[opensource] Linux vs. Windows

Charlie Hayes hayes.465 at osu.edu
Wed Oct 25 15:51:45 EDT 2006 

On Oct 25, 2006, at 3:02 PM, Nick Hurley wrote:

> Charlie Hayes <hayes.465 at osu.edu> writes:
>> Yes, the famous RPC buffer overflow arbitrary code execution bug.
>>
>> A friend of mine (this is all before SP2 which fixes this) got a   
>> virus
>> before windows was even done installing.
>>
>> Again, this is a non-issue, its fixed and since that incident   
>> Microsoft
>> has been really into security.
>
> The problem is that you are taking Microsoft at their word. I'm not  
> some
> crazy Microsoft-hating free software purist (I am, in fact, writing  
> some
> closed-source Windows software in parallel with typing this), but I  
> can
> say, fairly confidently, that Microsoft's commitment to security  
> doesn't
> even come close to measuring up to what they CLAIM their commitment to
> security is. Yes, they have made SOME improvements to their security
> process. Are these improvements enough? I very seriously doubt it.
>

I have read many independent studies claiming that Windows security  
is just as good as GNU/Linux. There are also many studies showing  
that Windows Defender is one of the if not the best antispyware  
application. Plus Microsoft basically has their whole business riding  
on it.

>> It's quite possible that Linux has a similar issue and Windows still
>> contains a similar bug. However, as Nick pointed out, Windows is the
>> target since it has such a huge share of the market.
>
> The only thing about a similar vulnerability "in Linux" is that it  
> would
> likely be in a userland daemon, not in the Linux kernel itself which
> could (most likely) NOT run as root, thereby mitigating the effects of
> any such vulnerability in a VERY signinficant fashion that current
> releases of Windows simply can not do (I can't speak to the  
> capabilities
> of Vista, as I've never tried it, and in any event, it's not yet
> released).

There is no way you can claim that the Linux kernel (or things that  
run in kernel land) are bug-free. I'm sure Microsoft is doing their  
part in keeping things out of kernel land that shouldn't be there. In- 
fact they have gone so far as to prevent anti-virus software from  
third parties (which they have given in to and wont be doing).

-Charlie Hayes

More information about the Opensource mailing list