I take it all back: Linux has no security vulnerabilities

In order to compare what's a drop in the bucket and what's a flood, we'd need something like a vulnerability per installation info. Has anyone seen something like this?

J.D.

 

Please re-read what I said: I never said they were making such claims in this thread, I said I started this thread because I was sick of numerous such claims made elsewhere.

I'm sure you're not going to deny that such claims have been made, and frequently, are you?

 

See the link in post #3 Minstrel, what is says is that there is a major flaw in IE & Outlook that remains unpatched, you just do not want to address it Minstrel.

Why not

 

For servers see http://forums.digitalpoint.com/showthread.php?t=12193

 

Because (1) it has nothing to do with this thread, and (2) I am not claiming and never have claimed that there are no vulnerabilities in Windows -- only that ALL, REPEAT ALL operating systems and applications are vulnerable.

 

Not that Microsoft sponsored study again Minstrel

 

Mozilla just released a patch for a similar vulnerability that could allow the attacker to take over your entire machine (the one with the buffer overflow):

http://www.mozilla.org/projects/security/known-vulnerabilities.html

If you look at the sidebar vulnerability, it was reported in February:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0402

and the fix came out in March - about one month later. The nature of software development is that you simply cannot release something as big as a browser without going through a two-week test cycle. Add about a week for implementing a fix and here's your month. MS releases security updates about once a month as well.

J.D.

 

Microsoft sponsored the research. It was an idnependent research company that did the research. i gave you the links to the methodology and the data -- were you able to find any flaws in the study at all?

And there's that Linux hypocrisy again: It's okay for mu$hroom to post links ad nauseum to anti-MS blogs but when someone posts real data supportive of Microsoft this is somehow unacceptable?

 

For servers this isn't as indicative, though - many servers run in DMZ's protected by other devices. Besides, in most cases it is easier and more profitable to steal credentials from individual computers and milk thousands of people (i.e. phishing) than to try to break into a handful of commercial databases that might have credit card/bank account information. Hence, hackers go after those software packages that have greater audience - obviously, Windows and IE are first in the list.

J.D.