A question on protection software

Fred Roller froller at tnclimited.com
Thu Jun 11 13:43:27 UTC 2009 

On Thu, 2009-06-11 at 09:08 +0100, Colin Law wrote:
> 2009/6/10 Fred Roller <froller at tnclimited.com>:
> > On Wed, 2009-06-10 at 22:03 +0100, Colin Law wrote:
> >> 2009/6/10 Tony Baldwin <photodharma at gmail.com>:
> >> > Sandy Harris wrote:
> >> >> On Wed, Jun 10, 2009 at 6:33 PM, <valhalla2100 at comcast.net> wrote:
> >> >>
> >> > ... clippage ...
> >> >>
> >> >> There's also an argument that Linux is better designed
> >> >> and better implemented than Windows, so more secure.
> >> >> I certainly believe that, but it would be fairly difficult to
> >> >> produce the evidence that would convince an MS
> >> >> employee.
> >> >>
> >> >
> >> > Statistics alone should prove that point.
> >>
> >> The statistics don't prove it one way or the other because we don't
> >> know how much effort is put in attempting to attack linux machines.
> >> Windows machines are more commonly affected than Linux ones but this
> >> in itself does not say anything about the intrinsic security of the OS
> >> unless we know the relative amounts of effort put in by those with
> >> evil intent.  Unless there are some other statistics available.
> >>
> >> Colin
> >>
> >
> > Collected from:
> >
> > http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/
> >
> > albeit from '04 but still applies.
> >
> > ...
> > "If we reality-check these conclusions against another scale, we find
> > that vulnerability metrics used by the US Computer Emergency Readiness
> > Team (CERT) return 250 results for Microsoft, with 39 having a severity
> > rating of 40 or greater, and 46 for Red Hat, with only three scoring
> > over 40. So simply making claims based on that one metric (as Steve
> > Ballmer did, again, earlier this week) is like judging a hospital's
> > effectiveness in dealing with emergency cardiac care from its average
> > speed in dealing with all patients."
> > ...
> 
> Ah, those statistics.  I am not sure it was those that Tony Baldwin
> was referring to.  I thought he was just talking about the probability
> of an individual user getting hit.  I may well have been wrong however
> 
> Colin

  The report went on to discuss individual attacks and statistical
information collecting.  As for me, I haven't had an incident in the
four years I have been running linux.  I have noted, in all fairness,
that any system which uses ssh and is connected to the internet will be
constantly probed ( /var/log/secure |grep Fail) but this is easily
"fixed" by changing the listening ports.
  Like anything there are pros and cons to anything.  To me Linux just
has more pros than windows.


-- 
Fred R.
www.fwrgallery.com

"Life is like Linux, simple.  If you are fighting it, you are doing
something wrong."

More information about the ubuntu-users mailing list