Language Selection

English French German Italian Portuguese Spanish

Windows vs Linux security report card redux

Filed under
Security

Jeff Jones has expanded his project to count security flaws (publicly reported and fixed) in the major workstation operating systems and his latest numbers show Windows Vista has by far the best security profile when compared to the major Linux distributions.

eff Jones, security strategy director in Microsoft’s Trustworthy Computing group, led a TechEd 2007 discussion on the metrics and techniques used to keep track of vulnerabilities and offered a glimpse at his upcoming report card that compares flaws found/fixed during Vista’s first six months on the market against Windows XP, Red Hat Enterprise Linux 4 WS (full), Ubuntu 6.06 LTS (full), Novell SUSE Linux Enteprise Desktop 10 (full) and Mac OS X 10.4 (Tiger).

Full Post.



The Master of All FUDMeisters

This series of 'studies' gets smashed to pieces time after time and time (see comments in the article for example), but it doesn't stop Microsoft from publishing false figures (READ: lies) and sticking them in pamphlets. Some industry supervision ought to step in and handle this case of misleading benchmarks. They got caught before (e.g. cheating in IBM benchmarks in the most ridiculous of ways. They more recently did this to Novell).

Oh look, another "study"...*yawn*

*Switches to salesman voice*

Do you have a problem with a competitor?

Are you having a difficult time keeping up with them?

Well, don't worry! If you can't compete fairly, attack them publically!

With the new FUDMASTER-2000!

Order yours now, and we'll throw in a free DVD tutorial!

In the DVD, get great hints and tips to FUD your competitors! They won't know what hit them!

If you call in the next 10 minutes, we'll throw in a complementary "throwing chair"! Its a great stress reliever when your competitor annoys you! This is the same one used and certified by Microsoft CEO, Steve Ballmer!

Only 12 easy payments of US$29.95!

Act now!

*Switches OFF salesman voice*

Seriously though, we've been here before.

A Microsoft rep or a paid third-party presents a study which favours them.

They're done it with:

(1) "Get the Facts" website. (LOTS there!)

(2) Bill Hilf (Head of MS's Linux Lab) did it in an attempt to show Linux uses just as much as hardware resources as Windows...This failed miserably when you realise the system you need to run Vista (with all the eyecandy) smoothly.

(3) Attack GPL v3!
http://arstechnica.com/news.ars/post/20070522-microsoft-funds-questionable-study-attacking-gpl-3-draft-process.html

(4) And now this!

The fact is, such studies don't work on us. And how we beat them is to question and explain to others why one should be very skeptical. Any opensource geek knows charts and statistics can be manipulated to favour anyone. All one needs to do is select the right influencing factors to affect the result.

To be honest, you should ignore it. (like the other ones that fade into memory).

Come to think of it, we should file every study MS conducts or pays to be conducted in an archive.

Better yet, we should start a website that collects all MS's propaganda and document the tricks they do! It'll help MS's future competitors! (Gives them a clear view of what to expect!)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Videos and Audio: 7 Tools Every GNU/Linux Gamer 'Needs' To Use, Peppermint OS 5-22-2022 Walkthrough, Late Night Linux

Obarun is gradually becoming a fork of Artix

Take a look at this on your own and judge. It may not be in the official repositories but the last commit is signed by the Founder of Obarun and the rest by his co-author. When OUR was released to the public one of the claimed rules of participation was to not build any parts of systemd or any package that wouldn?t conform to Obarun. Obarun?s version of pacman incorporated a block from installing systemd or its libraries. Elogind is the central part, the essence of systemd. When you have no set principles and values, anything goes, and you can drift from one character to another, without remorse. Obarun will not be removed from the strict list of distros without systemd or elogind, but as soon as this OUR package moves to the repos it will be ?bye bye? Obarun from any mention in this site. At least VOID never claimed to not involve systemd or its parts into the distribution, people just assumed it was systemd-free because of the use of runit and consolekit. So VOID was more justified to switch to systemd?s logind. Read more Newly-updated: 2022 hardcore list of linux distributions without elogind and other systemd parts

Canonical/Ubuntu: LXD, Ubuntu Weekly Newsletter, and More

  • Install ROS 2 Humble in Ubuntu 20.04 or 18.04 using LXD containers | Ubuntu

    We welcome the new release of ROS 2 Humble which targets the recently released Ubuntu 22.04. If you want to install it now, please visit the ROS 2 Humble documentation. But if you want to install ROS 2 Humble and test compatibility, keeping your current Ubuntu (20.04, 18.04,…) environment stable until you know you are ready to upgrade, you can dive into LXD containers.

  • Ubuntu Fridge | Ubuntu Weekly Newsletter Issue 736

    Welcome to the Ubuntu Weekly Newsletter, Issue 736 for the week of May 15 – 21, 2022.

  • Canonical at HPE Discover 2022 | Ubuntu

    HPE and Canonical have a long-standing relationship, certifying Ubuntu on HPE hardware. Now, you can go beyond the operating system and engage with us on hybrid cloud, AI/ML, and open source support projects. Now we’re excited to share that we’ll be at the HPE Discover 2022 in Las Vegas on June 28-30 showcasing our solution in the expo. From the latest insights in secure connectivity, hybrid cloud, AI and unified data analytics, HPE Discover 2022 is the best place to stay ahead of the trends and technologies that will move your business forward, faster.

Security Leftovers

  • Hijacking webcams with Screencastify | Almost Secure

    Everyone has received the mails trying to extort money by claiming to have hacked a person’s webcam and recorded a video of them watching porn. These are a bluff of course, but the popular Screencastify browser extension actually provides all the infrastructure necessary for someone to pull this off. A website that a user visited could trick the extension into starting a webcam recording among other things, without any indications other than the webcam’s LED lighting up if present. The website could then steal the video from the user’s Google Drive account that it was uploaded to, along with anything else that account might hold. Screencastify is a browser extension that aids you in creating a video recording of your entire screen or a single window, optionally along with your webcam stream where you explain what you are doing right now. Chrome Web Store shows “10,000,000+ users” for it which is the highest number it will display – same is shown for extensions with more than 100 million users. The extension is being marketed for educational purposes and gained significant traction in the current pandemic. As of now, it appears that Screencastify only managed to address the Cross-site Scripting vulnerability which gave arbitrary websites access to the extension’s functionality, as opposed to “merely” Screencastify themselves and a dozen other vendors they work with. As this certainly won’t be their last Cross-site Scripting vulnerability, I sincerely recommend staying clear of this browser extension.

  • Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems [Ed: This is not an OS issue; it's about people installing malware on their own systems and it's not even an "Open Source" issue; led by companies that put NSA back doors in their proprietary software, there's an effort underway to say "Open Source" is the real threat and they tell us the solution to the problem is with the firms that help NSA invade machines]

    The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

  • Why sudo is so important in Linux and how to use it | ZDNet

    When I first started using Linux, things were exponentially more complicated. The distributions were far less mature, but they also required the use of a particular system account to get certain things done. That account was root, and with it, you had unlimited power over your operating system. To demonstrate the power of root, one trick you could always play on unsuspecting users was to tell them to change to the root user with the command su and then have them issue the following command:

  • An uncomplicated introduction to Uncomplicated Firewall | ZDNet

    When I first started using Linux, back in '97, working with the built-in firewall was not something just anyone could do. In fact, it was quite complicated. Starting around 1998, if you want to manage the security of a system, you had to learn iptables (which is a suite of commands for manipulating the Netfilter packet filtering system).

  • Best Wi-Fi Security & Performance Testing Tools for 2022

    The prevalence of Wi-Fi has been accelerating for two decades, but in the last two years, it’s surged even further as so many people were forced to work from home. That trend led to many strengthening the performance of their Wi-Fi networks. But security remains a problem.

  • CISA Adds 21 Known Exploited Vulnerabilities to Catalog [Ed: A huge chunk of these are Microsoft holes, actively exploited while Microsoft commandeers the media to obsess over "Linux"]

    CISA has added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.

  • Surfshark introduces Linux VPN app with a graphical user interface (GUI)

    Surfshark is one of the better-known VPN providers and is often seen being promoted by large YouTube accounts. Today, the company announced the availability of its VPN on Linux with an entire graphical user interface, or GUI.