Now don't laugh too much when reading this:

http://www.microsoft.com/windowsserversystem/facts/analyses/vulnerable.mspx

After reading the PDF document, I'm wondering which OS I will still be running next week - NOT!!!

Ned

L...O....L .........:D :D :D :D

i couldn't help ............

Delusions of grandure spriing to mind :rolleyes:

I guess they're worried, with linux attacking their stonghold - the desktop, the best way to defend is to attack linux's strong points, one of them being security.

This really is clutching at straws...

Quote of the Week also has to come from Microsoft.

When talking about the development of Service Pack 2 for WinXP and specifically the MSBlast fiasco last year, taken from this artical (http://news.com.com/Microsoft%27s+blast+from+the+past/2100-1002_3-5306235.html?tag=nl)

"This time last year was a really exciting time," said Amy Carroll, director of product management in Microsoft's Security Business and Technology Unit. "There wasn't a lot of sleep involved."

Well, I wouldn't exactly call 10 million of your customers computers incapacitated by a security vunerability present in your software as "a really exciting time". I bet "there wasn't a lot of sleep involved" trying to sort out that mess.

the thing that bothers me about that article is that they talk about the seperate distros as completely seperate entities
obviously in linux the thing that makes it superior is the cooperation and teamwork even among seperate distros, unlike microsoft a very large percentage of code spans between the distros, therefore quantifying who fixed what security flaw, and for that matter in how much time or the thoroughness of vulnerabilities fixed becomes irrelevant, as it is fixed in one place, the fix spreads quickly among the distros

whoever wrote and/or researched the data used in producing this article apparently had little clue as to the true nature of open source

they are just trying to do so bashing on LINUX.....becasue their OS is complete disaster :D

in case you guys did not know m$ bill gates makes $2000 every second so he's got to spend his money in some kind of campaing for his os....i just give him credit for helping people with aids which is a good dee.

Oh my god... I think I'm gonna throw up :D

Microsoft: % of flaws fixed: 100% :D
I can't belive they wrote this.

The sad thing is that a lot of people belive this crap.

If you install service crap 2 you will see that they control the security issues by basically eliminating network and internet connectivity.

I trided it on my satilite gateway acually had to reload the system as SC2 wouldn't even allow my sat software to work. So after two more failed attemps I ended up installing 2000 pro. Had no internet for 3 days.

Another thing you will notice is that you can't download anything without first clearing a security pop up bar at the top of IE, and there is even more crap popping up all over. They tell you if your firewalls are off, If automatic updating is off, if you gon't have virus protection...........

I am assumming MS is thinking if you spend all your time clicking on the annoying things popping up like corn, you won't realize the obvious, this is the biggest peace of s**t they have ever come out with.

I can't wait to here what tune they will be singing when the next round of viruses hit. Unless they meant they fixed all the problems in the original release and now they need to fix the 200 that are probably in SC2.

If you have to run an MS product as we do for our satallite(which by the way that is all it does. Controlled by VNC, doesn't even have a monitor hooked up to it.) Use one of the older verions like 2000 or 98 sec. edit. I figure that they are less likely to have MS patch another security hole into them anyways.

he he he, SP2 would have a field day detecting all the "errors." I turned EVERYTHING off. this (http://www.blackviper.com) site, it basically what you can turn off in XP, and i turned like everything off. SP2 is gonna have a milliion errors with my system. Oh well, all the more reason to use Fedora.

Not only that when you do the so call HOT FIX's you end up getting software conflict....that is what i heard from the MSCE's at work......

Mentally Challange Slaves of the Empire.......that's what i call them at work and they just laugh :D

Debian, Mandrakesoft, Red Hat and SUSE have responded to this report:

http://lxer.com/module/newswire/view/9986/index.html

There is also a page on slashdot discussing the original artilce

http://slashdot.org/articles/04/04/06/2152216.shtml?tid=126&tid=163&tid=172

Ned

Okay, if they really are so great at fixing 100% of their security bugs. When will they get around to fixing the 65,000 other bugs which exist in Windows. Oh wait, they're just going to release Longhorn and introduce all new sets of bugs.

Relative Severity: Windows has the fewest vulnerabilities and the fewest "high severity" vulnerabilities of any platform measured..
That was just amazing :D

I personaly have nothing against MS products. but I dislike way they treat customers... few years ago here in Poland we have a pilotage program introducing new internet access service. it was a simple dumb modem on SDSL line. nothing fancy. as it was introduced in early 2000 I was a customer of this service... imagine Windows XP and 2K have a serious flaw in serial port stack. the flaw caused hard crashes (repeating like every 15 min. - !) when you plug that simple dumb modem device to Windows box. software has flaws and I am OK with this. I am just not OK with the fact that fixing that flaw took them 2,5 year!! I bought the goddamn system from them for quite a lot money and it was unstable for 2,5 year - jus guess that Linux worked good in the same setup. and this internet access was only option aviable for me (as we have little ISP monopoly here) excluding dialup...

this is a KB article about this issue:
http://support.microsoft.com/?kbid=319810

as I've said - service was introduced in early 2000 (so was Windows 2K and little later XP) and the flaw was fixed 2,5 year later (Release Date: June 1, 2002)... and that is because MS don't give a **** about few home users using this service (all they care is big commercial contracts like govs and companies, they don't realy earn so much on home users due to piracy) and fixing it... I bet it was like very easy to fix, and it would been fixed within hours if it was issue in Open Source software...

and a word about security. one thing that these guys are missing that no system has security build in and security isn't about any new funky uber-secure gizmo software/hardware... it is about competent, experienced staff and educated users...

OK, I've done some research too and here's my findings:

Sorry I can't link the graphs here, but I can't work out how to post a picture (don't think it's allowed). But check out the graphs - it's worth it.

First up, Microsoft. Based on 49 advisories (2003-2004), 27% remain unpatched:

Windows XP Pro (http://secunia.com/product/22/#statistics_solution)

Now Debian, based on 295 advisories (2003-2004), 1% remains unpatched:

Debian GNU/Linux 3.0 (http://secunia.com/product/143/#statistics_solution)

Mandrake, based on 200 advisories (2003-2004), 3% remains unpatched:

Mandrake Linux 9.x (http://secunia.com/product/398/#statistics_solution)

Red Hat, based on 61 advisories (2003-2004), 0% remains unpatched, Yes 100% are patched!!

Red Hat Enterprise Linux WS 3 (http://secunia.com/product/2536/#statistics_solution)

and finally Suse, based on 31 advisories (2003-2004), 6% remains unpatched:

Suse Linux 9.0 (http://secunia.com/product/2467/#statistics_solution)

The Suse example is for 9.0. The current version with data is 9.1 and again 100% of 16 vunerabilities are patched.

These data are for ALL reported vunerabilities during the 2003-2004 period. I think these data speak for themselves.

One final point - the graphs linked are updated with live data so the figures I've quoted, whilst correct at the time of posting, will change as new data becomes available i.e. new vunerabilities are discovered or fixed.

Ned

Ok why do we keep on debating this over and over? I'm using linux because it is worth the time and effort. I use Ms in the office but if I want satisfaction I use linux. It can do everything almost that we want to do. So stop looking over your shoulders and keep marching on. Leaders do not keep stopping their troops they march ahead of the pack, let them seek you out. Look how many join this forum for help they are the ones who are curious and want to learn, or are tired of the updates and service packs.

Ok why do we keep on debating this over and over? I'm using linux because it is worth the time and effort. I use Ms in the office but if I want satisfaction I use linux. It can do everything almost that we want to do. So stop looking over your shoulders and keep marching on. Leaders do not keep stopping their troops they march ahead of the pack, let them seek you out. Look how many join this forum for help they are the ones who are curious and want to learn, or are tired of the updates and service packs.

I absolutely agree with you 100%.

I'm not debating the subject as there's nothing really here to debate. I was just setting the record straight relative to the BS Microsoft published.

Ned

Thanks for the research Ned...
I like this Secunia site, good place for virus/security information

To evaluate such kind of a report you have to keep in mind who paid for it...
In this special case I think it was a US company located somewhere in the state of Washington...
which means it is credible to the same level like, let's say, an anouncement by the US gouvernment...

regards

To evaluate such kind of a report you have to keep in mind who paid for it...
In this special case I think it was a US company located somewhere in the state of Washington...
which means it is credible to the same level like, let's say, an anouncement by the US gouvernment...

regards...or by the Austrian government. I don't think nationalism is called for....

This is the same suckusoft that has a new service pack that breaks fifty some odd applications right out of the box, or was this a report on an alternate version of the company in which they actually coded quality software? I feel like the report is an attempt to insult the relatively computer literate who would even take interest in the article. I can see the M$ ad's now "Windows more secure than Linux...." [Hurry and install the 564747477469243454^2 patches damn it!] This same suckusoft which STILL has not fixed an IE vulnerability that can allow users to drag and drop an executable into the start up folder without any implicit command to do this in the webpage code that is more secure than Linux...Give me a break.

I wonder if Gates understands why so many people pirate Windows, how can he or anyone else expect someone to pay $300usd for Xp professional (Who uses home anyway.) if there is a new major hack every other week it seems like sometimes. Can anyone even justify a pirated sp2 considering how much stuff it breaks and doesn't fix? I know I will have trouble doing so.

To mark,
you are totally right, but I choose this comparison because I wouldn't over-estimate the worlwide influence of the austrian gouvernment (again, compared to a well-known US software giant and the US junta)

regards

To mark,
you are totally right, but I choose this comparison because I wouldn't over-estimate the worlwide influence of the austrian gouvernment (again, compared to a well-known US software giant and the US junta)

regards
lightismagic,

I apologize. Your comment just caught me "on the raw". As an American citizen, I'm somewhat used to seeing my country villified in the world/political press - finding what seemed to me to be a similar comment here just took me by surprise. I guess I'm still kinda provincial - I take some things too seriously. I'll try to "lighten up".

Regards,

Mark Tomlinson

nothing to apologize for... indeed the U.S doesn't get a really freindly press at the moment, but I think you should also be aware of that most people here in Europe are able to divide between the american people and their government pretty well...
hey, and as a citizen of the lovely state of california you shouldn't be to harsh to the austrians, they sent you a gouvernor...
But we are getting a little bit 'off topic' at the moment...

regards

nothing to apologize for... indeed the U.S doesn't get a really freindly press at the moment, but I think you should also be aware of that most people here in Europe are able to divide between the american people and their government pretty well...
hey, and as a citizen of the lovely state of california you shouldn't be to harsh to the austrians, they sent you a gouvernor...
But we are getting a little bit 'off topic' at the moment...

regardsQuite right, but I wanted to "clear the air". As to the survey that originally caused this, I find it laughable. However, I'm reminded of the famous quote from Benjamin Disraeli - there are "lies, damned lies and statistics..."

Mark