|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
00:00 EST/05:00 GMT | News Source:
SecurityFocus |
Posted By: Jonathan Tigner |
The debate over which Operating System is the most secure is an age-old debate, which is filled with a vigor and passion similar to those debating their religious beliefs. However, in the end it all boils down to reliable management, adherence to policies and procedures and proper use.
In the article "Linux vs. Windows Viruses" by Scott Granneman, his bias is very clear - Scott feels that "Linux is more secure, end of story!" That unwritten (although easily discernable) statement is unsupportable though, given the technical inaccuracies and incorrect statements the article puts forth. I would like to take the opportunity to correct some of his facts . . . err assertions.
Linux as a desktop system faces the exact same issues of worms and viruses, social engineering and poor design as any system, Microsoft included. In fact, I would say that the vast complexity of current Linux distributions contribute more to the insecurity of an average desktop user than does the well-defined API of Windows. There may not have been as many email viruses that attacked Linux, but let's look at worms and targeted attacks instead. To quote Peter S. Tippett in a recent discussion about this (hope you don't mind Peter), "there have been more detected worms and attacks on Linux last year than on Windows - by a factor of more than 2 or 3!" Now that's an indisputable fact that should pour some water on Scott Granneman's fire.
|
|
#1 By
135 (208.186.90.91)
at
10/15/2003 1:57:07 AM
|
Wow, well written!
Thor is the guy who had the page up showing unpatched IE vulnerabilities.
|
#2 By
116 (24.173.79.86)
at
10/15/2003 2:05:27 AM
|
Excellent article... Thanks for bringing this up.
Does this guy work for PivX?
Peace,
RA
|
#3 By
2332 (65.221.182.2)
at
10/15/2003 2:23:14 AM
|
Man... this is exactly what I said!
Well, at least his article will get more exposure than my post on a message board of an obscure windows news site. :-)
|
#4 By
7797 (64.244.109.161)
at
10/15/2003 7:22:45 AM
|
This article is JUST as bad as the other one except from the opposite bias.
Both articles make some valid points which are unfortunately overshadowed by their bias.
Inaccuracies to point out from this article:
"....supplied Mozilla Mail and KMail. Both of these render HTML mails by using their respective browser engines, a practice which is increasingly discouraged even on Windows mail clients where it can be disabled,"
"HTML Rendering is disabled by default in KMail with a nice and easy mechanism to render after deciding it came from a safe source.
Last I checked, Mozilla has had several hundreds, if not more than 1000, identified security vulnerabilities."
This is not true and he does not back up this statement with any supporting evidence.
"Every OSS supporter claims that the Open-Source community is faster at patching vulnerabilities. Sure, they might update the source in the CVS 15 minutes after receiving a report, but how long will it take for that updated code to actually reach supported applications?"
Security fixes are usually not only applied to CVS but also the different release branches. The end user thus would not have to install beta software to get the fix. Patches can reach the end user in a very short time.
"updated code in the CVS typically took a month, often 2 or 3, to go from nightly/unstable builds and reach the actually supported product - not much unlike the timeframe for IE patches."
Apples and oranges. This only applies to bug fixes and feature enhancements in Mozilla. Security patches are also applied to the release branches and released immediately. IE has had nothing but security patches. IE has not received many regular bugfixes or feature enhancements in a long time. If the next standalone version of IE ships with Longhorn it can be expected to be another 3 years for more bugfixes and feature enhancements in Internet Explorer.
This post was edited by tgnb on Wednesday, October 15, 2003 at 07:42.
|
#5 By
8589 (66.169.175.16)
at
10/15/2003 8:06:11 AM
|
I think this gets away from the real problem, i.e. Virus programmers. These are the ones that need to be dealt with. If the justice system would stop giving them a slap on the wrist, and started making them do hard labor, for about 20 years, this would be a bigger deterrent, in my opinion.
|
#6 By
1845 (12.209.152.69)
at
10/15/2003 8:51:32 AM
|
tg, what does the types of bugfixes IE has have to do with the issue at hand? Oh yeah, nothing. Nice distraction.
|
#7 By
7797 (63.76.44.252)
at
10/15/2003 10:17:18 AM
|
BobSmith: Your question makes it clear you do not understand the point of my post (most likely because your bias makes the artilce seem level).
|
#8 By
1845 (12.209.152.69)
at
10/15/2003 10:51:11 AM
|
Well, gee, thanks for teaching me. It's so much clearer to me now that you've explained your position.
|
#9 By
135 (209.180.28.6)
at
10/15/2003 11:14:26 AM
|
tgnb - Your bias is definately showing.
|
#11 By
7797 (63.76.44.70)
at
10/15/2003 12:43:42 PM
|
I clearly stated that I think BOTH articles are biased towards their respective side.
How does that show any bias on my side?
I agree the original article was crap. But I also think this one is.
Both had some good points that were overshadowed by their author's bias.
I am NOT dismissing one over the other. They both stink.
And because THIS AW post is about the response article I stated some of its Inaccuracies.
Drestin. I dont care what Google says. I have KMail installed and it DOES NOT render HTML by default. I never said IE doesnt have enhancements and bugfixes but it hasn't in a long time and according to the signals coming from redhat it wont for a long time. In any case i am not attacking IE's patch or updating policy or procedures I simply pointed out that the article's author is comparing apples and oranges (mozilla bugfixes and enhancements compared to MS security patches).
I'm not trying to make a point about what OS is more secure. I'm not trying to make a point about what Email system is more secure. I'm not trying to favor one over the other. My point is and was as I stated it in the very beginning.
This article is JUST as bad as the other one except from the opposite bias.
This post was edited by tgnb on Wednesday, October 15, 2003 at 12:47.
|
#12 By
7797 (63.76.44.70)
at
10/15/2003 12:48:35 PM
|
both articles are biased.
no you are biased for saying that.
no you are biased for saying that i'm biased.
what the ....?
|
#13 By
135 (209.180.28.6)
at
10/15/2003 2:58:07 PM
|
tgnb - "I clearly stated that I think BOTH articles are biased towards their respective side. "
Great, but explain how this article is biased.
I don't see Thor claiming that Kmail renders HTML by default, he just says it can do it. He also tends to imply that most typical users will probably want this feature turned on.
Personally I've come to like HTML email, but I find HTML was poorly designed, you should be able to easily filter out dynamic content.
|
#14 By
7797 (63.76.44.70)
at
10/15/2003 3:54:36 PM
|
Sodablue, I explained why I think this article is biased by mentioning some of the inaccuracies of the article in my first post.
Here is more clarification on the KMail issue I have with the article:
"We can already recognize that trend among current Linux distributions, with a lot of users staying by the factory-supplied Mozilla Mail and KMail. Both of these render HTML mails by using their respective browser engines, a practice which is increasingly discouraged even on Windows mail clients where it can be disabled, and often is by default, these days."
The author does NOT say that KMail has this feature turned on by default but he certainly implies it.
The truth is:
KMail has the ability to render HTML email using Konqueror's rendering engine. This feature has been and continues to be disabled by defautl for security purposes. A nice interface allows a user to render the HTML in a message if they deem it to be safe.
Outlook and Outlook Express (arguably the most widely used Windows email clients) have the ability to render HTML email using IE's rendering engine. This feature has been and is enabled by default. Outlook 2003 by default does not download remote images for security purposes.
He says rendering HTML in email messages is increasingly discouraged in Windows mail clients but fails to cite support for his claim. Outlook and Outlook express being the most widely used email programs on Windows rendering HTML by default conflict with his statement.
He claims that HTML rendering is often disabled by default on Windows mail clients but fails to cite support for his claim. Outlook and Outlook express the most widely used Windows mail clients certainly render HTML by default while KMail does not.
This post was edited by tgnb on Wednesday, October 15, 2003 at 15:55.
|
#15 By
1845 (12.209.152.69)
at
10/15/2003 5:48:49 PM
|
"The author does NOT say that KMail has this feature turned on by default but he certainly implies it."
Um, no, he implies no such thing. It's a really simple issue. If KMail/Mozilla Mail renders HTML, it uses its respective browser engine to do it. This is the issue. That's all the author said.
After setting up a new Windows XP box, installing the latest patches, then installing Microsoft Office System 2003, I notice that OE and OL render HTML email by default. However, they render them in the Restricted Zone. This is the next best thing to not rendering HTML as HTML.
|
#16 By
7797 (63.76.44.70)
at
10/15/2003 6:21:23 PM
|
"he implies no such thing"
Yes he does.
"After setting up a new Windows XP box, installing the latest patches, then installing Microsoft Office System 2003, I notice that OE and OL render HTML email by default. However, they render them in the Restricted Zone. This is the next best thing to not rendering HTML as HTML."
Yes great you're right! So? Stop deflecting. I never disagreed with you on that point. So why bring it up? Both articles are biased. If you don't see it.. then so are you!
This post was edited by tgnb on Wednesday, October 15, 2003 at 18:24.
|
#17 By
1845 (12.209.152.69)
at
10/15/2003 7:18:35 PM
|
Deflecting? You said, "Outlook and Outlook express the most widely used Windows mail clients certainly render HTML by default." I was explaing that while it does render by default, the security parameters are quite restrictive. You brought it up, I didn't.
And, to contine this little debate as if we were school children, no, he doesn't. You wanted to see where you were biased? Here's a great example. You read more into the article than the article stated. His point wasn't default or not. His point is that the mail client uses the browser engine to display HTML.
|
#18 By
7797 (64.244.109.161)
at
10/15/2003 9:45:06 PM
|
Nope that wasn't his point. Read the paragraph he wrote again again. And you completely ignore the other inaccuracies in that same paragraph that I point out.
"Both of these render HTML mails by using their respective browser engines, a practice which is increasingly discouraged even on Windows mail clients where it can be disabled, and often is by default, these days."
That whole point is moot because Kmail didn't and render HTML mail by default to begin with and the windows mail clients he is referroing to (outlook and outlook express) are only now starting to catch up.
He points out in particular that KMail renders html and then contrasts this with the windows mail clients who don't do it by default. The only reason why he would try to make that contrast is to imply that KMail renders the mail by default. Otherwise as i said the whole point would be moot and make no sense in the context of the article.
This post was edited by tgnb on Wednesday, October 15, 2003 at 21:53.
|
#19 By
2332 (65.221.182.2)
at
10/16/2003 1:20:33 AM
|
Yawn.
All these arguments are moot points. There is no empirical evidence that Linux is more secure than windows. In fact, there is plenty to suggest the opposite, at least in terms of raw security vulnerabilities.
There are more vulnerabilities in Linux than in Windows, yet Windows has many more of its vulnerabilities exploited to the point where millions of users are affected. Why?
I think the answer is pretty clear.
|
#20 By
7797 (63.76.44.252)
at
10/16/2003 10:58:42 AM
|
RMD: the discussion wasnt about whether or not windows or linux are more secure. The discussion was whether or not the article was as biased as the one it was in response to.
|
#21 By
2332 (216.41.45.78)
at
10/16/2003 1:35:05 PM
|
That's nice. How does it affect what I wrote?
|
#22 By
7797 (63.76.44.252)
at
10/16/2003 3:08:35 PM
|
"All these arguments are moot points. There is no empirical evidence that Linux is more secure than windows."
Because no one was discussing whether Linux is more secure than windows. We were discussing whether the article was biased or not.
|
#23 By
2332 (65.221.182.2)
at
10/17/2003 1:24:08 AM
|
Um... last I checked, the ARTICLES WERE ABOUT WHETHER LINUX IS MORE SECURE THAN WINDOWS.
So I think that qualifies as "someone".
|
#24 By
7797 (63.76.44.252)
at
10/17/2003 7:43:11 AM
|
Last I checked we weren't discussing the whether or not the articles are correct but whether they are biased or not.
|
|
|
|
|