Announcement

Collapse
No announcement yet.

Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Zachery,


    Myth: There's Safety In Small Numbers

    Perhaps the most oft-repeated myth regarding Windows vs. Linux security is the claim that Windows has more incidents of viruses, worms, Trojans and other problems because malicious hackers tend to confine their activities to breaking into the software with the largest installed base. This reasoning is applied to defend Windows and Windows applications. Windows dominates the desktop; therefore Windows and Windows applications are the focus of the most attacks, which is why you don't see viruses, worms and Trojans for Linux. While this may be true, at least in part, the intentional implication is not necessarily true: That Linux and Linux applications are no more secure than Windows and Windows applications, but Linux is simply too trifling a target to bother attacking.

    This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, [1] 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.
    ... according to Netcraft, 47 of the top 50 web sites with the longest running uptime (times between reboots) run Apache. [2] None of the top 50 web sites runs Windows or Microsoft IIS.
    Last edited by splooge; Fri 22 Oct '04, 5:39pm.

    Comment


    • #17
      I Said windows was good, not the rest of MS's products, I wont use IIS for anything, i use apache for all my windows and linux boxes

      Comment


      • #18
        He's just posting how it explains that the "no one uses it" argument is still bull****.

        Comment


        • #19
          As a webserver linux wins hands down.

          Comment


          • #20
            It just goes to show that the whole "Linux doesn't have any trojans, viruses or exploits because it's not as popular as Windows" argument is seriously flawed, at best.

            Comment


            • #21
              Can't argue with CERT...

              The United States Computer Emergency Readiness Team (CERT) uses its own set of metrics to evaluate the severity of any given security flaw. A number between 0 and 180 expresses the final metric, where the number 180 represents the most serious vulnerability. The ranking is not linear. In other words, a vulnerability ranked 100 is not twice as serious as a vulnerability ranked at 50.

              CERT considers any vulnerability with a score of 40 or higher to be serious enough to be a candidate for a special CERT Advisory and US-CERT technical alert.

              We queried the CERT database using the search terms "Microsoft", "Red Hat", and "Linux". [9] While the CERT web search capabilities do not produce perfectly desirable results in terms of granularity or longevity. This is especially true for the search results for "Red Hat" and "Linux". The "Linux" search results include a number of Oracle security vulnerabilities that are common to Linux, UNIX, and Windows. The details of the most severe "Red Hat" entry does not even list Red Hat as a vulnerable system. The results for the "Microsoft" search seem to be almost entirely accurate, inasmuch as both the details and entries refer to flaws in Microsoft-specific software. As a result, the results are somewhat unfairly skewed against Linux and Red Hat. Nevertheless, even if one takes the results at face value and ignores the skewed results for Linux and Red Hat, Microsoft still produces the most entries in the CERT database, and the list of entries contain the most severe flaws.

              The CERT results for "Microsoft" returned 250 entries, with the top two entries containing the severity metric of 94.5. Thirty-nine entries have a severity rating of 40 or greater. The average severity rating for the top 40 entries is 54.67. (We chose to average 40 entries instead of 50 or more because the Red Hat search only returned 49 results.)

              The CERT results for "Red Hat" returned 46 entries. The top entry has a severity metric of 108.16. Only 3 (vs. 39 for Microsoft) entries have a metric of 40 or greater. The average severity for the top 40 entries is 17.96.

              The CERT results for the "Linux" search returned 100 entries. The top entry has a severity metric of 87.72. Only 6 of the entries carry a severity metric of 40 or greater. The average severity for the top 40 entries is 28.48.

              These results cannot be expected to mirror our own analysis of recent vulnerability patches. The CERT search criteria and date ordering is different, and the CERT search does not confine the products to Windows Server 2003 and Red Hat Enterprise Linux AS v.3. But the CERT results reflect how Windows security flaws tend to be far more frequently severe than those of Linux, which echoes our conclusions.

              Comment


              • #22
                Originally posted by splooge
                Can't argue with CERT...
                Sure you can.. It is a brand new and under funded US Govt. Agency.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment


                • #23
                  Originally posted by Zachery
                  As a webserver linux wins hands down.
                  And as a desktop, a laptop, and a pocket pc.

                  Comment


                  • #24
                    If you want to spend hours apon hours of configing to get an additional 10% boost in preformance sure.. and lose out on playing most games

                    Comment


                    • #25
                      As long as you have a nicely configured system (there are 100's of distros, pick one) and can live with the current Linux applications, Linux is damn good.

                      Comment


                      • #26
                        I am not aruging that it is not good matthew, I would not have spent 4 weeks in total playing with gentoo

                        Comment


                        • #27
                          Gentoo is meant to make you spend hours upon hours configuring it though. I think that's the entire point of it.

                          Comment


                          • #28
                            Originally posted by squall14716
                            Gentoo is meant to make you spend hours upon hours configuring it though. I think that's the entire point of it.
                            But it's fun.


                            I run a dual boot here, Mandrake 10.1 and windows XP Pro with Slipstreamed SP2.

                            so i wouldn't say no one runs it on a desktop system. and if they didn't places like linuxquestions.org wouldn't exist.

                            Comment


                            • #29
                              Can some one merge the 500 threads like this ...........
                              I wrote ImpEx.

                              Blog | Me

                              Comment


                              • #30
                                Originally posted by Zachery
                                I am not aruging that it is not good matthew, I would not have spent 4 weeks in total playing with gentoo
                                Then what, exactly, IS your argument?

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X