HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
This little statistic is going to piss off a whole lot of people today. Hey, don't blame us, it was the National Vulnerability Database that came up with this one. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
OS X, iOS And Linux Have More Vulnerabilities Than Windows
- Thread starter HardOCP News
- Start date
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Note they separate "Windows" vulnerabilities from IE ones...Even though IE is baked into it.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
I think anyone that works with Linux/Unix/OSX on a daily basis will understand how very vulnerable it is *IF* someone has access. It's completely open to anything once you get to the right authorization.
But that's price to pay for having such excellent utility.
I wouldn't dare think of using Windows in my professional environment. The command prompt itself is reason enough to dismiss the OS for the line of work I do. Not having an inbuilt language AT LEAST as powerful as Perl is another.
But that's price to pay for having such excellent utility.
I wouldn't dare think of using Windows in my professional environment. The command prompt itself is reason enough to dismiss the OS for the line of work I do. Not having an inbuilt language AT LEAST as powerful as Perl is another.
The Linux vulnerabilities only include ones in the kernel. How is IE part of the Windows kernel?
When was the last time you used Windows? Powershell's built-in scripting language is great and well integrated into the system. You can do pretty much anything you want with scripting now. I'm not going to sit here and say that Windows is hugely more secure than Linux (the way they're done this here by counting discovered vulnerabilities like this is meaningless), but the recent versions have addressed most of the issues I've ever had with it and the update mechanism is very good now.
My company is using IIS-based servers to host our software as a service products and it's been very reliable and easy enough to deal with.
Windows : security through obscurity (not open source).
Linux kernel has such a huge number of reported vulnerabilities as a huge number of people are looking at the source.
So, in the end, you have something that you can poke at from the outside (Windows), and you have something that you can poke at from the inside (Linux).
I wonder how many "high risk vulnerabilities" Microsoft has in their own, internal, issue trackers.
Linux kernel has such a huge number of reported vulnerabilities as a huge number of people are looking at the source.
So, in the end, you have something that you can poke at from the outside (Windows), and you have something that you can poke at from the inside (Linux).
I wonder how many "high risk vulnerabilities" Microsoft has in their own, internal, issue trackers.
I was about to mention this, as well. Beat me to it...
The funny thing is that if Windows was as bad as the people who don't use it think it is...who the heck would use it? The fact that more people use it than don't, and by a wide margin, should tip off such people that their analysis is likely lacking...Wouldn't you think?...
Yakk
Supreme [H]ardness
- Joined
- Nov 5, 2010
- Messages
- 5,810
Hmm, seems like a useless statement. This would be based on known vulnerabilities which become essentially useless. Unknown vulnerabilities are the ones sought after and jealously guarded, and who knows how many of those there currently are for any OS.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
Good point. I had not kept up with it. A quick look, shows that it seems to support Regular Expressions, Array and Hashes much the way that Perl does.
Some other stuff like built-in web hosting, cron jobs, user permissions are not, in my experience, as well handled as *nix. But I do like the command line and not a big fan of GUI. Even Apple's alternative to cronjobs using XML seems way too overkill for a simple job.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
I was about to mention this, as well. Beat me to it...
While I love Linux in the work place I wouldn't dream of using it full time in my personal life. It's a cluster fuck when it comes to multi-media which is what most people want from a computer. I can go on for hours about how much of a God send DirectX and Plug & Play was to the computer industry....something *nix is still trying to figure out.
I can tell you that cost is a big reason that a lot of large companies do not use Windows. $100 for 5 or 10 systems isn't bad, but for 300, 1000, 10000? What advantages are you going to get with that money investment that free Linux can't deliver if all you need is data manipulation?
We did use to use a lot of SUN SPARC's back in the day, and they were absolute beasts when it came to uptime. But as years went by, we started looking at what advantage did a $10-$15,000 SUN station have over a $2-3000 Linux station?
I'm not a fanboy by any means. I love working with all the different operating systems. They all have their place....except for Chromebook. I haven't found a solid need for mine yet
[sarcasm]Holy shit! Someone retracted their statement and modified their opinion based on objective information presented to them...on a forum!?! The world MUST be ending!
[/sarcasm]
Commendations to you Westrock for not being a stubborn asshole,
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
One thing I think Windows is sorely lacking that Unix and Linux handle wonderfully (OSX not as well) is the ability to remotely log into a machine start a process on the host and display it on the client (X forwarding). This is such a nice feature when working with many different computers. Remote Desktop and VNC just aren't the same and are much bulkier.
I will say that Windows Remote Desktop is the best in regards to VNC type applications.
D
Deleted member 12106
Guest
Cred ability was lost.
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
Well, the problem here is that they are basing this judgment on DISCOVERED vulnerabilities.
The Open Source community is much more active in scouring code and reporting vulnerabilities, and as such OF COURSE the number will be higher. They do a better job at chipping away at them, and have been doing this for decades.
Looking at figures like these is only considering one part of the equation. It's like judging the financial performance of a company by net revenue only, without considering the rest of the financial statement. Essentially, these figures are pretty useless.
The interesting statistic is total number of undiscovered and unpatched vulnerabilities, which is - of course - a number that is impossible to know.
In lieu of this, the most important thing we can measure these different systems by is how they respond to a detected vulnerability.
The Linux response (and that of other active open source projects) is typically completely transparent. Vulnerabilities are acknowledged as soon as they are discovered, and patches are often released within a couple of hours, essentially the gold standard.
Microsofts response gets a middle grade. They tend to acknowledge vulnerabilities. not right away, but at least they don't deny them once they are evident. Patches typically come out relatively quickly, but not as fast as Linux.
Apple gets a failing grade. Their first instinct is to deny everything. An apple product couldn't possibly have a security flaw. Then they don't patch it for - in some cases - 6 months to 2 years, despite knowing about it.
The Open Source community is much more active in scouring code and reporting vulnerabilities, and as such OF COURSE the number will be higher. They do a better job at chipping away at them, and have been doing this for decades.
Looking at figures like these is only considering one part of the equation. It's like judging the financial performance of a company by net revenue only, without considering the rest of the financial statement. Essentially, these figures are pretty useless.
The interesting statistic is total number of undiscovered and unpatched vulnerabilities, which is - of course - a number that is impossible to know.
In lieu of this, the most important thing we can measure these different systems by is how they respond to a detected vulnerability.
The Linux response (and that of other active open source projects) is typically completely transparent. Vulnerabilities are acknowledged as soon as they are discovered, and patches are often released within a couple of hours, essentially the gold standard.
Microsofts response gets a middle grade. They tend to acknowledge vulnerabilities. not right away, but at least they don't deny them once they are evident. Patches typically come out relatively quickly, but not as fast as Linux.
Apple gets a failing grade. Their first instinct is to deny everything. An apple product couldn't possibly have a security flaw. Then they don't patch it for - in some cases - 6 months to 2 years, despite knowing about it.
Yes, I don't think that Windows is ever going to have a feature like X's forwarding (Because the architecture is so different). It's somewhat mitigated by Powershell's remote feature which at least gets you terminal access and the new Windows Remote Server administration tools introduced in Windows 2012 where you can monitor all your servers and change settings from one remote console.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
While I love Linux in the work place I wouldn't dream of using it full time in my personal life. It's a cluster fuck when it comes to multi-media which is what most people want from a computer. I can go on for hours about how much of a God send DirectX and Plug & Play was to the computer industry....something *nix is still trying to figure out.
I can tell you that cost is a big reason that a lot of large companies do not use Windows. $100 for 5 or 10 systems isn't bad, but for 300, 1000, 10000? What advantages are you going to get with that money investment that free Linux can't deliver if all you need is data manipulation?
We did use to use a lot of SUN SPARC's back in the day, and they were absolute beasts when it came to uptime. But as years went by, we started looking at what advantage did a $10-$15,000 SUN station have over a $2-3000 Linux station?
I'm not a fanboy by any means. I love working with all the different operating systems. They all have their place....except for Chromebook. I haven't found a solid need for mine yet
Sounds like historic data to me.
I haven't had a Linux multimedia issue in years. In fact, i find it "just works" better than my windows experience.
1.) Install Linux Mint
2.) Install Nvidia binary driver
3.) instantly play any media with hardware acceleration via VDPAU.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
To me this is a moot point. Managing a server using a GUI is just all fail.
A proper server, with a proper application for it is best managed entirely over SSH. In fact, the server shouldn't even have a GUI environment installed on it.
Nothing beats configuring server apps using VI to edit plain text files via SSH.
None of that stupid hunting and pecking with a mouse through different dialogue boxes to locate the obscure setting you are looking for.
Instead, just search the plaintext file, and edit the appropriate section.
It's a MUCH better and more sleek way to manage anything, and you don't wind up having to waste RAM on a GUI environment.
LOL windows server 2007....that was my favorite server os man!!!
Zarathustra[H];1041444180 said:
I'm of the opposite opinion. I manage everything from file and print servers, to web server, exchange, backup, phone systems, etc. It's a lot easier using the GUI on a server, when you are only accessing it once a week. Taking the time to learn the command line interface for all these products would take far more time than it would save.
As for wasting RAM, the amount of memory used by the GUI on a server with 128GB of ram is such a small percentage as to basically be zero.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
I'll believe it when I get infected on my Linux machine. Until then I call shenanigans paid for by Microsoft. Point to me a website that will infect me cause I'll do it, for science.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
That's because Windows the server command line and the command line options for the installed tools is absolute garbage.
On a Unix/Linux system you learn the command line and how to use a good editor like Vi or Emacs (or something simple like Nano) and managing your server applications is dead simple. The config files typically ahve all the options and examples commented out, and you just edit them the way you want. So much easier than dealing with a GUI.
For a bare metal server, yes.
In a virtualized environment - however - you are adding the GUI RAM overhead once per guest, and it ads up very quickly, especially as your consolidation ratio goes up.
B00nie
[H]F Junkie
- Joined
- Nov 1, 2012
- Messages
- 9,327
Then again if you move outside of kernel, how many vulnerabilities are in third party drivers which are not built in the kernel like they are in linux (well, not the third party but drivers).
B00nie
[H]F Junkie
- Joined
- Nov 1, 2012
- Messages
- 9,327
It's only a cluster fuck because most of the devs are ideologists and chase windmills (FOSS and only FOSS). If closed source is what it takes to get stuff working then that should be used. End of story.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
Agreed.
It is very difficult to do an Apples to Apples comparison due to the architectural differences.
The Linux kernel has all the most common open source hardware drivers built in to it. Outside of the kernel, all the things people typically think of being part of the operating system come from various different projects, whereas on the Windows side, drivers are not part of the Kernel (but many do ship with Windows), and all the peripheral non-kernel OS stuff IS all a part of the same Windows package.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
Zarathustra[H];1041444362 said:
To get a good Apples to Apples comparison you'd have to do a "Linux as packaged by Ubuntu/Mint/whatever with typical software installed" vs. "Windows with typical software installed"
Even so, these numbers are useless, as they are a measure of detected vulnerabilities only, not a measure of existing vulnerabilities, and there is no accounting for the effort put in to discover them on each platform, or the expediency with which they are patched once discovered.
thebufenator
[H]ard|Gawd
- Joined
- Dec 8, 2004
- Messages
- 1,383
Are we forgetting that people are not attacking *nix exploits as hard as MS?
Shmee
[H]ard|Gawd
- Joined
- Sep 12, 2014
- Messages
- 1,148
It is not, and you can uninstall it now.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
Zarathustra[H];1041444180 said:
I appreciate vi for what it can do and that it always works. But damn man, I feel like Mozart playing the piano using that thing
To many key combinations to learn. "ssh -X" and just open decent texteditor like kwrite and gedit....get my syntax highlighting too.And especially when I don't realize I logged into a Solaris machine and I vi and accidently hit the arrow key and it just gets all kinds of fucked up..... :q!
I'm no expert though
I agree with those that say having a GUI (remote or web based) just plain saves time. You can use a single connection and open many different tools to get a better/broad stroke idea of what is going on.
This is the same way I feel about managed network equipment. yes, being able to set a vlan via the command line is nice, but if I can just right click a gui representation of that same port and set the vlan, then why not.
This is the same way I feel about managed network equipment. yes, being able to set a vlan via the command line is nice, but if I can just right click a gui representation of that same port and set the vlan, then why not.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
I appreciate vi for what it can do and that it always works. But damn man, I feel like Mozart playing the piano using that thing
Well, that's why they make chocolate and vanilla. For a more notepad like exerience on the command line, nano does the trick. It's not all that unlike the old MS DOS editor. Doesn't have all the same features but it works.
If you are editing files on a semi regular basis, remembering Vi (or Vim) commands isn't that tricky though. (I do often keep forgetting to press i before typing though
)Lol, yeah. Solaris is Different
I learned my lesson in the big "killall" fiasco of 2003.
Nor am I.
I've never worked professionally as a sysadmin. I've managed many game servers, and run Linux on all my desktops in the house, and have an ESXi server in the basement with 6 Linux and 2 Unix based guests on it, but I've never done this type of work in a professional setting.
So, I am translating my experience into what it must be like in a professional setting. Some things are likely the same, others are likely very different.
I still find it much easier to just edit a text configuration file via SSH, than to do a remote desktop and try to find the configuration option I am looking for among all the menus, tabs and windows.
Plain text search is such a beautiful thing!
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
To each their own.
I find that I can locate the correct config options much easier and faster by greping multiple config files, or using plain text search while editing a config file, than I can by clicking through gui tabs and pulling my hair out as I try to find where they hid that one config option I am looking for
Windows has Powershell, which has access to the .NET framework and is pretty dang powerful in the right hands.
Also NASDAQ runs on Windows, so it can't be all bad.
Personally the one technology I wouldn't use in a professional / production environment is PHP. It's strange to see something so terrible also be so widely used, but there we are.
Especially since you had the option to install Windows without a GUI and manage it entirely through PowerShell for a number of years now.
If you want to be a masochist there's nothing stopping you.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
It's because most sysadmins are not very good programmers. PHP is popular because it usually works, even if you mess it up. Failures are semi-silent, typically spitting out the results you want anyway (but beware of the side effects of those failures)
I'm not a fan of PHP, but I do understand why it gets used. If you are on a deadline and need something done and don't have a computer science degree, it can be a very tempting shortcut.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
They also fail to mention that every single vulnerability in Windows right now involve user interaction. A user has to download/run certain programs or the person trying to access the machine has to be at the console. Not a single vulnerability in Windows involves remote access without an action taken from the console.
Over 60% of the vulnerabilities in OSX do not require someone doing something at the console, and nearly half of the Linux vulnerabilities are the same.
Now, considering most servers aren't used as workstations where someone is surfing the web, what makes the most secure server?
Over 60% of the vulnerabilities in OSX do not require someone doing something at the console, and nearly half of the Linux vulnerabilities are the same.
Now, considering most servers aren't used as workstations where someone is surfing the web, what makes the most secure server?
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,835
Well, that's exactly it.
Managing Windows Server using powershell DOES imply putting yourself through hell.
Managing a Unix/Linux box via SSH - on the other hand - is usually a breeze, as long as you understand the fundamentals. (there are some notable exceptions, like MythTV and its $%#&^$%# MySQL database implementation, but you wouldn't be running that on an enterprise server anyway).
Unfortunately there is little in the way of options on the Enterprise side, since Outlook Calendars and Email have become so popular, you more or less need to have an Exchange server, since the Open Source alternatives aren't all that fantastic.
So you are kind of forced into at least one Windows Server, and since Powershell is such a nightmare to deal with, you put up with the GUI. I understand that.
Personally I would limit the damage and run it as a virtualized guest, and have everything else in Linux/Unix, but that is just me.