Quote:
Originally posted by BenH
Theres also the fact that as its open source its inherently more secure as the exploits are out there in the open for everyone to see and fix. As opposed to closed source which tries to sweep its mess under a carpet of secrecy.
There is no security in obscurity as any CISSP should be able to tell you.
Regards,
Ben
|
Yes this maybe true, but yet again most of the time it is no different to MS, the exploit can only be patched once the vunerability / bug has been detected and by the time it has been detected it is usually a little late as it has already been exploited.
Or are you trying to claim that open source software is bug free?
As Deadkenny says - I see more security updates for my Linux Distro's than I do for Windows.
There are certaily serious issues with Linux, for example IIRC samba versions between 2.0.x and 2.2.7 (I think) had a vunerability that could allow an anonymous attacker to acquire super-user rights - it took them a long-time to block this exploit as you can see with the version numbers.
There are plenty others that allow attackers to get root or super-user rights.
Boths OS's have vunerabilities and eploitable bugs.
The only advantage that Linux really has it that it is more secure out-of-the-box than Windows, but with a little work both can be made pretty secure.
The same goes for IIS and Apache aswell.