Discussion in 'other security issues & news' started by PJC, Dec 31, 2011.
What will 2012 bring in terms of cyber-crime?
We have a choice to minimize being hit directly by choosing a safer operating system.
Like what, Linux? In the end, Linux is only as safe as its users choose to be themselves. Step outside the walled garden of the repositories and bets are off. Sure, the malware written for Windows won't work (provided you don't have a Windows machine on the same network), but there are a lot more attacks out there than just busting up the OS. Besides, what other choices do you have besides Linux? Mac? Mac has already been done. A smartphone/tablet? Already being hit and it's barely gotten warmed up. A "safer OS" isn't cutting it anymore.
The point remains, that personal actions aside, there are, intrinsically, more safe and less safe operating systems. The choice is ours.
In terms of an alternative OS,
I wonder how Google is going to respond to...
All OS are vulnerable just some less then others and IMO its do to market share.
Whatever the reason, if something affords more security and allows us to do all we want, why not go for it?
I will be surprised if incidents of cyber-crime don't increase almost exponentially due to the worldwide adoption of smartphones and tablet computers which (I believe) will be more vulnerable to hacking than PCs and laptops.
And what usable (for regular folks) Linux distribution offers more security than latest Windows? Not talking about Security through minority. Also, no other platform can offer the range of compatible games and different options of apps that Windows can. Drivers are also updated more often for Windows, and the performance is generally better. Microsoft ecosystem is simply superior, and the greatest reason is: developers focus on it.
Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers!.....Yes! ~Steve Ballmer
Every single one lmao
edit: Maybe you were just joking, I don't even know anymore. There is no argument here. Linux offers far better security than Windows and that's even ignoring security through obscurity.
This is the tiniest little tip of the iceberg in terms of comparing their security. There's a significant difference in how security is handled. Something like EMET is providing attack surface but were it implemented in linux it could be compiled straight into the kernel. Welcome to open source?
There's apparmor, SELinux, better privilege separation, far FAR better patch deployment, software repositories, open source applications are the standard, and plenty other more complex things that I can't even remember right now.
Yes there is.
Unpatched: 6% (18 of 283 Secunia advisories)
(also add vulnerabilities specific for the distribution and installed apps)
Unpatched 6% (5 of 90 Secunia advisories)
(also add vulnerabilities specific for the installed apps)
Reload the page.
Andit's hilarious that you're comparing an open source project to a closed source project in terms of disclosed vulnerabilities. I mean, even comparing two open source projects or two closed source projects in terms of number of vulns is a joke but still. Number of vulnerabilities means nothing.
You know what's far more important? Patch management. Linux kills Windows there.
I'm comparing an open source project with a shared source project.
Here's how you secure Windows:
"Oh let me find an antivirus 3rd party closed source software to smack into userland and expand my attack surface."
Here's how you secure Linux:
"Oh let me use the 3rd party open source software compiled into my kernel to secure my computer without increasing attack surface."
I use Windows. I love Windows. There is no comparison in terms of security. The only thing worth mentioning is that MS has smartscreen and Linux doesn't.
I don't know what "Shared Source" is but it doesn't matter anyways. Number of vulnerabilities is irrelevant. Patch management is also not super relevant but far far more important.
EDIT: Ah, shared source means closed source but bits and pieces have been open sourced (and some of those open sourced pieces can't be written to.)
So, yes, Windows is a largely closed source project.
OSI president Michael Tiemann considers the phrase "Shared Source" itself to be a marketing term created by Microsoft. He argues that it is "an insurgent term that distracts and dilutes the Open Source message by using similar-sounding terms and offering similar-sounding promises".
What's wrong with patch management for Windows?
And oh please, stop copying/pasting FUD. I won't answer nonsense.
Shared source is a term coined by Microsoft. It's a nothing term lol, that's not propagating fear it's calling it what it is.
Patch management is another metric we could discuss but it's still silly because of disclosure.
MS has had a long history of poor patch management. It used to be 3 months average, it got pushed down to just under 3 months the next year and then 2 months the year after that. Not sure what it's at now.
Like I said, comparing patch management between two operating systems isn't a great way to see which is more secure.
Windows is a paid product, supposed to work on a far bigger ecosystem - including an incredibly bigger number of users with different setups. So, of course, patch testing will be somewhat slower (but the patch deployment/management is OK).
That's why Microsoft is investing in these initiatives:
Woops, walked away and forgot about this.
I think the biggest changes Windows has made towards security are in the form of moving from a single administrative user to having multiple lower rights users. This is a move Linux never had to make - it's always been the case. edit: The significance here is that applicatoins on Windows still ask for a lot of rights and there are just, in general, more restrictions in linux.
Pretty much every big security change Windows has made has come from Linux. Does origin matter? No, but it should really tell you something.
I'll come up with some better more technical stuff with fancy words later.
edit: There's also the matter of software repositories.
And what exactly is wrong with security through "minority"? Or are there different types of "security"?
Obscurity isn't really great security because in any targeted attack it's entirely useless - the second someone looks at it you're screwed.
I just love Secunia stats or rather they way they can be reported and spun. Why, we even had a massive poster here claiming that a rip-off version of a browser was safer than the original simply because Secunia had no vulnerabilities to report for the rip-off.
For spinning, we just have to wait for the monthly browser stats to get excellent tutorials on spinning.
And the variety of games certainly should take preference over security
Variety of games and applications is what keeps me on Windows.
Otherwise I much prefer access control in Linux. Integrity in Windows is nice but not nearly as fine grained.
Don't extend the argument by introducing "really great"
Are we talking of reducing the chances of getting hit or some sort of absolutist "zero tolerance" situation? In the latter case, even courier pigeons are unreliable.
Security through obscurity is situational security. It's not a hardened OS, it's not a hardened user, it's not even a technique or method. It is purely a situation where no one cares enough to attack you.
Is it still security? Yep.
The problem is that situations change easily. Security through obscurity does nothing to prevent direct attacks and the second anyone cares enough you can't rely on it anymore.