Linked by Thom Holwerda on Tue 10th Nov 2009 09:31 UTC
Windows Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of "scare 'm and they'll fall in line".
Thread beginning with comment 394135
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: They deserve it
by lemur2 on Wed 11th Nov 2009 22:37 UTC in reply to "RE[3]: They deserve it"
Member since:

"remarkable is Microsoft's claim that in the case of a security leak, Linux offers no guarantee of a patch- ignoring the fact that in the past, critical breaches in Linux have never been left for any notable length of time without a security patch being released. Unlike Windows, where a known security issue can stay un-patched for two years. Which shows that it's Microsoft that should be reticent of offering guarantees for patches.
There is no lie in saying that Linux isn't guaranteed a patch for a flaw. There is no one company behind it, to ensure that flaws will eventually be patched. "

This is true. I suppose then there are only the estimated 1.5 million full-time-equivalent developers involved with open source, who can all see the code and submit patches against identified problems, and whose best interest is undoubtedly served by promptly fixing any identified security problem.

As for 2 years, I guess you forget the OpenSSL weak key flaw that was a bug from mid-2006 until mid-2008 huh?

An as-yet-unidentified bug is not an unpatched security flaw. It is a bug.

An unpatched security flaw happens when a secruity bug is know to the general public, but no fix yet exists.

There was only a very short time span for the OpenSSL weak key flaw ... it wasn't hard at all to fix, as the flaw was caused by initialising some variables that shouldn't have been. As soon as it was identified, it was fixed.

Reply Parent Score: 2