Microsoft is getting serious about management software. That’s either terrific news or a real cause for concern, depending on who you are. On other MS news, three-fourths of computer software security experts at major companies surveyed by Forrester Research Inc. do not think Microsoft Corp.’s products are secure, the technology research company said on Monday.
Microsoft’s Challenge Lies Beyond the Desktop
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
” . . . three-fourths of computer software security experts at major companies surveyed by Forrester Research Inc. do not think Microsoft Corp.’s products are secure . . . ”
In other news . . .
Linux is free.
The sky is blue.
And computer viruses thrive in Outlook.
Linux keeps on churning out bugtrack reports…
Red Hat isn’t making any money…
The desktop linuxes aren’t “quite there” yet…
Sendmail is Linux’s competitor to Outlook’s virus farm.
Linux keeps on churning out bugtrack reports…
Yeah, and not to mention all these damn zealots (Omer Hickman) who like to jump on every MS article that pops up. I mean, what are they FEEDING these people?
“Linux keeps on churning out bugtrack reports
Red Hat isn’t making any money.
The desktop linuxes aren’t “quite there” yet…
Sendmail is Linux’s competitor to Outlook’s virus farm.”
Those don’t make Microsoft’s products any more secure, however.
and you can type the following in your terminal to see just how secure a typical linux distribution would be
wget -O – https://rhn.redhat.com/errata/rh72-errata.html | grep RHSA | wc -l
in my neck of the wood the number is 254
I dont get what looking at the number of errata tells you? Doesn’t it tell you what FIXES have gone into RedHats products? I dont get your argument here. Surely the more fixes the better, also the time for a fix after a security problem is found is surely more important than the number of problems found over time.
If there was (just say) 50 security issues found in MS over the last 2 months but only 20 with fixes surely that is worse than if RedHat (or linux general) had 80 found in the same time frame but had fixes for 70 of them. It would leave MS with 30 outstanding problems and Redhat with only 10.
What I want to know is what is the the average time taken to fix a bug/security issue. Then I can multiply that by the number of bugs to see how long these holes were open in my system.
a larger number means more bugs – a fact as simple as reboot 😎
these bugs shouldn’t happen in the first place.
even if it only took 1 min to have a fix, there is still the question of how long it took for most people to install thoes patches.
if you want to know the details of those fixes, just click the URL.
IMHO, linux isn’t more secure than windows – the fact that there is less outbreak simply reflects the facts that
1 linux is a sub 10% minority
2 it is pretty fregmented and lack in “features” for an easily written “mass propagating” exploit.
a DOS box without a NIC and a modem doesn’t in itself mean it is more secure
So, you guys are the april fools joke. Clever one Eugenia.
😛
But it’s not Microsoft who’s making change difficult. It’s all the stupid people out there who refuse to change, because they think Linux is difficult and only for geeks.
Every week there’s a hundred new articles on whether Linux is “Ready for prime time” or “Ready for the desktop”. Linux is about as ready for the desktop as the people are ready for change.
It’s not about the technology anymore. It’s about the people’s perception.
IMHO, linux isn’t more secure than windows – the fact that there is less outbreak simply reflects the facts that
1 linux is a sub 10% minority
maybe on the desktop, but on the server (where security is paramount), Linux has a large (and growing) share. It already has a bigger share than the proprietary Unices combined, and it runs about half of all Web servers.
2 it is pretty fregmented and lack in “features” for an easily written “mass propagating” exploit.
By features, you mean “bugs” or “stupid code”. As far as I know, there is no e-mail client or word processor on GNU/Linux that automatically runs binary executables. That’s a good thing, and it shows that free software developers are not prepared to sacrifice security for ease-of-use.
When Windows 2000 was released, it still had about 65,000 open bugs, 15% of which could crash a system and/or corrupt data. You don’t often hear figures like these from the Windows world because MS likes to hide everything from you. ‘Security through obscurity’ doesn’t work. If MS were confident that their code was secure, they’d open it for all to see. Even with their ‘shared source’ programme they hide some of the most important bits. They even say that some of their code is so insecure that releasing it to the public would threaten US national security!
“Those don’t make Microsoft’s products any more secure, however.”
Where did I say or even imply that those made microsoft’s products more secure?!?!?
60,000!!!!1
not 254, and that is only their admission. no one is allowed to review the code except them (and maybe the chinese government, because thats the deal they had to make to get into china- but during the trial, they said releasing the code could compromise national security…for the us gov’t only, huh?) so there could be many more- no one knows.
‘a dos box w/o a nic and modem is not more secure…’
OF COURSE IT IS. don’t be a fool. the only way to make it more secure is to lock it in a closet, or to load os/2 on it (not because os 2 is so secure, but because only bankers can remember how to use it, and they wont steal s|-|it.)
at that point, the ONLY way in is with physical access, so 2 of 3 possible routes have been eliminated.
OF COURSE A COMPUTER W/O MODEM AND NIC IS MORE SECURE THAN ONE WITH. please don’t make me yell at you any more. go away if you have nothing smarter than what you have said to say. thanks.
in old days, virus was spread through floppies
a larger number means more bugs – a fact as simple as reboot 😎
That is true; however, Red Hat also ships with a lot more software than Windows does. The ratio (if it indeed is larger for Red Hat) is justified by the volume of software you get isn’t it? I mean, to be fair, you would have to combine the total number of bugs in Windows, Exchange, Office, VisualStudio, etc. and compare that with the number of bugs in Red Hat. Find those numbers and then I think we can make a valid comparison.
these bugs shouldn’t happen in the first place.
You can say that about any software product, but you know, there isn’t one of them that is bug free. This is for two reasons depending on what kind of software you are shipping. If you are shipping proprietary products, then the reason is very simple; revenue. Products are rushed out the door to make money. With open sourced products, the idea is to get something working, get it out in the public’s hands, have them find bugs, fix the bugs, rinse and repeat. The fact is you are never going to get away from bugs in software. The important thing is that once found, they get fixed in a timely manner.
even if it only took 1 min to have a fix, there is still the question of how long it took for most people to install thoes patches.
I know what you mean. I’m sick of coming to work almost everyday only to be notified that there is a new Windows update I need to install; along with yet another reboot.
The truth is I don’t mind installing updates. Updates and bug fixes are good. I don’t like sitting around waiting for a reboot though. Red Hat’s updates are much friendlier to install.
IMHO, linux isn’t more secure than windows – the fact that there is less outbreak simply reflects the facts that
1 linux is a sub 10% minority
2 it is pretty fregmented and lack in “features” for an easily written “mass propagating” exploit.
a DOS box without a NIC and a modem doesn’t in itself mean it is more secure
Having use both, I have to politely disagree (depending on what distro you are using, of course).
and once again a linux <-> windows war in the comments!
why can’t we discuss this thing as normal people? why?
no software is secure! call it linux, windows or what ever!
no my normal comment to this topic:
i work in many diffrend companies as a consultant and some time as a developer. most of my customers use windows on the desktop and the server. while they have a small number of services runing on other platforms.
in general all of them see windows as more insecure then other os. but all of them keep windows and over the years they learned how to live with that kind of insecure system.
not that they see windows as a major security problem. but they know that windows in terms of security and networking is not the ideal os. but they find their way around those problems and that is good for them.
my personal view of the situation is, that the windows responsable people in the companies see windows as the perfect os and no mather what kind of security problem they have, the first thing they start to say is, that other os have same problems, instead of fixing the problem.
the solaris ppl are not much diffrend, exept that mostly you can’t talk with them, because they are the best of the best and nothing comes close to them. in their eyes they are perfect.
the linux ppl are very very technical and no mather what you keep telling them… they will find a reason to outperforme the other. and if they can’t find any thing, then they will tell you that you can change the source and every thing will be okay.
the netware ppl keep telling how great netware WAS and that some things are still the best in netware. but that netware is not anymore as it was and they keep comparing things they had already in netwere 3.x or 4.x and windows has just now gotten that feature.
it is always the same, just another color, diffrend taste, diffrend size.
the perfect os would probably be a mix of every thing and at the end maybe this mix would be again a complete bullshit! who knows?
cheers
SteveB
I think Microsoft’s products are secure. 2 or 3 years ago I was really worried. I mean they integrated IE directly into the OS (kernel?). That was a cause for concern. But I am happy to report that Microsoft’s products are more secure now than ever before. Quite possibly the most secure OS in existence.
I highly recommend you run all your desktop and production systems on Windows because anything else might not perform to your expectations.
I use Linux.
What does surprise me that Microsoft is doing having only 8 clients who aggreed to do beta test of SMS2003.
SMS is such a sucker in Enterprise Management.
Call it “poor man IT management” – something like “Microsoft Networking” with all that domain and browser crap. Works great in environment of a dozen PCs and after that you need to hire MCSE. Clever strategy in some sense but product sucks.
All modern EM products (BMC, Unicenter, OPenView etc) can manage Linux as well as Windows and big Unices.
SMS was a big failure for Microsoft, I doubt they will revive it – not to mention that it competes with MOM and WBEM and whatever else Microsoft was trying to push to enterprise clients.
I actually thought that SMS is dead – most of the functionality is already included in OS itself (windows update, terminal services).
11,000 employees of MS are testing SMS ? That’s bad, very bad. It means that there are 11,000 SMS clients installed inside MS but MS itself is more than 50,000 people with more than 25,000 only in Washhington state. So Microsoft itself cannot use SMS to manage their IT. It’s almost as bad as MSN running on FreeBSD servers (or was it OpenBSD ?)
http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=3192
Don’t compare aples with oranges.