With Vista breached, Linux remains unbeaten in hacking contest | InfoWorld | News | 2008-03-31 | By Robert McMillan, IDG News Service
Microsoft makes radical changes when it releases new operating systems. That’s part of the reason why its security was breached. There hasn’t been sufficient time to find all of its weaknesses. If Vista were free software, its users could search for security flaws and eliminate them. Since it isn’t free, its users have to wait for Microsoft to fix them, and hope that it catches them in time.
Microsoft makes radical changes when it releases new operating systems.
Like keeping all same old cr*p and dressing it up in a new oufit you mean?!
I have to say, I get a little worried when I see gloating about the superiority of linux security over <insert_OS_here>
Linux is not invulnerable to exploits. Users need to understand that. Buffer overflows, application vulnerabilities (ie. firefox and flash which seem to be magnets now), etc. exist.
OSX users used to wear the cloak-of-invulnerability, but as it has gained popularity, the increasing number of advistories and vulnerabilities is staggering. It’s only a matter of time until OSX gets hit with something in the wild, before it can be patched. All it takes is an app vulnerability combined with a privilege escalation flaw, and it’s done.
So too with linux; don’t assume that strong permissions alone make it invulnerable. Application flaws exist, and while the inherent security infrastructure in linux can help minimize the impact of these, it doesn’t render it immune.
Don’t get me wrong, linux is still a strong platform, I’m not trying to say otherwise. I just get concerned at the thought of people having a false sense of security.
The general rules still apply. Be wary of websites, be wary of plugins, and be wary of downloading applications. I’m willing to bet that the first true malicious exploit of linux will be based on social-engineering, in that users will be lured into installing a bad app, there was already an attempt in the *buntu forums a while back, so that’s why I’m always a little bit cognizant of these things.
Guess I’m just saying don’t let your guard down, just because you’re not using Windows…
Just my 2c…
As Linux gains popularity the risk is sure to increase. Couple that with the users demands for everything to be ‘Simple’ (ie; ‘I want to be able to click it and it will install’) is all leading us a little further from the secure system we are familiar with. Though it will probably be the uninitiated that fall prey to malicious apps, ex. doze users loking for an app they can’t live without - and hey look here is a one click!
It’s not that M$ want you to be hacked. Crumbs M$ spend $$ working on security. But lets face it, there are Millions++++ of M$ users out there - so they are prime targets. And vast numbers of them know NOTHING about computers - Add to that - They run the machine as admin!
Guess I’m just saying don’t let your guard down
I haven’t found any stats on the machines such as which OS X or which Linux Distro?
I did read that it was Vista with SP1 and was ultimately Java that was it’s undoing but did they post any other details?
I like reading articles like this, though I do keep in mind that Linux is not invulnerable… just the closest facsimilie of it at this point rotfl!
I agree that making things simple for users requires extra care for security. There is a glaring “vulnerability” in Ubunutu regarding the root password, but it is only a vulnerability if you are sitting in front of the physical machine.
*** NOTE: I have not tried or verified this even works, but it’s been a hot topic in the Ubuntu forums for a little while and is kinda disturbing. Is openSUSE immune? ***
- reboot pc
- use grub menu to start “ubuntu recovery mode”
- in the menu, select “drop to root terminal” and press enter
- You are now in a root terminal, and can do anything you like, like typing in rm --rf / or something just as bad. No password required.
If you have physical access to the machine all bets are off.
I imagine that one day some vulnerability will be found in say, flashplayer, taking an example at random, that hits all platforms. Investigation shows that it’s not a Linux vulnerability per se but there’s guilt by association and news reporters aren’t all that discriminating. So let’s not be too complacent. Systems can be attacked from the inside out too.
else where wrote:
Also everyone should keep in mind that these contents aren’t really
“fair”. The reason being is that there is more interest in trying to
break Windows security then Mac or Linux so of course Windows will be
breached before Linux.
I think that’s what most break-ins are these days. Wasn’t there a jpeg or png vulnerability before? Plus I thought the Apple fell because of java as well.
Microsoft should put a positive spin on it.
Microsoft Vista is so secure that hackers have to use the 3rd party application Java to breach it. Now if the user uses our Silverlight (or .NET) instead of a Sun product then this would not be an issue.
The one concept I find that still prevails among people are “if it is open source, then it means the bad guys can see the code too!” and then about them finding a vulnerability and exploiting it, or interjecting a back-door, yada yada yada …
> Also everyone should keep in mind that these contents aren’t really
> “fair”. The reason being is that there is more interest in trying to
> break Windows security then Mac or Linux so of course Windows will be
> breached before Linux.
is that the same as saying that all three are equally secure?
DenverD (Linux Counter 282315)
A Texan in Denmark
Microsoft may have a much larger user base, but linux boxes are still attractive targets, and have been for a long time. The reason for this is that, much more than windows pcs, they tend to be used as servers. They have high-end hardware and are left on 24/7.
If you hack your way into a windows box, you occasionally get access. If you hack a linux server, it’s probably available any time you want it.
>> Also everyone should keep in mind that these contents aren’t really
>> “fair”. The reason being is that there is more interest in trying to
>> break Windows security then Mac or Linux so of course Windows will be
>> breached before Linux.
> is that the same as saying that all three are equally secure?
No, it is the same as saying of course 1 OS is going to be breached
quicker when more resources are pointed towards that OS. If you have 85%
of the contestants aiming for Windows, 13% for OS X that leaves a
whopping 2% going against Linux. (These numbers are made up to prove a
point) It would be great if the would issue the amount of people working
on which system.
That’s actually the conclusion that the security researchers are coming to, now. Microsoft (quips aside) has a much better handle on security now, the days of by-default open services begging for incoming connections are long gone.
The blackhats are focusing their attention now on applications. A vulnerability in a cross-platform app like flash, firefox or realplayer could very well impact multiple platforms, and the application vendors haven’t yet been forced to deal with security vulnerabilities to the same extent as the platform vendors.
If linux was invulnerable to third-party exploits, then RH wouldn’t be focusing on selinux, and Novell wouldn’t have bothered with acquiring apparmor. But the potential exists.
Don’t even get me started on Apache, PHP and such in the server world…