Windows XP More Secure than Linux

[Negeltu]

Gotta agree with kubecj.  However, I'm offended by his sarcastic comment.  Until people stop even implying garbage like that.. the world will NOT be a better place.  I'd say.. work on getting the chip off your shoulder.    People are people regardless of country of origin.  Humanity has many flaws.

[Mastertech]

People get infected through exploited, unpatched vulnerabilities.

No people can get infected through any vulnerability that allows an infection. It is impossible to determine if something is not being expoited. Any vulnerability has been unpatched since the software was introduced! Public disclosure increases the risk but you are delusional if you think that you are only vulnerable from public disclosure to patch time. You have been vulnerable to that vulnerability since you started using the software!

To learn anything relevant about security, you'd have to weight each vulnerability by its seriousness (which is something hard to evaluate objectively), you'd have to consider how easy it is exploitable, how many machines it affects, for how long it remained unpatched... and finally, you should also count all the unknown vulnerabilities which might be exploited in the future. So, all in all, you're up for a mission impossible.

This is nonsense, vulnerabilities all cause a loss of security in someway. Whether it is password compromise or spoofing, vulnerabilities make you LESS secure. You do not have to get infected to have a vulnerability reduce you security. I would much rather get infected with some adware then have someone get the password to my bank information. Yet password spoofing and cookie injections are usually rated low?

The word "vulnerability" is way too general to draw any conclusion from it... and that's why the "number of vulnerabilities" means nothing for the "security"

Uh, huh. So having 500 vulnerabilities means your secure? Please. I already stated how low rated vulnerabilties can be more damaging than higher rated ones. Vulnerabilities are an excellent measure of software's insecurity such as Linux.

[FreewheelinFrank]

However, I'm offended by his sarcastic comment.

I believe kubecj was referring to the time Mastertech went off on a 'this is not how we do things in America' rant one time he was criticised on the forum, or maybe it referred to the time Mastertech referred to the alwil staff as 'communists' for criticising him.

This is the sort of thing that's going to happen if posts are deleted and Mastertech is allowed to return as though nothing happened. Without being able to see what he's said in the past, people are going to misunderstand comments like kubecj's, which was not at all anti-US.

[igor]

It is impossible to determine if something is not being expoited. Any vulnerability has been unpatched since the software was introduced! Public disclosure increases the risk but you are delusional if you think that you are only vulnerable from public disclosure to patch time. You have been vulnerable to that vulnerability since you started using the software!

Right, therefore - by your own arguments - the number of reported vulnerabilities (that's been counted) has no meaning, because you have no idea how many of them are sitting there unnoticed.

This is nonsense, vulnerabilities all cause a loss of security in someway. Whether it is password compromise or spoofing, vulnerabilities make you LESS secure. You do not have to get infected to have a vulnerability reduce you security. I would much rather get infected with some adware then have someone get the password to my bank information. Yet password spoofing and cookie injections are usually rated low?

I certainly wasn't talking about password spoofing, but rather about DoS attacks, for example - but it doesn't matter. You said it yourself - "I would much rather get infected... than have..." - so some vulnerabilities are more serious for you than others. While different people might have different "preferences" here, the result is clear - some vulnerabilities are more serious than the others. Hence, pure count of vulnerabilities, without taking their seriousness into account, doesn't have much sense.

Uh, huh. So having 500 vulnerabilities means your secure?

You're never secure in software word - even if you have 0 vulnerabilities.

I already stated how low rated vulnerabilties can be more damaging than higher rated ones.

Then the rating is wrong, because it should reflect the possible damage.

Vulnerabilities are an excellent measure of software's insecurity such as Linux.

Excellent? Very funny.
The number of vulnerabilities might be a measure of insecurity, but very poor - because of the hard-to-evaluate effects. And comparing the number for different operating systems (i.e. also reports from different groups of researchers, focusing on different areas), is close to pure nonsence.

[Mastertech]

I believe kubecj was referring to the time Mastertech went off on a 'this is not how we do things in America' rant one time he was criticised on the forum, or maybe it referred to the time Mastertech referred to the alwil staff as 'communists' for criticising him.

No I said that for deleting my posts and censoring my comments but leaving everyone elses.

This is the sort of thing that's going to happen if posts are deleted and Mastertech is allowed to return as though nothing happened. Without being able to see what he's said in the past, people are going to misunderstand comments like kubecj's, which was not at all anti-US.

Oh I remember the comments VERY well, I mentioned that they should try living in a truely FREE country like the US with true FREEDOM of speech and they replied that the US was not as "free" as I thought. Interesting comment from someone who never lived here but was probably fed propaganda while under soviet control and for part of their lives in a socialist/communist country. And yes Frank you are correct as you already severly distorted what was said.

I have talked to many people online and none have any idea about the United States. They either read inaccurate misleading information online or were fed propaganda.

[Mastertech]

Right, therefore - by your own arguments - the number of reported vulnerabilities (that's been counted) has no meaning, because you have no idea how many of them are sitting there unnoticed.

Did I say this? Why are you distorting what I said? The vulnerability count is irrefutable evidence of the security level of a software product. Do more exist? Possibly and in most cases probably but that is impossible to prove, thus you need to measure something measurable which is the known vulnerabilities.

I certainly wasn't talking about password spoofing, but rather about DoS attacks, for example - but it doesn't matter. You said it yourself - "I would much rather get infected... than have..." - so some vulnerabilities are more serious for you than others. While different people might have different "preferences" here, the result is clear - some vulnerabilities are more serious than the others. Hence, pure count of vulnerabilities, without taking their seriousness into account, doesn't have much sense.

No I was explaining how there is no way to accurately measure how serious something is to each person based on the given "rating". Therefore all you can do is count the vulnerabilities.

You're never secure in software word - even if you have 0 vulnerabilities.

If something has 500 vulnerabilities and something has 0, which is more secure? This is about more secure than simply being  "Secure". What is stated is very clear.

Then the rating is wrong, because it should reflect the possible damage.

Possibly but if the password gained was simply for my myspace account the damage would be minimal.

Excellent? Very funny.
The number of vulnerabilities might be a measure of insecurity, but very poor - because of the hard-to-evaluate effects. And comparing the number for different operating systems (i.e. also reports from different groups of researchers, focusing on different areas), is close to pure nonsence.

So sites like Secunia and all the others that list vulnerabilities are nonsense? Where are reports from different groups of researchers focusing on different areas being compared? So should the vulnerabilities being published by these organizations be ignored? You are making less sense with each post.

Do you use Linux?

[Negeltu]

Well, I agree the US is NOT as free as some think.  And I apologize if I didn't get the whole story.  I have a lot of problems with the way my country (US) is run.  I don't like comments though...that seem to implicate the people with the gov.  Again.. sorry if I misunderstood.

[Mastertech]

Anyone who thinks the US is not free needs to go live in another country for a few years. Either that or has been reading to much liberal hysteria online.

[igor]

So sites like Secunia and all the others that list vulnerabilities are nonsense? Where are reports from different groups of researchers focusing on different areas being compared? So should the vulnerabilities being published by these organizations be ignored?

No, they certainly shouldn't be ignored - but note that the researchers, like Secunia, do not compare the "security" of the products by counting their advisories and say "Product A is better than Product B". They know what their reports mean and what they don't - and they are not trying to draw wrong conclusions from similar "statistics".

Remember Jotti? Why did he remove the detection statistics from his site? Because he understood the results and didn't want people to misinterpret them.


Imagine the following scenario: there are two car models (called suprisingly A and B). They are having some "problems":
Car A:
- when moving, sometimes explodes... just by itself
Car B:
- a wheel sometimes falls off
- breaks sometimes stop working

[Substitute some above_normal_ratio for those three "sometimes" above]

Now, would you say that car B is worse than car A? Or would you even say that car B is two times worse than car B, because it has two times more problems? I hope not.
All you can say about these two cars is that they are both piece of crap.

Now, the same goes to our Linux and Windows situation, IMHO.

Do you use Linux?

No, and never did.

[Negeltu]

Anyone who thinks the US is not free needs to go live in another country for a few years. Either that or has been reading to much liberal hysteria online.

I have lived in other countries...  How many have you lived in?  I grew up moving around a lot. 

[Mastertech]

A wheel falling off could kill you just as easily as a car exploding.

[Negeltu]

A wheel falling off could kill you just as easily as a car exploding.

Or a tire blowing up in your face.    Had that happen once due to a faulty gauge.  Still can't hear above 6000hz in that ear.  The tinnitus kills me.    :-D

[Mastertech]

I have lived in other countries... How many have you lived in? I grew up moving around a lot.

So please tell me what is not free in the United States?

[mauserme]

So please tell me what is not free in the United States?

Mastertech, I'm a fellow American and about as patriotic as can be.  But I'll tell you our freedoms dissapper daily.  And, sadly, its not because someone has taken our freedom away - its because we collectively give it up out of apathy.

From the moment I flush the toilet in the morning to my last wakeful moment I pay some governmental agency a tax for virtually everthing I do.  When I drive to work I must wear a seat belt or be subject to a fine (sure seat belts are a good idea, but a law is not).  I may not smoke, even in my own car, or I'll be fined again (I gave up smoking years ago but I would still like the right to do so).  If I go to Chicago I may no longer eat fois gras - its against the law.  And any food with trans-fat will soon follow.

Do your remember America's disgust when the Tiananmen Square dissidents were identified and arrested  because of surveillance cameras in public places.  How many intersection cameras do you pass in a single day now?

Freedom of speech?  We now have celebrities being forced into sensitivity training for saying something racial as if no other human being has ever had a racial thought or uttered a racial word.  No, I'm not in favor of hateful speech but I laugh when I hear news casters try to quote the offending statement without themselves being forced into rehab.

I don't know how old you are but I've been around long enough to remember endless summer days with BB gun in hand, walking around town or in the woods.  Nobody thought twice about it.  I never did any harm or hurt anybody - it was just a guy thing for me and my friends.  Now, my neighor's kids bring their paint ball gun down by the creek, set up a board, and blast away.  The paint ball guns are confiscated and the parents pay a $500US fine because their kid had a "weapon" (since when is paint a weapon?).  Like me, they were doing no harm, not hurting anybody.  But because guns are now bad (while people's actions have no bearing) we give up that right too.

This could go on, but you get the idea. 

I do think the closer a society is to the moment freedom was earned the more they appreciate and protect it.  For Americans that moment is in the distant past.

Either that or has been reading to much liberal hysteria online.

I think the opposite.  They are one of the biggest promoters of the erosion of our freedom.

[kubecj]

This thread went from ridiculous to plain offtopic. 
Closing it.