2000.
One thing that no-one has mentioned is to what extent the machines were hacked. Was it complete root-kit? ie. Did they have complete control of all aspects or did they just have access to user level privileges? If it is the prior, this is worrying for both companies. If the latter, it is not quite as bad...
Sure, anyone and his dad can fork Red Hat code but few corporate IT departments would deploy the resulting distro.The reason linux is more secure is because it is open source. Anybody can read and improve the code.
You're joking, right? Last time I checked a PDF reader has not been integrated into the Linux kernel and what about all those Firefox plugins, for that matter. The FOSS movement is also producing its equivalent of Flash ( Gnash?).Unlike windows or OSX, linux doesn't require a plethora of extra utilities to provide functionality like opening pdf's, xls etc.
It's not the closed source nature which was the problem. There have been vulnerabilities in FireFox and in open source VM frameworks. In the Windows case Microsoft has used unsafe practices such as tight OS integration of its web browser as a way of achieving vendor lock-in to sure up its monopoly in the desktop operating systems market.In this case its the closed apps (Safari, ActiveX) that are the security vulnerability.
Open Source is does not always prevent problems. As a case in point look at the security issues there were with PHP last year.
Open source like democracy is not panacea but it does a better job of mitigating the excesses of dominant parties.
The many eyes theory of open source is all well and good but if the bragging rights are all in busting Windows then you know where most of the attention is going to go.
What has helped Linux is that the *nix security model does a better job of mitigating the effect of the compromise of unpatched (either by vendor or admin) software.
Now you're being contrary for the sake of it. What Michael was alluding to was that Windows 2003 does not start out any with listening services (daemons) enabled out of the box. You have to deliberately choose to make Windows 2003 act as file or web server. This definitely was not the case with Windows 2000 or NT4 server.I don't have experience of 2008 server, but 2003 certainly doesn't come with services off by default !
Because Linux comparatively has a small user base compared to Windows. Hypothetically speaking, even if you did find something to exploit in Linux, you'd have to find a Linux machine to attack first!The source code is freely available for both Linux and BSD - why not attack those? A lot of people, myself included, believe that security through obscurity is a bad thing. Shown by this recent triumph by open source.
If I am wrong, why don't we see more attacks on Linux performed/created? I'm sure if someone managed to hack into Google's server farm, they'd have a wealth of information on their hands. No doubt here, but I have no doubts also that Google's servers are going to be behind hardware firewalls too. There are far more Windows exploits created and far more Windows clients to target or attempt to target.Not in the server market - it is still the leading os for hosting websites on. Google, for example, makes use of Linux... Imagine a hacker taking over their server farm.
Occasionally there are 3rd party patches to Windows vulnerabilities as well but everyone tends to wait for the official Microsoft ones.
No I wasn't. Read my post again. I was just wondering why you were criticising Windows and OSX for having utilities to open PDFs, XLS files etc.You can't seriously be avocating putting FF/PDF stuff in the kernel .
That's what *nix does too. In fact a major part of the *nix philosophy is the modularization of code so that, as much as possible, particular programs do specific tasks rather than act as jack of all trades.
Last edited by ITWombat; 31st March 2008 at 01:51 AM.
As I have said in other posts, the *nix secuity model is generally better but let's not get complacent. Don't be like those Mac users who thought they were impregnable until last week. One the whole, Mac OS X is still safer than Windows you still have to be careful what you do with it.
I agree though- if it were a root-kit access to the system then both Microsoft and Apple need to get it fixed. And quickly. Reminds me of the VMSPLICE exploit found in kernel 2.6 at the start of the year in Linux- a root shell could be started through exploit code because of a bug in the kernel. It was patched *very* quickly- but it was there for all to see :-)
There are currently 1 users browsing this thread. (0 members and 1 guests)