Quote:
Originally posted by hawkmoon
Yes this maybe true, but yet again most of the time it is no different to MS, the exploit can only be patched once the vunerability / bug has been detected and by the time it has been detected it is usually a little late as it has already been exploited.
Or are you trying to claim that open source software is bug free?
|
Certainly not, I do however say that Linux and its mature/Beta grade software has far fewer bugs than its closed source equivalent because of A) Its huge tester base B) The open nature of the code allows others to identify the nature of the bug and correct it if they are able and C) There is a far greater incentive for the programmer to doi a good job. With the code available for all to see, then the programmers ego could be done serious harm by bodging something together 
Quote:
|
As Deadkenny says - I see more security updates for my Linux Distro's than I do for Windows.
|
How many bug fixes and security updates do those service packs hold? The fundamental difference betwen a linux security update and the windows equivalent is that in the Linux case the programmer has spotted one of their own mistakes and corrected it; whereas in MS's case its a matter of them not being able to keep the bug under wraps any longer
Quote:
|
There are certaily serious issues with Linux, for example IIRC samba versions between 2.0.x and 2.2.7 (I think) had a vunerability that could allow an anonymous attacker to acquire super-user rights - it took them a long-time to block this exploit as you can see with the version numbers.
|
Can you point me at any references for this? I've just started using Samba 3 extensively to serve as a replacement for PDC's
Quote:
|
There are plenty others that allow attackers to get root or super-user rights.
|
There are indeed, most requiring an unimaginable level of stupidity on the users part 'Just set everything in inet.d to 777' or physical access to the system; in which case your doomed no matter what your OS.
Quote:
|
Boths OS's have vunerabilities and eploitable bugs.
|
Yes they do, but for one their fixable, for the other you have to wait on bended knee for a fix.
Also could you please start differentiating between bugs and exploits, an overrun that causes X to crash is not the same as allowing code to be executed without the users knowledge.
Quote:
The only advantage that Linux really has it that it is more secure out-of-the-box than Windows, but with a little work both can be made pretty secure.
The same goes for IIS and Apache aswell.
|
Linux can be made obscenely secure, hence the reason the NSA and many other intelligence agencies uses it. Windows, despite MS's shared source initiative, remains replete with undiscovered and deliberately included exploits because of the philosopy of MS.
Regards,
Ben