[CentOS] Lies wide open ...!

mouss mouss at netoyen.net
Sat Aug 23 17:51:38 UTC 2008


ABBAS KHAN wrote:
> Being as a Windows geek tho, I consider Linux as a more powerful server
> operating system than Windows. When I saw OS comparison at
> http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I
> was shocked! Showed it to a friend and he felt like being brainwashed :D
> lol.
> What do you fellows think about this?

windows has only one vulnerability:
- windows is vulnerable to attacks

other systems and programs have millions of vulnerabilities:
- foo program allows an attacker in 10.1.2.3 to access /etc/hosts
- foo program allows an attacker in 10.1.2.3 to access /etc/aliases
now repeat this for every possible file and for the 2^32 IP addresses, 
and you get as many vulnerabilities as you can count.


and think of it. windows is 100% by default. you need to power the 
system before it gets owned. and did you read the ULA? you paid to use 
the system, but what makes you believe you will be the only one? it is a 
shared system. anyone on the internet can use it. it's not a 
vulnerability, it's a feature.

and windows is "user friendly". if a vulnerability is found, why fix it 
and annoy the user? just issue a dialog box "this may be unsafe. do you 
really want to...?". after all, the user paid. no?


more seriously, using vulnerability count as a security measure is 
childish at best. Are 5 cents more than 1 euro (dollar|...)? do 10 
rabbits eat a lion?

but in this particular case, there is no child play. it is intentional:

"
Reliance on a single metrics is a major feature of Microsoft's Get the 
Facts campaign, and this is perhaps understandable if we consider what 
the campaign is. It is essentially a marketing-driven campaign intended 
to ....
"	
Source: http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/




More information about the CentOS mailing list