[opensource] Linux vs. Windows

Nick Hurley hurley at todesschaf.org
Wed Oct 25 15:02:31 EDT 2006


Charlie Hayes <hayes.465 at osu.edu> writes:
> Yes, the famous RPC buffer overflow arbitrary code execution bug.
> 
> A friend of mine (this is all before SP2 which fixes this) got a  virus
> before windows was even done installing.
> 
> Again, this is a non-issue, its fixed and since that incident  Microsoft
> has been really into security.

The problem is that you are taking Microsoft at their word. I'm not some
crazy Microsoft-hating free software purist (I am, in fact, writing some
closed-source Windows software in parallel with typing this), but I can
say, fairly confidently, that Microsoft's commitment to security doesn't
even come close to measuring up to what they CLAIM their commitment to
security is. Yes, they have made SOME improvements to their security
process. Are these improvements enough? I very seriously doubt it.

> It's quite possible that Linux has a similar issue and Windows still
> contains a similar bug. However, as Nick pointed out, Windows is the
> target since it has such a huge share of the market.

The only thing about a similar vulnerability "in Linux" is that it would
likely be in a userland daemon, not in the Linux kernel itself which
could (most likely) NOT run as root, thereby mitigating the effects of
any such vulnerability in a VERY signinficant fashion that current
releases of Windows simply can not do (I can't speak to the capabilities
of Vista, as I've never tried it, and in any event, it's not yet
released).
-- 
Peace,
  Nick

   If you care, you just get disappointed all the time. If you don't care
nothing matters so you are never upset.	  -- Calvin


More information about the Opensource mailing list