OSNews:

OSNews: http://www.osnews.com/story/17541/Surprise_Microsoft_Listed_as_Most_Secure_OS Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Thu, 09 Jul 2009 21:14:14 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com I already knew that! http://osnews.com/thread?223657 http://osnews.com/thread?223657 I already knew that!

I read the ads here.

Thu, 22 Mar 2007 16:22:00 GMT donotreply@osnews.com (Almafeta) Comments typographical error http://osnews.com/thread?223661 http://osnews.com/thread?223661 somebody tell them they have a typographical error in that article. Thu, 22 Mar 2007 16:26:00 GMT donotreply@osnews.com (JernejL) Comments I guess http://osnews.com/thread?223663 http://osnews.com/thread?223663 I guess Microsoft will buy Symantec soon.
And according to ExtremeHypedMotor, my 1991 Toyota Camry is the fatest vehicle in the world. LOL.Edited 2007-03-22 16:30 Thu, 22 Mar 2007 16:29:00 GMT donotreply@osnews.com (bsdnewbieee) Comments based on repairing that is http://osnews.com/thread?223666 http://osnews.com/thread?223666 First of all, the 5 listed operating systems are not all operating systems.

Besides, the statement is based on average time to patch a "security threat". For some reason, since Solaris and HP-ux is last, I'd say it's likely there is nothing that would estimate the level of threat the actual bug represents. I'd say the MS bugs would likely be like open doorway while solaris/hp-ux ones might be that if you break in to the place, rape the sysadmin to give you the root password, then Solaris/HP-ux won't be safe. The bug being that it's red hat linux handling the lock to the door ;P

Ah well... to make it interesting, throw OpenBSD in there and see what happens, I'm sure MS would be moved to slot 2 in an instant! Thu, 22 Mar 2007 16:33:00 GMT donotreply@osnews.com (Haicube) Comments Bad news http://osnews.com/thread?223668 http://osnews.com/thread?223668 This could really hurt Symantec sales on Linux! Thu, 22 Mar 2007 16:34:00 GMT donotreply@osnews.com (fretinator) Comments mmm http://osnews.com/thread?223669 http://osnews.com/thread?223669 It may be that Microsoft is improving and patching Windows, but when it doesn't make these patches available for the windows installs without a valid product key it does not improve the situation of the bot-nets Thu, 22 Mar 2007 16:35:00 GMT donotreply@osnews.com (gfx1) Comments By the way.... http://osnews.com/thread?223671 http://osnews.com/thread?223671 ... how do they measure security threats that are unpatched by vendors after a while? Cause Microsoft products always have a few unpatched ones.... low priority, but threats anyway. Do they count it as one infinitum (laid 8)? :-DEdited 2007-03-22 16:38 Thu, 22 Mar 2007 16:37:00 GMT donotreply@osnews.com (eantoranz) Comments Title is wrong http://osnews.com/thread?223674 http://osnews.com/thread?223674 Microsoft is not an OS. Thu, 22 Mar 2007 16:39:00 GMT donotreply@osnews.com (sbenitezb) Comments RE: MS most secure http://osnews.com/thread?223677 http://osnews.com/thread?223677 Actually, if you read the article carefully it is worded in such a way that it could be considered a one horse race. Since Windows is the only "widely available commercial" OS you could hardly reach any other conclusion. Looks to me like Symantec is ready to run up the white flag. :-) Thu, 22 Mar 2007 16:44:00 GMT donotreply@osnews.com (protagonist) Comments RE: mmm http://osnews.com/thread?223678 http://osnews.com/thread?223678 It does make the patches available regardless of a valid product key. I will install all updates via automatic updates (just not windowsupdate.com). You can't get all the new optional stuff (WMP, etc) but, all security updates will be received though.Edited 2007-03-22 16:45 Thu, 22 Mar 2007 16:44:00 GMT donotreply@osnews.com (adapt) Comments ... http://osnews.com/thread?223681 http://osnews.com/thread?223681 Flawed.

Funny.

Avoid. Thu, 22 Mar 2007 16:48:00 GMT donotreply@osnews.com (twenex) Comments I'll never, ever trust Symantec again. http://osnews.com/thread?223683 http://osnews.com/thread?223683 [rant target="Symantec" style="vitriol:pure; reason:experience; justified:you-betcha"]

Personally, I just hope Symantec will just *go to hell*. And die.

They turned Norton Antivirus into a flaming pile of shit.

Norton Internet Security was BORN a flaming pile of shit.

Symantec is desperately seeking to remain relevant ever since the first Norton Utilities suite which was compatible with FAT32 (I can't quite remember if that was version 3 or 4). From that time on, EVERY, and I mean EVERY release of ANY software of theirs became exponentially buggier, even outright DAMAGING to system stability.

Nowadays you just can't expect to install Norton Antivirus and then UNINSTALL IT GRACEFULLY after it "downgrades" your shiny brand-new dual-core computer to Pentium II speeds. It sticks like tar. Tar at least smells better.

Now that they completely blew their products (at least to those not used to get all their software from Ma&Pa store shelves and actually CARE to sort out the differences among what's offered and then CHOOSE based on technical merits instead of name branding), they're trying to leverage that name branding and pose themselves as "security watchdogs".

Hello?? Symantec can't even cope with keeping their own Windows products from shooting EVERYTHING in the foot (like preventing legitimate SMTP connections -- even SSL'd ones! --, causing any number of incompatibilities with 3rd party software ----gawd, remember Norton CrashGuard?!----, and the classic "bringing your computer performance to a grinding halt"). What the hell are they fussing with HP-UX and Solaris anyway?!

What the hell do they know about Mac OS X? Judging from how difficult it was to them to adapt their products, and how fast the competition churned out WAY better products in far less time, I'd say *very little*.

Same goes to Linux. What product does Symantec offer for Linux systems anyway? Maybe they DO offer some, but it just might be so irrelevant that I never happened to hear about ANY.

Windows? Well, I guess few of us have never gone that route before. Some of us might even have chipped tooth because of cringing at their software.

I believe they'll never get their act together ever again, and THEY DESERVED it. I've completely lost count of how many people called me to "fix their computers" and the root of all evil was some Symantec product.

THEY DESERVED IT.
[/rant]

[mood style="feeling:MUCH-better"] Thu, 22 Mar 2007 16:50:00 GMT donotreply@osnews.com (meianoite) Comments RE: Title is wrong http://osnews.com/thread?223684 http://osnews.com/thread?223684 That's Microsoft Bob they were talking about! Thu, 22 Mar 2007 16:58:00 GMT donotreply@osnews.com (corsaire) Comments My Research Studies http://osnews.com/thread?223687 http://osnews.com/thread?223687 My research study results come to the conclusion that this is money talking and bullshit walking. Thu, 22 Mar 2007 17:12:00 GMT donotreply@osnews.com (jyoungxxxx) Comments dear God http://osnews.com/thread?223690 http://osnews.com/thread?223690 It just kills me that these people don't seem to realize that the number of patches doesn't have a whole lot to do with how secure the system is. I would *rather* see more patches, because that means that the vendor is finding bugs and holes and actually fixing them. Thu, 22 Mar 2007 17:21:00 GMT donotreply@osnews.com (Flatline) Comments Strange report... http://osnews.com/thread?223691 http://osnews.com/thread?223691 I read through relevant sections of the report pdf file, and I see that they only differentiated the Operating Systems for that one "patch time" section. I guess that this one measurement is all that was considered when InternetNews.com declared Microsoft as "Most Secure OS" (a point which was never claimed in the report at all).

The other sections on Vendor responsiveness, Zero-day vulnerabilities, and the various Malicious Code Trends they documented all were a composite across all computing platforms.

A nice analysis (with only one small section that compared different OSes), but a rather broad conclusion has been drawn from that one tiny section (2 pages out of 104). I don't think that this report was intended to draw that type of conclusion, as there isn't enough other information available to get the full picture. Thu, 22 Mar 2007 17:21:00 GMT donotreply@osnews.com (markjensen) Comments Of course Symantec is a friend of Microsoft http://osnews.com/thread?223694 http://osnews.com/thread?223694 The fact that a Microsoft system won't last a week without a good anti-virus program, and that Microsoft doesn't provide one, is the whole reason Symantec has a business. Telling people the truth, that Microsoft security sucks so badly that they should go elsewhere, would mean telling them not only to stop buying Microsoft, but to stop buying Symantec as well.

With Vista, Microsoft might try to cut off the anti-virus vendors, so maybe they won't be such good buddies in the future. But Windows has been Symantec's meal ticket. Thu, 22 Mar 2007 17:28:00 GMT donotreply@osnews.com (JoeBuck) Comments Laughable http://osnews.com/thread?223695 http://osnews.com/thread?223695 Microsoft is doing better overall than its leading commercial competitors

That leaves, uh, apple? Thu, 22 Mar 2007 17:31:00 GMT donotreply@osnews.com (Sphinx) Comments Tell them http://osnews.com/thread?223696 http://osnews.com/thread?223696 enough times someone will actually believe it. Besides it would seem the way that they are securing systems in Vista is to annoy the hell out of you with confirmation's to do anything..
BAH! FUD.
-nX Thu, 22 Mar 2007 17:31:00 GMT donotreply@osnews.com (NixerX) Comments RE: Laughable http://osnews.com/thread?223702 http://osnews.com/thread?223702 That leaves, uh, apple?

OSX only counts if you count open-source software as commercial software. Thu, 22 Mar 2007 17:42:00 GMT donotreply@osnews.com (Almafeta) Comments Types of Exploits? http://osnews.com/thread?223712 http://osnews.com/thread?223712 I am no where near as well read on the the types of exploits as many who frequent this site, but I am pretty sure that the patches that are being done to many of the Linux distro's are in the vein of:

"If you leave you wallet out AND some one shady finds it AND they can get into your house AND hold you hostage they MIGHT be able to gain control of your XMMS"

as opposed to the typical Windows exploit:

"If you open IE you will get pwned."

Yeah, I know, a bit over the top. But you guys get the idea. Thu, 22 Mar 2007 17:56:00 GMT donotreply@osnews.com (BigDaddy) Comments I bet http://osnews.com/thread?223716 http://osnews.com/thread?223716 I bet it's all because of Symantecs security tools/products. Damn, I wish I have those tools for Linux, wait a minute, I don't really need it. Thu, 22 Mar 2007 18:06:00 GMT donotreply@osnews.com (bedo) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?223718 http://osnews.com/thread?223718 Wow. And people say I'm capable of hate! Thu, 22 Mar 2007 18:08:00 GMT donotreply@osnews.com (twenex) Comments please http://osnews.com/thread?223719 http://osnews.com/thread?223719 So let me get this right according to the article Microsoft had the fewest number of vulenerabilities, but still had the higest number in terms of high risk. The thing that kills me is that these studies include software from opensource projects installed on the OS vs the windows vulnerabilities usually lie in the OS itself not the addon software.

Windows stats are about 1/2 of all vulnerabilities are high risk. I'm sorry but this sounds as safe as a defective rear-end exploading ford police car.Edited 2007-03-22 18:11 Thu, 22 Mar 2007 18:09:00 GMT donotreply@osnews.com (milles21) Comments RE: Tell them http://osnews.com/thread?223720 http://osnews.com/thread?223720 "You are about to release a heavily-biased 'security' study which will be widely criticised and derided by independent researchers:

Confirm or deny?" Thu, 22 Mar 2007 18:10:00 GMT donotreply@osnews.com (twenex) Comments RE[2]: Tell them http://osnews.com/thread?223722 http://osnews.com/thread?223722 We often disagree on some topics but I have to say I am in full agreement with you on this one! Thu, 22 Mar 2007 18:13:00 GMT donotreply@osnews.com (milles21) Comments Microsoft? http://osnews.com/thread?223723 http://osnews.com/thread?223723 I have never heard of an OS called Microsoft.
Sure I heard of a company called Microsoft.
You must be referring to Windows? Thu, 22 Mar 2007 18:15:00 GMT donotreply@osnews.com (Chezz) Comments Cognitive Bias http://osnews.com/thread?223725 http://osnews.com/thread?223725 I've been reading through comments here, and I've come to one conclusion. No one commenting has an open mind at all. This is not specific to this thread or topic either. The only reason that you are even reading these posts and comments are to reconfirm your own per existing beliefs. If something does not conform to your beliefs it would not matter how much actual data is presented, the basis for the articles conclusions would be in error. Everything you are reading you are filtering based on the flawed logic that all your current beliefs are 100% fact. I'm sure I don't have to tell you how stupid this makes you appear. Thu, 22 Mar 2007 18:19:00 GMT donotreply@osnews.com (randomsurprise) Comments RE: Microsoft? http://osnews.com/thread?223726 http://osnews.com/thread?223726 If you just read past comments you'll see that kind of question is already said. Thu, 22 Mar 2007 18:21:00 GMT donotreply@osnews.com (xsun) Comments RE[2]: Laughable http://osnews.com/thread?223727 http://osnews.com/thread?223727 In other words, if you don't, then it amounts to:

"Microsoft [Windows] is the only widely available commercial OS. Microsoft [Windows] is the most secure widely available commercial OS."

I suspect even Homer Simpson could work out that sentence 2 in the above follows inexorably from sentence 2, without any reference whatsoever to other OSes, good or bad.

Oh, and by the way: Most of the stuff Apple builds on top of its OSS OS is proprietary. Thu, 22 Mar 2007 18:22:00 GMT donotreply@osnews.com (twenex) Comments Hmmm, Symantec no friend of Microsoft http://osnews.com/thread?223729 http://osnews.com/thread?223729 I like the teaser to this article, in which it claims that Symantec is no friend of Microsoft. While Symantec may no agree with everything Microsoft does, I ask you how Symantec could not be friends with Microsoft when they are a Microsoft vendor and make all their money selling Windows products. Thu, 22 Mar 2007 18:22:00 GMT donotreply@osnews.com (yoursecretninja) Comments RE: Cognitive Bias http://osnews.com/thread?223731 http://osnews.com/thread?223731 I've been reading through comments here, and I've come to one conclusion. No one commenting has an open mind at all. This is not specific to this thread or topic either. The only reason that you are even reading these posts and comments are to reconfirm your own per existing beliefs. If something does not conform to your beliefs it would not matter how much actual data is presented, the basis for the articles conclusions would be in error. Everything you are reading you are filtering based on the flawed logic that all your current beliefs are 100% fact. I'm sure I don't have to tell you how stupid this makes you appear.

Nice rant. Unfortunately for you, no matter how biased we are or you accuse us of being, that won't change the fact that this study is deeply flawed, and is going to be seen widely as being so. Thu, 22 Mar 2007 18:24:00 GMT donotreply@osnews.com (twenex) Comments RE: Hmmm, Symantec no friend of Microsoft http://osnews.com/thread?223732 http://osnews.com/thread?223732 I like the teaser to this article, in which it claims that Symantec is no friend of Microsoft. While Symantec may no agree with everything Microsoft does, I ask you how Symantec could not be friends with Microsoft when they are a Microsoft vendor and make all their money selling Windows products.

Question of the Third Millennium! Thu, 22 Mar 2007 18:25:00 GMT donotreply@osnews.com (twenex) Comments Linux and Bill os http://osnews.com/thread?223733 http://osnews.com/thread?223733 are similar. Both are huge monolithic kernels with lots of code for buffer overflows.

Go ahead and censor/delete this message.

Good ole osnews/slashdot fairness! Thu, 22 Mar 2007 18:27:00 GMT donotreply@osnews.com (Eric Martin) Comments RE: Cognitive Bias http://osnews.com/thread?223735 http://osnews.com/thread?223735 The question is did you read the article it is heavily bias again the numbers show that 1/2 of all windows vulnerabilities were high risk. Number 2 if we are comparing OSes we need to eliminate the the opensource projects and focus on Linux the OS which is not what these studies take into account.

The problem is that the need to look at Linux, Linux is not Openoffice, it is not apache, those are applications installed just as Nero is not windows however they do not split those vulnerabilities out, because of either bias or lack of knowledge.

Need I remind you that the bugs in the Month of Apple bugs included things like VLC which is a add on program not a OS. Thu, 22 Mar 2007 18:28:00 GMT donotreply@osnews.com (milles21) Comments RE: Cognitive Bias http://osnews.com/thread?223740 http://osnews.com/thread?223740 Everything you read, hear, say, write etc. is subject to influence and bias based on your culture, experience, interests, etc. That is the nature of being human - while we can strive to be objective, it is naturally difficult to do so.

Using our personal biases to denounce our ideas outright is not a very effective form of arguing. You would be listened to by other here if you can try to find fault in the arguments presented in this thread, not faults in the people who post them - like I pointed out, we all have our biases, even you. Thu, 22 Mar 2007 18:32:00 GMT donotreply@osnews.com (yoursecretninja) Comments In related news today... http://osnews.com/thread?223745 http://osnews.com/thread?223745 Weapons of mass destruction were found in Baghdad.

George Bush to head Greenpeace.

Al Gore accepts position as CEO of Exxon.

SCO code found in Window Kernel source, Darl McBride to replace Ballmer. Thu, 22 Mar 2007 18:40:00 GMT donotreply@osnews.com (fretinator) Comments Convoluted logic http://osnews.com/thread?223747 http://osnews.com/thread?223747 Microsoft - 12 severe vulnerabilities
Redhat - 2 severe vulnerabilities
Mac - 1 severe vulnerability

Therefore Microsoft is the most secure (hey, the conclusion was known at the start, if you are Symantec, you want people to use insecure operating systems so you need their products). Thu, 22 Mar 2007 18:40:00 GMT donotreply@osnews.com (jstead1) Comments RE: Of course Symantec is a friend of Microsoft http://osnews.com/thread?223748 http://osnews.com/thread?223748 "The fact that a Microsoft system won't last a week without a good anti-virus program..."

Since when was that a fact? I've run many versions of Windows for years without ever touching an antivirus program. And I've never had a problem. A firewall is the key. Thu, 22 Mar 2007 18:42:00 GMT donotreply@osnews.com (sb56637) Comments hmmm http://osnews.com/thread?223750 http://osnews.com/thread?223750 Symantec both makes bloatware

Thu, 22 Mar 2007 18:43:00 GMT donotreply@osnews.com (Mellin) Comments RE: In related news today... http://osnews.com/thread?223751 http://osnews.com/thread?223751 George Bush to head Greenpeace.

LOL. Thu, 22 Mar 2007 18:44:00 GMT donotreply@osnews.com (twenex) Comments RE: Laughable http://osnews.com/thread?223752 http://osnews.com/thread?223752 Actually, it even leaves out Apple since it says"widely available commercial OS". I can positively state that Windows is not more secure than OS X as I have used both. :-) Thu, 22 Mar 2007 18:45:00 GMT donotreply@osnews.com (protagonist) Comments RE: Cognitive Bias http://osnews.com/thread?223753 http://osnews.com/thread?223753 Honestly, did you really expect anything else? Thu, 22 Mar 2007 18:46:00 GMT donotreply@osnews.com (Rayz) Comments RE[2]: Tell them http://osnews.com/thread?223754 http://osnews.com/thread?223754 Of course, I mean "Cancel or allow?" Thu, 22 Mar 2007 18:48:00 GMT donotreply@osnews.com (twenex) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?223755 http://osnews.com/thread?223755 Dude, you so hit the nail on the head with that one! I can't remember the amount of times I was called in to flush out a bug ridden system only to find the real problem was a Symantec product. Man, those guy's deserve every word of your rant! Thu, 22 Mar 2007 18:49:00 GMT donotreply@osnews.com (SReilly) Comments RE[2]: Cognitive Bias http://osnews.com/thread?223756 http://osnews.com/thread?223756 As if you hold the Holy Grail of Truth in your hands.

Ahahah. Thu, 22 Mar 2007 18:49:00 GMT donotreply@osnews.com (twenex) Comments RE: In related news today... http://osnews.com/thread?223772 http://osnews.com/thread?223772 "SCO code found in Window Kernel source, Darl McBride to replace Ballmer."

Oh crap, don't give them any ideas. Thu, 22 Mar 2007 19:06:00 GMT donotreply@osnews.com (aGNUstic) Comments Microsoft [Windows] the most secure OS?? http://osnews.com/thread?223774 http://osnews.com/thread?223774 Hum... let me see i spend at least a day every week removing virus and spyware from costumers pc's... and with my mac, my linux server and my solaris server i spend... oh wait... i dont... so the logical conclusion: windows is more secure... oh yea... (i know im not using numbers to sustent my post, but this is my experience) Thu, 22 Mar 2007 19:07:00 GMT donotreply@osnews.com (mith) Comments RE: Title is wrong http://osnews.com/thread?223775 http://osnews.com/thread?223775 It is linux that is not an OS. It's only a kernel. Thu, 22 Mar 2007 19:08:00 GMT donotreply@osnews.com (Babi Asu) Comments RE: Cognitive Bias http://osnews.com/thread?223776 http://osnews.com/thread?223776

I've been reading through comments here, and I've come to one conclusion. No one commenting has an open mind at all. This is not specific to this thread or topic either. The only reason that you are even reading these posts and comments are to reconfirm your own per existing beliefs. If something does not conform to your beliefs it would not matter how much actual data is presented, the basis for the articles conclusions would be in error. Everything you are reading you are filtering based on the flawed logic that all your current beliefs are 100% fact. I'm sure I don't have to tell you how stupid this makes you appear.

I have never known anybody who does not let they're bias in any way influence how they see the world. Even the supposed holy of subjectivity, science, is not immune to this.

Telling people they are biased and/or stupid when they take what is obviously a flawed statement (yes, it is very much flawed - read the actual pdf this statement is supposedly based on for the truth of the matter) without giving any valid reasons is a very stupid thing to do and frankly, you deserve all the scorn you are getting. Thu, 22 Mar 2007 19:09:00 GMT donotreply@osnews.com (SReilly) Comments Of course... http://osnews.com/thread?223779 http://osnews.com/thread?223779 Windows is the most secure wide-spread OS.

It's the only wide-spread OS ::) Thu, 22 Mar 2007 19:15:00 GMT donotreply@osnews.com (dylansmrjones) Comments How did they conclude "Most Secure OS"? http://osnews.com/thread?223785 http://osnews.com/thread?223785 The conclusions provided by the "internetnews.com" piece and the Symantec "Internet Security Threat Report" don't seem to be exactly in line with one another. The "internetnews.com" article is based on a very small portion of the entire "threat report" (as pointed out in previous posts). They declare a "most secure OS" based solely on number of days to patch.

I've always wondered how true of an objective metric that is, since there really isn't "full-disclosure" of OS vulnerabilities in the first place. So how do we know how long it actually takes for vendors to produce patches? Even in Symantec's report they state "68 percent of documented vulnerabilities were not confirmed by the affected vendor".

Also from Symantec's report,
- "Home users were the most highly targeted sector, accounting for 93 percent of all targeted attacks."
- "Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers."

And what OS do you think these targets are using? Good thing it's the "most secure OS" then or I might have to switch to Solaris or something! Thu, 22 Mar 2007 19:24:00 GMT donotreply@osnews.com (ctl_alt_del) Comments RE[2]: Of course Symantec is a friend of Microsoft http://osnews.com/thread?223787 http://osnews.com/thread?223787 Yeah ?

And your bot-netted zombie machine has been sending me spam for years....

Windows users should run a virus scanner by default... just in case.

Firewalls are not the key. Malware authors know what port 80 is for, and they use it. Thu, 22 Mar 2007 19:26:00 GMT donotreply@osnews.com (raver31) Comments RE[2]: Cognitive Bias http://osnews.com/thread?223799 http://osnews.com/thread?223799 Exactly right, sir! Thu, 22 Mar 2007 19:44:00 GMT donotreply@osnews.com (twenex) Comments security is not a rocket science http://osnews.com/thread?223804 http://osnews.com/thread?223804 Everybody can make their products secure, if they really care. It's nor rocket science, there are rules that need to be followed. If Windows are not secure enogh now, they will be someday.

I don't like the way the Windows are secure. There is a lot of services in Windows that are open to the network. Fair share of them can not or should not be shut down. In fact, there is only a vague idea of what they do. I hope that Microsoft engineers are the exception to this.

Instead of shutting down those services, one must put machine behind the firewall, either personal or common, or make sure that they are patched properly.

On UNIX and similar systems, one just shuts down services that are not needed. If one does not need NTP service, the solution is to prevent it from starting. That is the way to avoid a lot of problems, without wasting effort on them. Thu, 22 Mar 2007 20:11:00 GMT donotreply@osnews.com (trenchsol) Comments RE[3]: Laughable http://osnews.com/thread?223810 http://osnews.com/thread?223810 In other words, if you don't, then it amounts to:

"Microsoft [Windows] is the only widely available commercial OS. Microsoft [Windows] is the most secure widely available commercial OS."

I wasn't saying Windows was the only serious commercial OS. I was just contesting that OSX was. Thu, 22 Mar 2007 20:37:00 GMT donotreply@osnews.com (Almafeta) Comments Blimey..... http://osnews.com/thread?223813 http://osnews.com/thread?223813 .... is it 1st April already????? Thu, 22 Mar 2007 20:45:00 GMT donotreply@osnews.com (latte) Comments Of course symantec would say this http://osnews.com/thread?223814 http://osnews.com/thread?223814 MS is doing great helping them sell a ton of anti-virus and anti-malware software.

I'm sure they feel MS is doing great on security as its making them freakin' billions. Thu, 22 Mar 2007 20:46:00 GMT donotreply@osnews.com (Bit_Rapist) Comments RE: Convoluted logic http://osnews.com/thread?223815 http://osnews.com/thread?223815 That's what I understood too... MS has the smaller number total BUT the highest of severe ones...

/LOL Thu, 22 Mar 2007 20:57:00 GMT donotreply@osnews.com (Ikshaar) Comments I'd listen to Clippy before Symantec http://osnews.com/thread?223816 http://osnews.com/thread?223816 Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.
This goes high in my list of unintentionally hilarious "attacks" by Unable-To-Compete poster children. Where did they get the info? Reading Slashdot? They know nothing about Mac's, judging by their attempts to penetrate that market with a worthwhile product. I'd purely love to hear the community response if they tried to market something on Linux.

Microsoft is doing better overall... at selling Symantec products. MS's clueless, marketing driven product lines justify the existence of Symantec, despite their high prices and extremely poor quality. (What can I say? Windows usability and stability are what they are, and they're a whole lot worse with anything by Symantec installed. And, since Symantec products often can't be uninstalled....)

In short, I don't consider Symantec credible on this or any other topic except marketing, which is OT. Move on, folks. Thu, 22 Mar 2007 20:57:00 GMT donotreply@osnews.com (pauls101) Comments High priority / severe? http://osnews.com/thread?223819 http://osnews.com/thread?223819 Per the internetnews article:

During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows...

... of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity...

...43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.

Durr.. it seems to me what really counts here is 1) the number of high priority/severe vulnerabilities; and 2) the amount of time it took to fix those high priority/severe vulnerabilities.

High priority/severe vulnerabilities:
* MS Windows - 12
* RHEL - 2
* Mac OS X - 1

Misleading article. Thu, 22 Mar 2007 21:17:00 GMT donotreply@osnews.com (anomie) Comments to end this debate http://osnews.com/thread?223821 http://osnews.com/thread?223821 http://secunia.com/product/22/
Vulnerability Report: Microsoft Windows XP Professional
Affected By 179 Secunia advisories
Unpatched 18% (33 of 179 Secunia advisories)
http://secunia.com/product/22/?task=statistics

http://www.redhat.com/magazine/017mar06/features/riskreport/
Vulnerability Report: RedHat Enterprise Linux AS 4
Affected By 268 Secunia advisories
Unpatched 0% (0 of 268 Secunia advisories)

http://www.osnews.com/story.php/17488/OpenBSD-Gets-Its-Second-Remot...

I can't even understand why people bother to comment or listen to this....

I don't care if Red Hat spends a tad bit longer as long as I don't have open holes like MS...

Hmm I was almost as bad as the report, comparing wrong products...

so here we go:

Microsoft Windows Server 2003 Enterprise Edition
Affected By 120 Secunia advisories
Unpatched 9% (11 of 120 Secunia advisories)
http://secunia.com/product/1174/?task=statisticsEdited 2007-03-22 21:21 Thu, 22 Mar 2007 21:18:00 GMT donotreply@osnews.com (maceto) Comments Windows Most Secure OS? http://osnews.com/thread?223824 http://osnews.com/thread?223824 That is funny, now show me the REAL report. Thu, 22 Mar 2007 21:22:00 GMT donotreply@osnews.com (Supreme Dragon) Comments RE[2]: Title is wrong http://osnews.com/thread?223840 http://osnews.com/thread?223840 Ah ok. Let's apply the same logic to it all then...Windows isn't an operating system. Windows 98, ME, 2000, XP etc are. But not Windows.

See, I can nitpick as well!

Anyways, how did Microsoft get away with trademarking a common word, which is supposedly illegal to do?

Dave Thu, 22 Mar 2007 22:29:00 GMT donotreply@osnews.com (melkor) Comments RE: to end this debate http://osnews.com/thread?223846 http://osnews.com/thread?223846 Well posted. Would have been even better to state the number of severe threats etc in each case as well, to show that GNU/Linux has fewer. Time to patch data would have been good as well. I know I can go and hunt this data down, but I'm lazy. Good work.

Dave Thu, 22 Mar 2007 22:33:00 GMT donotreply@osnews.com (melkor) Comments CP/M is the most secure OS :-) http://osnews.com/thread?223856 http://osnews.com/thread?223856 Using the arguments of this pseudo-study I can conclude that CP/M is the most secure OS of the world. There are no security vulnerabilities reported nor viruses/malwares .
Linux can have many reported bugs because it is part of free software developing process. The important is that the ritm of patching is more intense and there are no taxes for updating the operating system Thu, 22 Mar 2007 22:46:00 GMT donotreply@osnews.com (shiva) Comments RE: Cognitive Bias http://osnews.com/thread?223864 http://osnews.com/thread?223864 I've been reading through comments here, and I've come to one conclusion. No one commenting has an open mind at all. This is not specific to this thread or topic either. The only reason that you are even reading these posts and comments are to reconfirm your own per existing beliefs. If something does not conform to your beliefs it would not matter how much actual data is presented, the basis for the articles conclusions would be in error. Everything you are reading you are filtering based on the flawed logic that all your current beliefs are 100% fact. I'm sure I don't have to tell you how stupid this makes you appear.

Lol, what are you confused about?
I have an open mind, unfortunately Windows has too many open holes so it's more of a swiss cheese than an operating system.
And what you term as a belief I call first hand experience.
I guess you never experienced having Windows powned by a warm 2 minutes after a fresh install.
Well, I have experience that, so my "belief" is based on personal experience.
I don't think some ridiculous study will change my "belief" based on years of personal experience.
Good analogy:
I get burned by fire. From then on I don't just believe that fire will hurt me. I KNOW that fire WILL HURT me.
And no matter how many times someone will tell me that it's ok to put my hand in a fire, I know better (from experience).
Besides, even comparing a toy os like Windows to heavy duty os's like HP Unix or Solaris that run big iron servers with uptime and reliability Windows can only have wet dreams about, is ridiculous.
Basically Symantec is sucking up to Microsoft because without Windows they have no product to sell. Thu, 22 Mar 2007 23:11:00 GMT donotreply@osnews.com (shapeshifter) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?223865 http://osnews.com/thread?223865 Agree with you entirely re. Symantec 'security' products.
- add McAfee to that list,too.

As soon as either is uninstalled and the computer rebooted,
some semblance of efficiency returns.
Run a cleaner or two,as well,
and things get better again
as you start to clean out the 'tar' mentioned earlier.

Yes..it dismays me when I hear ppl say
how they just went out and bought,
i.e. pd.ca$h for, Norton This or That. Thu, 22 Mar 2007 23:14:00 GMT donotreply@osnews.com (pcdoctor) Comments Your Research Studies are correct. http://osnews.com/thread?223866 http://osnews.com/thread?223866 Yes. Thu, 22 Mar 2007 23:16:00 GMT donotreply@osnews.com (pcdoctor) Comments RE: dear God http://osnews.com/thread?223867 http://osnews.com/thread?223867 " I would *rather* see more patches,
because that means that the vendor is finding bugs and holes and actually fixing them." - you say...

and you're right!
No-one ever made a perfect OS and didn't have to patch it.
Not MAC, not Linux, no-one.

And yet we somehow continue to pretend or expect
that somehow the next flashy OS to come out will be 'perfect'
and never need patches.
What is it? a freak? Thu, 22 Mar 2007 23:21:00 GMT donotreply@osnews.com (pcdoctor) Comments repeat http://osnews.com/thread?223870 http://osnews.com/thread?223870 actually, this is said 70 times here, but i want to say it too for fun:
i will not believe symantec even they tell me, that i cant believe them
blessed the day, when i said goodbye to their products Thu, 22 Mar 2007 23:34:00 GMT donotreply@osnews.com (k.g.stoyanov) Comments RE[2]: Cognitive Bias http://osnews.com/thread?223871 http://osnews.com/thread?223871 "Basically Symantec is sucking up to Microsoft
because without Windows they have no product to sell.

- and any anti-Symantec sentiment expressed here
is due to experience and the school of hard knocks,
not becoz we simply feel like trashing Norton and Co.

In my early (Mac) days, Norton was a decent utility
that pulled me out of my first few system crashes,
and I admired and appreciated it greatly..
but over the years it just got bloated and overbearing,
ripping off clock cycles like it paid for the computer
and generally earning itself a bad/unpleasant reputation!
Argue with that.
- but you can't, coz everyone has had pretty much the same experience
over the last 10 yrs. or so. Thu, 22 Mar 2007 23:36:00 GMT donotreply@osnews.com (pcdoctor) Comments RE[2]: Title is wrong http://osnews.com/thread?223873 http://osnews.com/thread?223873

It is linux that is not an OS. It's only a kernel.

And who said it is? I only said the title was wrong, so there's no need to feel attacked by a pro-linux guy. Besides, you are not even contradicting me, just asserting something different, true, but different. And what I said still holds true, no matter how much you try to confuse things.Edited 2007-03-23 00:08 UTC Fri, 23 Mar 2007 00:04:00 GMT donotreply@osnews.com (sbenitezb) Comments RE[2]: mmm http://osnews.com/thread?223877 http://osnews.com/thread?223877 Ya'll can try http://www.autopatcher.com It's an offline system update website. Fri, 23 Mar 2007 00:27:00 GMT donotreply@osnews.com (knightrider) Comments Bah humbug http://osnews.com/thread?223879 http://osnews.com/thread?223879 Hackers have shifted their focus away from the OS and are now using vulnerabilities in the apps that are installed on the OS. e.g Word, Excel, IE as these products will be trusted by the firewall and allowed to access the internet.

Brutal assaults on the OS are no longer necessary. Now it's the apps turn to feel the heat. So the OS can be as "secure" as ya'll wanna say but it won't mean diddly squat if you are using buggy, vulnerable programs on it. It'll get "owned" if the right measures are not taken. And there is the slight chance of a zero-day exploit doing a number on you.Edited 2007-03-23 00:36 Fri, 23 Mar 2007 00:33:00 GMT donotreply@osnews.com (knightrider) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?223880 http://osnews.com/thread?223880 They turned Norton Antivirus into a flaming pile of shit.

Norton Internet Security was BORN a flaming pile of shit.

actually... NIS was another product gobbled up and destroyed by Symantec. Long long ago in the before time there was an awesome little firewall... @gate firewall. Fri, 23 Mar 2007 00:40:00 GMT donotreply@osnews.com (norxh) Comments Exploitable vulnerabilities http://osnews.com/thread?223883 http://osnews.com/thread?223883 From the article:

"The risk of exploitation in the wild is a major driving force in the development of patches. As with
previous periods, Microsoft Windows was the operating system that had the most vulnerabilities with
associated exploit code and exploit activity in the wild. This may have pressured Microsoft to develop
and issue patches more quickly than other vendors. Another pressure that may have influenced
Microsoft's relatively short patch development time is the development of unofficial patches by third-
parties in response to high-profile vulnerabilities." Fri, 23 Mar 2007 01:10:00 GMT donotreply@osnews.com (wannabe geek) Comments at long last, the truth... http://osnews.com/thread?223889 http://osnews.com/thread?223889 I already knew that Windows was the cheapest, and the best performing OS. Thanks to Symantec, I know now the whole truth, it is also the safest. And the fact that Windows is their only market changes nothing to it. Is's proven...mmm...

We live in a world of fairy tales. It's wonderful. Fri, 23 Mar 2007 01:50:00 GMT donotreply@osnews.com (roger64) Comments RE: Bah humbug http://osnews.com/thread?223895 http://osnews.com/thread?223895 {Hackers have shifted their focus away from the OS and are now using vulnerabilities in the apps that are installed on the OS. e.g Word, Excel, IE as these products will be trusted by the firewall and allowed to access the internet.

Brutal assaults on the OS are no longer necessary. Now it's the apps turn to feel the heat. So the OS can be as "secure" as ya'll wanna say but it won't mean diddly squat if you are using buggy, vulnerable programs on it. It'll get "owned" if the right measures are not taken. And there is the slight chance of a zero-day exploit doing a number on you. }

If you are a "black hat" person wanting to write an exploit so that you can "own" a system, you might use an application as a route to get your exploit code installed onto the target system, but the exploit code itself has to target the OS, not applications.

It isn't much use "owning" a system only when it happens to be running Powerpoint, for example. To be useful, you must "own" the system full-time. That means "owning" the OS itself.

Black hats may be targetting vulnerabilities of applications in order to gain access into systems (ie, to get past firewalls as an example you gave), but that does not mean that "Hackers have shifted their focus away from the OS".

BTW, on Windows systems, black hats do not have to rely on particular applications being installed in order to have potential holes in firewalls. Microsoft have built in several nice holes deliberately ... WGA checks, Windows update, remote desktop, online help, DRM checks, new codecs ... there are already quite a few exploitable holes pre-installed on Windows systems without any applications at all!Edited 2007-03-23 02:20 Fri, 23 Mar 2007 02:19:00 GMT donotreply@osnews.com (lemur2) Comments RE: Bah humbug http://osnews.com/thread?223901 http://osnews.com/thread?223901 Er. Yes and no. Malware commonly uses the fact that certain applications are trusted by the firewall to get around it. But most of the time malware isn't actually using an exploit in the app. Rather it's using a rather bad design decision on Windows named:

CreateRemoteThread

http://msdn2.microsoft.com/en-us/library/ms682437.aspx

On linux we have equivalent posix functions.

On both systems you need to have the correct privileges to open the process.

The difference? On Windows, the user often has those privileges, on linux, not as much. And SeDebugPrivilege.

SO if you want your threat to ensure the only way that you can be deleted is with a reboot, you inject into System.

If you want to get around the firewall, you inject into IE.

You don't need to exploit anything.Edited 2007-03-23 03:16 Fri, 23 Mar 2007 03:15:00 GMT donotreply@osnews.com (blahblah) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?223902 http://osnews.com/thread?223902 I was going to vote your score higher, but it's already maxed out.

Norton's utilities were good, but I cannot recommend any of them.

You can't shut off Ghost.
Their firewall crashes often.

The whole concept of a security center, or an anything center is a waste of memory and processor time.

Marketing people should not design software! Fri, 23 Mar 2007 03:30:00 GMT donotreply@osnews.com (BrendaEM) Comments RE[2]: Cognitive Bias http://osnews.com/thread?223903 http://osnews.com/thread?223903 I don't know about you, but I've run many computers with no problems on WinXP SP2 without any antivirus, and only using windows builtin firewall. I admit. before SP2 it was different story, but after their fixes with it, I've been running all my systems stable leaving them on and online for months at a time. Rock solid.

I'm not dissing other OSs either, if you want mac or linux that's great. I just don't see the point in tearing down a product, when the development of it has been steadily improving. Microsoft is doing better, and responding to problems faster, they should be commended for their improvment. Fri, 23 Mar 2007 03:39:00 GMT donotreply@osnews.com (randomsurprise) Comments Stop the presses! http://osnews.com/thread?223905 http://osnews.com/thread?223905 Microsoft has competitors!!?? That's got to be a short list. Did they throw Win3.1 in there for filler? Fri, 23 Mar 2007 04:02:00 GMT donotreply@osnews.com (Phloptical) Comments What a world of BS!!! http://osnews.com/thread?223907 http://osnews.com/thread?223907 Symantec is just turning crazy, they come up saying that Windows is more secure but in the same time they say this,

http://www.macworld.com/news/2007/03/20/browser/index.php?lsrc=mwrs...

Well not very consistant knowing that IE only runs on well ........Windows.

I just wonder what the guys working at Symantec are thinking??? Fri, 23 Mar 2007 04:11:00 GMT donotreply@osnews.com (Hakime) Comments RE: please http://osnews.com/thread?223908 http://osnews.com/thread?223908 Yes, talk about misleading.

OS X is given is lower rating because they took an average 66 days compared to MS's 58 to patch. Then in the next sentence they say only 1 was critical on OS X and 12 were critical on Windows. We'll I guess getting a fix 1 week faster on average is more important than having much less critical flaws. 8-) Fri, 23 Mar 2007 04:39:00 GMT donotreply@osnews.com (Headrush) Comments All right all right.. http://osnews.com/thread?223919 http://osnews.com/thread?223919 Everybody had a great laugh.
We may now get on with our lives.

Fri, 23 Mar 2007 08:48:00 GMT donotreply@osnews.com (h3rman) Comments So who will buy Symantec now? http://osnews.com/thread?223924 http://osnews.com/thread?223924 I use Linux (Gentoo) and I don't use ad-aware or virus scanners, they are simply not needed, I believe MAC users don have a need for them too. And now that Microsofts OS is the most secure one, who needs Symantec, Norton and gang?

And what operating system is the driving force behind the gigantic bot-networks? SUN? Fri, 23 Mar 2007 09:42:00 GMT donotreply@osnews.com (makkus) Comments RE[3]: Cognitive Bias http://osnews.com/thread?223925 http://osnews.com/thread?223925

Exactly right, sir!

Why, thank you sir! Seems to me you are doing nicely yourself ;-) Fri, 23 Mar 2007 09:48:00 GMT donotreply@osnews.com (SReilly) Comments Or maybe the problem is somewhere else!!!! http://osnews.com/thread?223930 http://osnews.com/thread?223930 Tuaw has a good post on this story,

http://www.tuaw.com/2007/03/22/fud-windows-is-most-secure-os/

It seems that this statement saying that Windows is most secure OS does not really belong to Symantec per say, but to the person who wrote this article (if of course i can call this thing an article, in reality probably not!!!), Andy Patrizio, who seems having quite a lot of difficulties to understand things correctly. So it seems that our friend Andy is a fan of lazy reporting, he reads something, he does not understand it, and finally he end up claiming BS. Why BS, well Tuaw sumarizes it well,

"hat is, what apparently makes Windows "most secure" is that in the Jul-Dec 2006 timeframe Microsoft took an average of only 21 days to patch holes, while Red Hat (linux) took took 58 and Apple took 66. Okay, so Microsoft is best right? But that's silly, why would the speed of responding to holes by itself determine which OS is most secure? It should clearly matter how serious the holes were in the first place! If you're slow to patch relatively innocuous holes, is that not better than quickly patching a larger number of more serious holes? And when we look at the breakdown we see that in this period Microsoft had 39 disclosed vulnerabilities, and "12 were considered high severity, 20 were medium." Apple, on the other hand, issued 43 patches, and only "one was considered high severity, 31 were medium." So basically, Microsoft is quicker at patching 12 times as many high severity vulnerabilities, and that apparently makes Windows "more secure.""

Having 12 times more serious vulnerabilities than OS X makes Microsoft patching them more quickly, i guess they better do that,this explains that ............. only Patrizio does not get it..... Fri, 23 Mar 2007 10:15:00 GMT donotreply@osnews.com (Hakime) Comments RE[2]: please http://osnews.com/thread?223939 http://osnews.com/thread?223939 Microsoft - 58(days) x 12(vulns) = 696

Apple - 66{days) x 1(vuln) = 66

So Microsoft must be more secure - right? It's a bigger number!

:} Fri, 23 Mar 2007 11:47:00 GMT donotreply@osnews.com (biteydog) Comments RE: I already knew that! http://osnews.com/thread?223944 http://osnews.com/thread?223944 Comment like above sucks! Fri, 23 Mar 2007 12:19:00 GMT donotreply@osnews.com (taos) Comments Two problems with this article http://osnews.com/thread?223946 http://osnews.com/thread?223946 1. Surprise, Microsoft Listed as Most Secure OS
Microsoft is not an operating system.

2. Symantec, no friend of Microsoft
If Microsoft's products were secure, Symantec would have gone out of business years ago. Microsoft's product's insecurity is Symantec's excuse for existence. Not friends? In my opinion, they are not only friends, they are sexually intimate friends. Fri, 23 Mar 2007 12:26:00 GMT donotreply@osnews.com (ido50) Comments RE[3]: Cognitive Bias http://osnews.com/thread?223956 http://osnews.com/thread?223956 I admit. before SP2 it was different story, but after their fixes with it, I've been running all my systems stable leaving them on and online for months at a time. Rock solid.

I worry about people who feel the need to tell us how they've left their XP, SP2 no less, machines on and connected to the internet for months and months. And then they add the ubiquitous 'rock solid' statement at the end. Fri, 23 Mar 2007 13:36:00 GMT donotreply@osnews.com (segedunum) Comments RE: Blimey..... http://osnews.com/thread?223961 http://osnews.com/thread?223961 I was just thinking the same... Fri, 23 Mar 2007 14:11:00 GMT donotreply@osnews.com (Darkelve) Comments RE: Cognitive Bias http://osnews.com/thread?223976 http://osnews.com/thread?223976 Dude, the real question here is not why some people are being a bit overzealous in calling foul on an operating system that has consistently had more security holes than a piece of swiss cheese for over a decade running, backed by a company engaging in court-proven illegal business practices, communicating lies and half-truths to it's customers, and interfering with democratic processes around the world.

The real question is, what the hell posesses someone like you to donate their time to defending such an entity? Fri, 23 Mar 2007 15:33:00 GMT donotreply@osnews.com (macro) Comments RE[3]: Cognitive Bias http://osnews.com/thread?223979 http://osnews.com/thread?223979 Like the almighty coming down to scold us you tell us how we are all bias because we point out an article that shall we say, uses creative interpretation of facts to make a point. (Windows being most secure OS) Obviously some people are gonna bash MS no matter what, but many of us are a little more knowledgeable and able to understand the problems with that article.

Then you use your OWN bias to tell us you have no problems with Windows security, hence it must be OK. I hear people use this all the time as an argument. Obviously a single case cannot prove a statement, only disapprove one.

That fact that many of us make a living based on Windows problems indicates that there are indeed true issues. Some will argue its secure, but the users does things to make it vulnerable; than that is a design flaw in the OS to allow users to do that or to make a condition where users would want to do it. (If the LUA dialogs are so annoying that it causes people to turn it off, that's a design flaw.)

I don't care what OS anyone uses, but there is so much BS floating around end users can't make a truly fair, informed decision, and that is what this whole argument comes down to. Most people won't read that article, they'll just see that headline and take it for truth and pass it on. Be nice if end users were more informed, but they won't be, history shows people just follow the leader. (ex. MS, Hitler, Tattoos, fashion.)

If it wasn't for competition and users who questioned articles like this, don't kid yourself, whether Apple, MS, Sun or IBM, they wouldn't be making these improvements that even you acknowledged. (or they would be a lot slower.) Fri, 23 Mar 2007 15:47:00 GMT donotreply@osnews.com (Headrush) Comments RE[2]: Laughable http://osnews.com/thread?223980 http://osnews.com/thread?223980 Just because you've used both means that OS X is more secure than Windows? Perhaps you didn't know how to keep your Windows box secure? When was the last time you used Windows? OS X? The fact you used both does nothing to convince me.

Now I have administered both XP and OS X, and I have found that it is not too hard to keep a Windows box safe. Firewall, spyware scanner, and a good(read not Norton) AV package. after that, they are both pretty secure. The real secret is not to let your users run as admin, but we all knew that.

Users running as admin is the REAL security problem with Windows, you really don't need a spyware scanner if you run as a normal user, and probably could get away with out AV software too, but I'm too chicken, lol Fri, 23 Mar 2007 15:47:00 GMT donotreply@osnews.com (BluenoseJake) Comments RE[2]: Bah humbug http://osnews.com/thread?223983 http://osnews.com/thread?223983 Actually, what you are saying is not a bug, it's just that when you run Windows as an Admin, it allows you to run CreateRemoteThread. You are exploiting something, but it is not a bug, it's a problem with the defautl settings, and a problem with the culture of Windows users. Fri, 23 Mar 2007 15:56:00 GMT donotreply@osnews.com (BluenoseJake) Comments Hmmm... http://osnews.com/thread?223986 http://osnews.com/thread?223986 What are the major competitors to windows? Apple & MS are the only companies that I ever seen a OS ad for. So it is easy for MS to come out ontop, cause windows is what like 98% of the market share? Fri, 23 Mar 2007 16:08:00 GMT donotreply@osnews.com (Edward) Comments RE[2]: Of course Symantec is a friend of Microsoft http://osnews.com/thread?223994 http://osnews.com/thread?223994 Since when was that a fact? I've run many versions of Windows for years without ever touching an antivirus program. And I've never had a problem. A firewall is the key.

What exactly are you people doing? Seriously, I don't use a virus-scanner for exactly the reason people say, i.e. there are none available anymore that don't eat 90% of CPU time just because they can. Likewise, I don't use any firewall software because it makes everything a giant hastle and, again, wastes memory and CPU time...

Now, I run a random virus check about once a month, I've never once been infected. I run spyware/adware checks, never have a damn thing pop up...

Admittedly, I turn off any windows services I don't actually need (all but 4 of them are unneeded, 8 if you do really weird things) and restrict anonymous access (gets rid of SMB exploits, etc., only takes changing a 1 to a 0 in the registry), but these are things you all certainly do since it takes about 30 seconds to complete?

At what point do you suddenly need anti-virus software and firewalls? o.O Yes, I know for "ideal" security you install them, but I've never once seen any benefit from them, and I'm online all friggin day long.

I mean, come on, I use cable-access internet in a city of 580,000 people (read: horribly insecure) and still don't have any odd problems. Fri, 23 Mar 2007 16:42:00 GMT donotreply@osnews.com (Steven) Comments RE: Microsoft [Windows] the most secure OS?? http://osnews.com/thread?223996 http://osnews.com/thread?223996 Hum... let me see i spend at least a day every week removing virus and spyware from costumers pc's... and with my mac, my linux server and my solaris server i spend... oh wait... i dont... so the logical conclusion: windows is more secure... oh yea... (i know im not using numbers to sustent my post, but this is my experience)

Just curious... but can anyone here actually list a single virus of spyrware/adware instance that affects OS X, Linux, or Solaris? (yes, I know, theoretically there has been that one virus on OS X, etc, but really, without a google search can you list something?)

Yeah, Microsoft needs to stop hiring interns to make their software, no argument here against that... but virus occurrence in comparing Windows to three systems where viruses don't actually exist is sort of... not relevant to anything, security or otherwise?

Also, unlike your customers, I assume you are not a retarded monkey... you could likely use windows with the same results (I spend all day cleaning other peoples PCs but never have to clean my own becayse I don't do stupid crap with it) Fri, 23 Mar 2007 16:52:00 GMT donotreply@osnews.com (Steven) Comments RE: I'll never, ever trust Symantec again. http://osnews.com/thread?224002 http://osnews.com/thread?224002 They survive for the same reason Windows is the dominant OS, not because it is better, but because it is what people have come to know. As an example, I was in Staples yesterday and one of the sales people was helping a ldy with AV software. She insisted that she had to have Symantecs AV, I refuse to call it Norton's as I think he is probably as disgusted with the product as I am, and so that is what they sold her.

As a side note, I beta tested for many years for Syamntec and I have to agree that they have taken many a good product and turned it into crap. Quite frankly, I would take anything coming out of there with a whole shaker full of salt. Given the conditions of the test the results are actually pretty accurate. The same test could be set up in such a way that Windows 98 comes out on top. Fri, 23 Mar 2007 17:11:00 GMT donotreply@osnews.com (protagonist) Comments RE[2]: Title is wrong http://osnews.com/thread?224003 http://osnews.com/thread?224003 Please, you almost made me spit my coffee all over my LCD screen. How about a little warning next time. :-) Fri, 23 Mar 2007 17:12:00 GMT donotreply@osnews.com (protagonist) Comments RE: Stop the presses! http://osnews.com/thread?224004 http://osnews.com/thread?224004 Competition would be all over the place if Red Hat & Novell and the rest would market by pre-loading their operating systems on pc/laptop configs...

Marketing is the key to success on the desktop from what I understand Dell & HP are listening to the end user now and loading a pre-installed Linux distro (kudos).

In the meantime I would not give any merit these 'threat reports' or any of this non-sense.

Fedora Core user here... Fri, 23 Mar 2007 17:13:00 GMT donotreply@osnews.com (Southern.Pride) Comments RE[3]: Laughable http://osnews.com/thread?224006 http://osnews.com/thread?224006 Oh come off it. Can Windows be run without getting infected? Yes, I have done it. I used to beta test for Symantec AV and I used live virus files to do it. (They about had a fit when they found I was testing the product against live virus files, BTW).

I can definitely state the OS X, (and Linux and BSD for that matter), is more secure than any of the Windows OS's I have run, (except Vista and since I haven't run that I can't comment on it). I can secure a Mac and a Linux/BSD machine in a matter of minutes. To get the same level of security in Windows takes a lot longer. And that is why most people will never properly secure their Windows machine. They don't know how and even if they did they would not want to take the time required.

Linux/BSD and OS X are far more secure out of the box than Windows. All of them can be made more secure, but at this time only with Windows is is absolutely essential that you do so. I would never hook any computer straight to an always on connection regardless of the OS running on it. But a lot of people hook Windows up that way. So yes, Windows is less secure by default. Fri, 23 Mar 2007 17:34:00 GMT donotreply@osnews.com (protagonist) Comments RE[4]: Cognitive Bias http://osnews.com/thread?224008 http://osnews.com/thread?224008 "I worry about people who feel the need to tell us how they've left their XP, SP2 no less, machines on and connected to the internet for months and months. And then they add the ubiquitous 'rock solid' statement at the end."

Why do you think we have all these trojans and viruses floating around? :-) Fri, 23 Mar 2007 17:45:00 GMT donotreply@osnews.com (protagonist) Comments RE[4]: Laughable http://osnews.com/thread?224009 http://osnews.com/thread?224009 Yes, you are right, which is what I said. But the reason it is so insecure is that everyone runs as administrator, take that away, and a lot of the exploits through IE, for example, would no longer work. Fri, 23 Mar 2007 17:55:00 GMT donotreply@osnews.com (BluenoseJake) Comments RE[4]: Cognitive Bias http://osnews.com/thread?224421 http://osnews.com/thread?224421 With any operating or security system, the largest security hole is the user. With the human element it is imposible to make something completly secure. This is why large companies have employees educated on security concerns and best practices. You see comercials about how information is the anti-drug, well I would say that information is the best anti-virus as well. I don't feel that the answer to security problems is to add more and more restrictions to the user, just educate them.

BTW, I was not supporting or denying the thread topic. My original post was just pointing out what I've been seeing any many threads, finally decided to say something about it. Sun, 25 Mar 2007 04:47:00 GMT donotreply@osnews.com (randomsurprise) Comments Umm.. how about weighing severity? http://osnews.com/thread?224507 http://osnews.com/thread?224507 If you weigh the severity of the flaws, Microsoft gets knocked down fairly well ( likely removing its crown if mathematically applied and balanced ).

Scoring Vulnerabilities:

Critical: 50
Can take over PC Controls, full access
Severe: 40
Full access, but cannot interfere with user.
High: 30
Full Read, with possible write access, but not be
able to execute anything.
Medium: 20
Can cause a program crash, but cannot cause other
'permanent' damage. Some times these can load
trojans, but the trojans may be nearly 'harmless'.
Low: 10
Requires user-action to accomplish. Cannot take
over machine, but may be able to cause temporary
instability.

Someone else do the scoring :-)

--The loon Sun, 25 Mar 2007 18:05:00 GMT donotreply@osnews.com (looncraz) Comments