[vox] Open Source and Security

Karsten M. Self vox@lists.lugod.org
Sat, 6 Mar 2004 19:13:38 -0800


--IDYEmSnFhs3mNXr+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

on Mon, Mar 01, 2004 at 01:42:27PM -0800, Bill Kendrick (nbs@sonic.net) wro=
te:
> On Mon, Mar 01, 2004 at 01:28:14PM -0800, Karalius, Joseph wrote:
> > http://www.silicon.com/hardware/servers/0,39024647,39118519,00.htm
> >=20
> > Three Linux server security holes found=20
> <snip>
>=20
> Indeed.  Some recent research apparently found that Linux has more
> security 'problems' than Windows, but that was NOT counting so-called
> 'malware' (e.g., viruses, IE bugs, spyware, etc.), which has pretty
> much been "one or two more a week" for Windows, lately.

Typically such studies also:

  - Perform apples/oranges comparisons.  Moody, in particular, was
    counting all several thousand packages installed on a default Red
    Hat installation, but was considering Microsoft to be "just the
    core" OS, less fnord knows what, but IIRC MSIE was excluded.

  - Don't look at a severity analysis.  E.g.:  how many times did
    Microsoft's spew bring the Net to its knees in the past year?
    Starting with Slammer, then SoBig, Swen, MyDoom, etc.

> So if you DON'T count the millions of users who's Windows boxes get
> compromised on a near-weekly basis, then apparently Linux is worse off.
>=20
>=20
> But to me, that's like saying "anchovies in the ocean are far
> more susceptible to tanker spills than seagulls."  It doesn't exactly
> include commercial fishing. ;^)

I'd think that comparing disease rates between two cities is more like
it.  One in which criminals occasionally break into houses and spread
plague.  The other in which citizens are told to inject themselves with
needles then exchanged with all others.  But we don't count the
latter....


Peace.

--=20
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    America Trans Air (ATA) customer service sucks:
     http://kmself.home.netcom.com/Rants/ata-sucks.html

--IDYEmSnFhs3mNXr+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFASpNiefG8443k044RAtaWAJ4ybzL0DAP5UFh4m+5YJKs1MjY8WACfbW8T
w/b6Oogk6Lz1KXfjzNJtJSk=
=aLGc
-----END PGP SIGNATURE-----

--IDYEmSnFhs3mNXr+--