Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month. On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user's privileges on all of the company's recent operating systems, including Vista. Update by Thom: Ars thinks the situation is hot air, mostly, something I agree with (a cracker already has to have login credentials for the flaws to be of any use).
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-10
We all know the excuse that software development is complex, yadda, yadda, yadda.
And we ALL know that "Linux" is a kernel.
Here is the question? Please list those "Plenty of programs" that are included in desktop Linux distros that provide holes for privlage escalation.?
Since Vista is a "Desktop" OS lets not compare Apples to Oranges
The other funny thing is most of thee programs you are prob thinking of like PHP a lot of times have the same issues on Windows Server.
Member since:2005-07-08
Member since:2006-01-27
There's some major differences between Windows and the rest of the world. First being that most Open Source apps have a very fast development cycle, with regular releases. Also most Linux distros handle these agile release cycles via a package management system that can sync to a managed repository in order to update the system. These two factors shrinks the attack window and administration hassles of average installations that are kept updated.
Member since:2006-07-13
of course each complex product has it's flaws.
Linux as a system, not as a kernel only, also is a very complex product. There aren't that many privilege escalations out there, even while open source.
The fact that MS is being used on more systems does not directly mean that more used = more hacks. in fact, Apache vs IIS for instance shows that it doesn't have to be true.
There are a lot of people looking at the linux code (complete, not the kernel) and bugs are found quicker, fixed quicker and don't have adverse side-effects as often as what MS does.
I think that one of the biggest problems MS has is the way it develops code; many parts haven't even bene developed at first by MS itself; their revision control system has quite a few problems -- it sometimes takes 4 months to get a piece of code mainstream aftre it has been checked out. This causes a lot of problems.
What the biggest problem of MS in my opinion is: they state so much about security and time after time, hey fail to deliver. It wouldn't be big news if MS hadn't told us about their most secure os.
If MS wants to have a better OS, they should do a few things like
having external code reviews and being able to build the code by the reviewers.
So far MS again has done it -- tell people how good they are and the people will just show how wrong they are.
edit: changed 'the' in 'their' to clarify more.
Edited 2006-12-27 10:36
Member since:2005-11-11
//It wouldn't be big news if MS hadn't told us about the most secure os. //
Actually, Microsoft didn't say that. Not at all.
What they said was that Vista is the most secure Windows OS ever.
I suppose there is even some truth in that, because there is less malware right now for Vista than there is for any other Windows OS.
Mind you, you can also probably say that there is less malware right now for both Mac OSX and GNU/Linux than there is for Vista.
Member since:
2005-08-17
Software development is complex.
Microsoft windows is hugely overly complex with so many integrated parts.
Linux is a kernel. It's small compared to the whole system. There are plenty of programs that run on a linux system that provide holes for privilege escalation.