Re: Viruses and hackers make Windows more secure - Gates
From: Ben Measures (saint_abroadremove_at_removehotmail.com)
Date: Fri, 30 Jan 2004 09:44:23 +0000
> On Fri, 30 Jan 2004 04:43:54 +0000, Ben Measures wrote:
>>>Also the security issues while always there in one respect or another was
>>>not one of the primary functions of windows in the beginning as it was not
>>>designed to go on the WAN until later, and it became far more important and
>>>the Net took off.
>>Security in Unix systems has always been a primary function, even when
>>networks were uncommon.
> You might remember how Linux came about, and networking was involved.
I specifically said Unix. Unix was about when networks were expensive
and uncommon (late 1960s).
> Linux's downfall is that when it gets hit
> it can and usually will bring
> down the whole system. Good point and/or bad point.
I'd like you to cite some references. It is not in a virus'/worm's best
interests to kill its host computer.
>>When networks became fairly common, Microsoft got into networks. They
>>still didn't think too much about security - they had obfuscation.
> No, they built or started using NetBeiu (sp) based on an old standard.
Are you saying they built or started networking?
> was somewhat good albeit incompatible with other networks. Was not good for
> large networks.
I don't see the part about security there. That was my main point. I'll
write it again in case you didn't catch what I wrote.
"They still didn't think too much about security - they had obfuscation."
>>Microsoft started to think about security only when customers complained
>>that viruses and hackers were getting access to their computers and
>>data. This was way after the internet took off.
> True, when it became the focus of attention, mainly due to animosity it
> became a big target. NT thwarted a lot of that for years. As a side point I
> always had a good laugh at "windows" users getting hit my virus', trojans
> and the like since I ran strictly NT and was not affected.
NT has been the target of many serious viruses. It continues to be. Of
the top 10 viruses of the year 2003, all ten could infect Windows NT
>>They have a lot of catching up to do. Especially with their legacy of
>>"old software" compatibility.
> This is happening, but the legacy crap stays on, mainly to support the
> "cheap" populace and good for nothing lazy programmers who have yet to get
> with the picture.
This "legacy crap" helps to make Windows so vunerable. That can't count
as a plus.
>>>Those who claim Linux is inheritently more secure is crazy. It
>>>also requires constant supervision and upgrades, things that most lazy ass
>>>windows users ignore, and putting them into a Linux package with the same
>>>attitudes will only drive up incidence's in Linux.
>>Now those are two separate things.
>>It is simply not possible to protect a system that is being administered
>>by somebody who is a "lazy ass user" without forcing them off all networks.
>>If you put two irresponsible drivers in two cars, one with ABS, one
>>without, then they are both likely to have a crash, regardless of
>>braking system. You can't then say that ABS is less effective at
> But that is what rabid Linux supporters would have you believe.
Not at all. "Rabid" Linux supporters laugh at what irresponsible admins
believe is security.
>>Likewise you can't say anything about comparisons of the security of
>>various operating systems unless the administrators are competent and
>>care about security. If the comparison is done properly, Linux is the
>>clear winner, even when based on patch release times alone.
> From personal experience I have never had a NT server breached, no virus,
> not trojan, nada, other then poorly written software or shit video drivers.
Then you've either been lucky, or don't connect to the internet. (Though
luck goes down as diligence goes up.)
>>I'm sorry to go on so long but I felt your comment "Those who claim
>>Linux is inheritently more secure is crazy" was extremely unfair.
> They are crazy. It is unfounded. Both can be made secure. Both can be
> equally open.
When a security vunerability is released in the Linux world, patches are
available to download within minutes.
_If_ a security vunerability is released in the Windows world, patches
are only available after several weeks, if you're lucky.
With Linux there are millions of people pouring over the source code
every day. Vunerabilities are announced, even if they are theoretic and
With Windows vunerabilities are usually only discovered after finding
some software already abusing the exploit. The vunerabilities are rarely
announced, and even when they are, they are delayed by several months in
order to tell Microsoft's bigger customers first. Windows is definitely
not open (unless you're a government agency).
In short, with Linux you get vunerability announcements fast and
freqently, with patches being available almost immediately. With Windows
you sometimes get delayed vunerability announcements (usually after an
exploit in the wild), with patches being available weeks after. Its
difficult to secure a system that way.
> For years I can remember the tricks one Linux user would play on another as
> security was being learned by all, same with Windows.
Like this one perhaps?
login as root, and type
rm -r /
Its much more difficult to trick a Linux user into seriously damaging
their system or into giving away information not belonging to that user.
> I think you will agree that nothing is inherently secure.
Absolutely. The search for bugs/vunerabilities/exploits must go on, and
it must not be impeded.
> You did reference above the Admin's responsibility but given the advent of
> Linux workstations and idiot Windows users moving over to that OS with no
> training, little knowledge, etc. That they will soon find their systems
> breached for the very same reasons that they are breached in Windows. Poor
> user administration.
I see two flaws in that argument:
1. The whole vunerability/patch thing again. I can keep my computer
updated with patches that come out _before_ exploit-exploring code goes
wild. I now don't give a damn what happens to the systems that fall.
Every man for himself.
2. Things aren't handed to you on a platter with Linux. You have to go
out there and learn. You read documentation and eventually it becomes
habit. This is more likely to happen with Linux than with Windows, which
has preconfigured setups that are suitable "for most users". I don't
imagine there will ever be a time documentation reading gets ejected
from "compulsory things to do before starting Linux". When it does then
we get back to "every man for himself".
> I would much rather that current Linux guru's would stress
> maintenance/administration rather then stating that Linux is "secure". It
> is misleading to the novice and or the lazy ones. For them to run such an
> OS is to leave them blindly confident in an unsecured OS and thus exposed.
I agree with you here that maintenance/administration is *the* most
important thing in keeping a system secure. Nothing does a job better
However, Linux "Gurus" frankly don't care too much about telling lazy
people that maintenance is important - theres plenty of material on the
web stating this. When the Linux Gurus talk about Linux being more
secure, they're generally talking to other Gurus. If newbies mistake
this for themselves, then they only have themselves to blame.
As for the security that Linux can offer novices, well it does so by
forcing/teaching users to understand their systems and get right into
the configuration of security first before they can even claim to say
their system is secure.
In Windows novices can just set "high security", bumping this down if
they come across any problems. Its the lack of understanding that breeds
laziness, and casual to non maintenance.
You can only truly maintain what you strive to understand.
-- Ben M. ---------------- What are Software Patents for? To protect the small enterprise from bigger companies. What do Software Patents do? In its current form, they protect only companies with big legal departments as they: a.) Patent everything no matter how general b.) Sue everybody. Even if the patent can be argued invalid, small companies can ill-afford the typical $500k cost of a law-suit (not to mention years of harassment). Don't let them take away your right to program whatever you like. Make a stand on Software Patents before its too late. Read about the ongoing battle at http://swpat.ffii.org/ ----------------