Linux security is a 'myth', claims Microsoft

greggh · 2005-01-28 21:54:20

http://www.vnunet.com/news/1160853

"The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux," said McGrath.

cactus · 2005-01-28 22:57:42

heh..
and the Devil just got done trying to convince me he doesn't exist.

phrakture · 2005-01-28 23:03:25

I love the line "The microsoft developers are much more skilled than linux developers"

skilled at putting in minimal effort for marginal gains... tell me what huge leaps and bound office 2003 made over 2000? oh that's right, it was just a relabling to make more cash...

Benedict_White · 2005-01-29 00:19:30

I found this article both amusing and informative at the same time.

"The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux," said McGrath.

Can some one remind me of how long it takes for a security patch for Linux to come out compared to Linux? Either he or I is missing the point.

As for viruses, as far as I know there have been 6 "viruses" for Linux, at least 3 of which were proof of concept, and all needed user intervention to get them to run. That said, there have been worm holes, which are blocked very quickly in Linux, because us Linux users both know and care.

"Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.
"In Microsoft's world customers are confidant that we take responsibility. They know that they will get their upgrades and patches."

I think this deserves the Perrier(tm) award for comedy, it took 4 hours for Linux to patch the Intel Pentium(tm) floating point error. I don't recall MS ever having a fix in place. The same is true of issues that affect the core of the kernel.

As for who is accountable for security, unless you live in New Zealand, software is not warrantied to do anything at all ever, GPL or MS licence, so no one MS included actually takes responsibility for anything in law. At least the GPL boys can claim they did it for free.

The credibility of Linux in the enterprise is beginning to suffer, according to McGrath, as companies complete trials and find the platform wanting.

This would presumably be people who use Windows so do not know the power of the CLI or what MS learned from taking over Hotmail, in which they learned the power of CLI and put allot of scripting ability in Win2003.

"Most customers look for more than just a product from their vendors. They need a solution that comes with the appropriate levels of support and service. This is where Linux is becoming more challenged as people expect more from Linux.

Fair comment. Windows admins expect me to come and set up and manage that, so if they go for Linux they need the same support.

So all you Linux hackers out there, get selling your services, with a network of people who will take over from you if you move on, die, annoy the customer.

Benedict_White · 2005-01-29 00:29:27

I was also highley amused by the following add:

http://links.industrybrains.com/click?s … m/qfs.html

which takes you to:
http://www.ei-europe.com/qfs.html

which is an add on disk quota system. Unsurprisingly it is Windows only, as Netware has supported this functionality from day 1, and as far as I am aware, Unix and Linux does as well.

Why would you want to buy a server OS that needs add on software to do the basics?

dp · 2005-01-30 19:30:26

'They were myths and they were real,' he said loudly. 'Both a wave and a particle.'
(Guards! Guards!)

or even better:

Gravity is a myth, the Earth sucks.

8)

skoal · 2005-01-31 04:20:59

This article is big giant piece of FUD. The best example of that is the following,

"Most customers look for more than just a product from their vendors. They need a solution that comes with the appropriate levels of support and service. This is where Linux is becoming more challenged as people expect more from Linux."

Tell that to IBM.

However, I do disagree with a lot of FUD circulated in the Linux community as well, concerning viruses and security. I think it's naive to think that Linux is any less suceptible to a virus or trojan than any other platform. The main thrust and motivation behind most virus authors is simple: attention and impact. You can lock yourself in a bank vault if you wish, but someone clever enough on the outside will always find a way to let you out, or let themself in.

Linux is hardly on market par with Windows as a desktop OS. I think when you see a Linux desktop share of just 20% or more, I think you're in for a "culture" shock. The only difference will be the speed with which that vulnerability is addressed.

cactus · 2005-01-31 04:35:09

I think the main reason why linux doesn't have as many viruses are:

-Users generally don't run as root. In Windows land it is very common for people to have full or near full admin rights.
-ActiveX---With such things users are not required to take any action other than surfing to a page for something nasty to be installed, or reading an email with an embedded activeX object (rendered as html of course). GNU Linux systems generally require some work to install things.
-Knowledge of users. I believe that *puts on generalization hat* the average Linux user has a bit more computer knowledge than the average windows users. I am not saying that there are not extremes in both camps. Just talking about averages here. Linux is harder to use. So one would think that people that use it know a bit more. I could be wrong here of course.
-Less market share. There are far more windows boxes out there. The fact that they are easier to code vulnerabilities for makes them all the more attractive.

probably lots more reasons, but I think those are likely the biggies.

dtw · 2005-01-31 05:18:31

one thing to say, as usual, windows folder sharing - how much more insecure do you need?

Pajaro · 2005-01-31 09:18:57

If someone makes a virus for linux it will be rpm based

skoal · 2005-01-31 12:25:09

dibblethewrecker wrote:

one thing to say, as usual, windows folder sharing - how much more insecure do you need?

I agree. But, have you ever used NFS? Pretty much the same concept, and pretty much just as "insecure". I think there's an additional encryption authentication you can use now, but I don't remember having that capability in the past. I think Windows has similiar safeguards with "Active Directory". It's just how you use it.

All of you make important points, and I'm not disagreeing with any of them. I just think that if and when Linux ever becomes a viable desktop alternative, some of those insecure features (like ActiveX) will probably be just as available on Linux, albeit in a different form. The level of user "knowledge" will never change on the desktop, since an influx of new users will always appear. And, in order to accomodate everyone on a "popular" and widely used desktop, some safeguards will inevitably fall wayside to usability.

Shoot, I run across all kinds of security warnings while installing various Linux applications. For one, how about running "Xscreensaver" as root? I know plenty of people that run Linux solely as "root", for convenience. They neither understand "sudo" or how to manage separate users for that matter. And when you're talking about a desktop, convenience always wins over common sense. I tell my cousin over and over to not run as root. But, since he's still fairly new to Linux, old habits are hard to change, especially when you're short on time.

Pajaro made the joke about Redhat RPM"s. Although most of us are pretty saavy here at Arch, I don't think I ever logged in other than "root" on most of my RedHat 5.x-7.x days.

cactus · 2005-01-31 12:47:54

:shock:

skoal · 2005-02-02 06:10:51

cactus wrote:

:shock:

Yeah, I never claimed to be "smart", just lazy.

STiAT · 2005-02-02 07:25:56

In the most significant points i've to agree with skoal.

Also, i've been running Linux now for years, and i can't see linux challanging windows nowdays, i can't see it callanging windows even in the next years.

I have to agree that if linux will be more widely used, that there will pop up hundret of security flaws in linux stock applications and the kernel.

Why won't linux be a challange?

Easy: If you want to provide something for "common" use, everything MUST be the same. The freedom of having the choice, as we call it, it nor more or less than irritation to a normal user. They dont want a choice, they want ONE good product for the whole world, which is everywhere the same, looks the same and has the same features. It must be usable for good office use, chatting, multimedia.

The choice of having XFCE, GNOME; Fluxbox, KDE or whatever is just confusing for "users".

I think the hardest challange to Microsofts desktop OS is still MacOSX, even though, noone will agree with me, and everyone will say "look at how many people use linux and how many are using Macintosh". Of course, but OSX is also commertial software, and downloading Linux freely and "just run it" is just too good to save money, and it has quite enough features.

I guess i'm alone in the linux world, by disliking the "freedom" of having the choice. If the developers were united to ONE good OS; where would we go? How fast would we go? Idealism is great, but sometimes not useful for producing a system which acutally can challange a commertial product.

Better developers at microsoft? Maybe better coordinated. Dont forget, linux developers most likely publish this software in their spare time. Who has got better or the best developers ... i'd say noone really can say. There are alot of really good windows developers, and also some very good linux developers. Even though, i think the money microsoft pays their developers still is attracting alot of good developers... understandable, isn't it?

// STi

cactus · 2005-02-02 08:03:51

I think the talk of Linux being a challenge to microsoft or not is just silly talk.
It is challenging it right now. Maybe not for the desktop, but for the server it is showing amazing growth.

*shrug*

Gullible Jones · 2005-02-02 20:31:52

Even if the garbage they're spewing were true, MS would have a lot more talking to do, given the vast number of vulnerabilities afflicting Windows and their seeming unwillingness to repair or prevent such problems. It would be easy enough, for example, to separate the browser and desktop environment, or to use an HTML rendering engine that worked...

skoal · 2005-02-03 16:46:30

Gullible Jones wrote:

[...]given the vast number of vulnerabilities afflicting Windows and their seeming unwillingness to repair or prevent such problems. [...]

I don't think it's that Microsoft is unwilling or "drags their feet" to address those vulnerabilities. It's just the difference between Open Source and Closed Source software "cycles". For Microsoft, they test their "patches" much more extensively, and don't have the luxury we do to release constant updates. If they did, you would really begin to question their security, and they would leave most of their users disallusioned, if not confused.

Also, Windows is no longer just an OS, it's a desktop. There are many more associated parts which have to be tested, whether they appear to be related to that vulnerability or not. I don't think it's possible for them to break apart anything in their desktop now. Users have been so accustomed to that "ease", and expect it so, that there's no turning back. In fact, the trend is for more integration.

I think at one time, Bill Gates envisioned an indistinguishable future version of Windows, whether it was embedded in your refrigerator, television, or what you see now on your computer. I think within 5 years, there probably won't even be such a thing as a PC. I like that idea. Let some hacker try to "root" my "computer". He may not realize it, but all he did was keep my ice tray from working again.

aCoder · 2005-02-04 00:37:45

I don't think it's that Microsoft is unwilling or "drags their feet" to address those vulnerabilities. It's just the difference between Open Source and Closed Source software "cycles".

I would argue that it's more accountable the difference between offering source updates or binary patches. Their patches don't go through much internal testing at all, but volunteer testing much like we do, only through MSDN, (typically), to minimize widespread use of potentially dangerous builds. Of course, they have to build and engineer a new patch release based on the mindlessly complicated standard they use every time thay make any change at all to a patch. I could be mistaken, and that probably doesn't read well. I just hope someone can sort it out and correct me, disagree, or agree, writing something a bit more together so that I can read it sometime when I'm more alert...................................

xaos5 · 2006-01-11 08:15:49

Microsoft is just like anyother big business. As long as they are making money why put money to hire more staff to fix something. A good example of this is when they pulled staff from longhorn to rush sp2, which supposedly fixed spyware. Also this way people think there computers are old and need to be updated all the time, the average windows user like stated before doesn't have as much knowledge and doesn't realized the difference between software and hardware. If the stuff they click is moving slow there computer is slow and they need a new one. Also security flaws are only fixable by spending the money on the next OS they release. windows 2000 will probably never see IE 7 even though It could really use it. If you pay $300 for a product, it should be supported thoughout the companies life spand.

Linux has the advantage to run a current distro and have a 133mhz pentium and be a lot more secure, only thing that would run on that is win3.1,95,98,me. In my opinion that makes linux the more secure OS.

I could go on and probably organize this better but i'm tired.

pikass · 2006-01-11 12:00:01

I 'd like to add another point to cactus 'why are there less viruses' list.
On the one hand we have a system which tries to lock out every not foreseen action or wish of the user and on the other hand we have the gentle offering to join und help to improve. This turns black hats to whites. Why harm your buddies? And if something goes completly in the wrong drection, just fork it instead of fight it.

tomfitzyuk · 2006-01-11 17:03:18

Who cares what they say, it's very unlikely anything they say is going to effect me in anyway

Gullible Jones · 2006-01-11 21:16:08

*yawn*

grrargh...

THIS THREAD IS A YEAR OLD. WHY HAST THEE RESURRECTED IT?!

Arch Linux

#1 2005-01-28 21:54:20

Linux security is a 'myth', claims Microsoft

#2 2005-01-28 22:57:42

Re: Linux security is a 'myth', claims Microsoft

#3 2005-01-28 23:03:25

Re: Linux security is a 'myth', claims Microsoft

#4 2005-01-29 00:19:30

Re: Linux security is a 'myth', claims Microsoft

#5 2005-01-29 00:29:27

Re: Linux security is a 'myth', claims Microsoft

#6 2005-01-30 19:30:26

Re: Linux security is a 'myth', claims Microsoft

#7 2005-01-31 04:20:59

Re: Linux security is a 'myth', claims Microsoft

#8 2005-01-31 04:35:09

Re: Linux security is a 'myth', claims Microsoft

#9 2005-01-31 05:18:31

Re: Linux security is a 'myth', claims Microsoft

#10 2005-01-31 09:18:57

Re: Linux security is a 'myth', claims Microsoft

#11 2005-01-31 12:25:09

Re: Linux security is a 'myth', claims Microsoft

#12 2005-01-31 12:47:54

Re: Linux security is a 'myth', claims Microsoft

#13 2005-02-02 06:10:51

Re: Linux security is a 'myth', claims Microsoft

#14 2005-02-02 07:25:56

Re: Linux security is a 'myth', claims Microsoft

#15 2005-02-02 08:03:51

Re: Linux security is a 'myth', claims Microsoft

#16 2005-02-02 20:31:52

Re: Linux security is a 'myth', claims Microsoft

#17 2005-02-03 16:46:30

Re: Linux security is a 'myth', claims Microsoft

#18 2005-02-04 00:37:45

Re: Linux security is a 'myth', claims Microsoft

#19 2006-01-11 08:15:49

Re: Linux security is a 'myth', claims Microsoft

#20 2006-01-11 12:00:01

Re: Linux security is a 'myth', claims Microsoft

#21 2006-01-11 17:03:18

Re: Linux security is a 'myth', claims Microsoft

#22 2006-01-11 21:16:08

Re: Linux security is a 'myth', claims Microsoft

Board footer