[opensource] Linux vs. Windows
hayes.465 at osu.edu
Wed Oct 25 15:51:45 EDT 2006
On Oct 25, 2006, at 3:02 PM, Nick Hurley wrote:
> Charlie Hayes <hayes.465 at osu.edu> writes:
>> Yes, the famous RPC buffer overflow arbitrary code execution bug.
>> A friend of mine (this is all before SP2 which fixes this) got a
>> before windows was even done installing.
>> Again, this is a non-issue, its fixed and since that incident
>> has been really into security.
> The problem is that you are taking Microsoft at their word. I'm not
> crazy Microsoft-hating free software purist (I am, in fact, writing
> closed-source Windows software in parallel with typing this), but I
> say, fairly confidently, that Microsoft's commitment to security
> even come close to measuring up to what they CLAIM their commitment to
> security is. Yes, they have made SOME improvements to their security
> process. Are these improvements enough? I very seriously doubt it.
I have read many independent studies claiming that Windows security
is just as good as GNU/Linux. There are also many studies showing
that Windows Defender is one of the if not the best antispyware
application. Plus Microsoft basically has their whole business riding
>> It's quite possible that Linux has a similar issue and Windows still
>> contains a similar bug. However, as Nick pointed out, Windows is the
>> target since it has such a huge share of the market.
> The only thing about a similar vulnerability "in Linux" is that it
> likely be in a userland daemon, not in the Linux kernel itself which
> could (most likely) NOT run as root, thereby mitigating the effects of
> any such vulnerability in a VERY signinficant fashion that current
> releases of Windows simply can not do (I can't speak to the
> of Vista, as I've never tried it, and in any event, it's not yet
There is no way you can claim that the Linux kernel (or things that
run in kernel land) are bug-free. I'm sure Microsoft is doing their
part in keeping things out of kernel land that shouldn't be there. In-
fact they have gone so far as to prevent anti-virus software from
third parties (which they have given in to and wont be doing).
More information about the Opensource