I take it all back: Linux has no security vulnerabilities

Unix/Linux Authors Rush to Patch Security Flaw

Buffer overflow? Linux? Can it be?

Uh-oh...

 

What's your point Minstrel? This is starting to get stupid.

 

Come on now Minstrel, we are talking about a drop in the ocean in comparison to the Flaws in Windows.

This one by Microsoft is one they do not have a fix for Minstrel.....

http://news.zdnet.com/2100-1009_22-5650238.html?tag=zdnn.alert

If I were to post all the security problems with windows Shawn would ban me for taking all his bandwidth, would he not

 

My point?

1. I finally got fed up to the max of people like mu$hroom posting here, there, and everywhere about how Linux is inherently secure and Windows was swiss cheese -- every time I turn around some moron is posting info about a new Windows patch and implying or claiming this wouldn't happen if we were all running Linux or MAC-OS

2. Those of you using some version of Linux might want to be aware of the vulnerability and install the patches (the reason for posting those URLs)


2.

 

I rest my case.

 

Thank you, that is what the forum should be about is making folks aware Minstrel, it is also about both sides of the issue and that is all Minstrel is doing to be fair guys, he is presenting the other side and this is what forum is about, fair debate and giving both sides a chance to present their views.

Great stuff Minstrel

The case can't be rested Minstrel because these (issues on both sides) things progress daily.

 

The fundemental difference is the entire Linux Industry reacted immediatly. The 3rd party software went right on working and the OS did not have to be completly rewritten.

Further more the problem was found by a watch dog and not as an actual exploitation.

Man you are really reaching. There is no defense of the windows patch/upgrade path and that exploits are more often found after exploitation rather then before.

You act like someone said linux software is perfect. It's not, but the developers certainly have a better plan that is working pre-emptively as opposed to when the customers house is invaded like in the windows case usually.

Sheesh!

 

That's not actually true -- most of the patches Windows releases are for potential vulnerabilities rather than vulnerabilities that have actually been exploited.

You haven't been around much, have you? When it comes to security, many Linux fanatics -- guys like mu$hroom -- have said exactly that.

That is the whole point: I'm not penguin bashing here... I'm just tired of hearing the Windows bashing from people who turn a blind eye or a deaf ear to vulnerabilities in Linux and MAC and Firefox.

Which is exactly what Microsoft does with its update program... if you choose not to download and install the patches, don't complain when your house gets trashed. Remember the summer of 2004? There were two major virus attacks that exploited a vulnerability in Windows for which Microsoft had issued a patch several months before the viruses hit.

By all means, choose Linux over Windows if you wish. But just don't kid yourself that open source somehow avoids security issues.

There's a thread elsewhere on this forum complaining that phpBB forum software is crappy because it allowed a forum to be compromised: The fix for that vulnerability has been available for some time but hadn't been applied. Indeed, the success of the Santy worm attacks over Christmas 2004 was possible only because people had not updated the phpBB software.

Don't blame the mechanic if you ignore the need for preventative maintenance and your car breaks down.

 

Many have said that Microsoft can not fix Windows without starting over Minstrel, that it has fatal flaws, you have not addressed the link I left in my prior post that shows that there is a major flaw in IE & Outlook right now that Microsoft has not addressed.

 

I agree with you for the most part on your position and statements. However, I can't agree that the M$ patches are pre-emptive enough or can or ever will be.

They are patching code that has no business in public. The OS was flawed from conception. That is not debatable really IMO or the opinion of writers from most tech camps that "are" respected authorities are the subject.

Even if you like windows, I use it, it's just not right. You and me can fend well I'm sure, but can my mom without my help or my neghbors kid doing research? No they can't. They need a whole array of 3rd party tools. Again me and you know, they probably don't.

I realize that can be said for either OS, but the reality is that M$ uses it's hardware ties with machine makers to present what is billed as a usable appliance. It's just not that though. Hell, they won't even take any responsibility in the TOS, you assume all risk.

IMO it's just plain false advertising.

 

Further more even. That's a bullshit statement. PERIOD.

This is not about if an end user failed to do their part. It's about M$'s inability to be preemptive.

Nice try though at deflecting the point to sensationalism. As I mentioned yesterday, debaters like that bore me.

 

Does the open source community indemnify you against risk if you use Linux?

 

How is it bullshit? It is directly related to my comment about how the two major viruses that attacked in 2003 could have been avoided if the available security patches had just been downloaded and applied. They WERE preemptive. But many ISPs and individual users running Windows were NOT preemptive and that caused the problem.

Ditto. Linux fanatics who prefer delusion to reality bore me.

 

Except that's not always an option. Microsoft have a habit of creating patches that break previous functionality, and introduce new vulnerabilities. Many enterprise environments intentionally avoided upgrading their systems to SP2, because SP2 broke core application functionality (specifically any applications that required use of the loopback interface would brake). Secondly, SP2 introduced *new* vulnerabilities with it's flawed revisions of the security zone system. Essentially, either way, they're f**ked.

 

You have to face it - you are going against a religion and there is no argument in the world that will make some of the folks you are arguing with change their mind.

J.D.

 

Actually, given your logic, no matter what Microsoft does, they are "f**ked" -- if they didn't patch the vulnerability, you'd condemn them. If they do, and third party applications have to release their own fixes to incorporate the fix, you'd condemn them.

As for new vulerabilities being discovered after patches have been released, you're surely not going to try to claim that doesn't happen with open source, are you? Do I really have to post the long list of serial vulnerabilities and patches for various Linux distributions? or for Firefox?

Again, my intent here is not to flog Linux or open source. My intent is to point out the hypocrisy and/or ignorance in the claims of invulnerability from open source zealots.

 

It has nothing to do with beliefs as you both mention, but reality, Windows is a flawed OS, Patch of a Patch (SP2 = Super Patch) OS with layers of flawed code on top of flawed code (M$ anti-spyware that has conflicts with common software downloading protocols and eats hard drives when this happens), but the EULA states that they will give you $5.00 for your hard drive if you lose all your data.

JD neither you or Minstrel have commented on the link I left in post # 3 in this thread, why not?

 

Like he said:

 

I didn't read it. What did it say?

 

Actually they have a third option, fix the problem competently. The example with SP2 was *eventually* fixed by Microsft, which demonstrates that it was their fault/responsonbilty, and not third parties.

This is the thing, I don't actually see anyone here claiming open source software or linux is invulnerable - so I don't see the point to your arguments.