Microsoft vunerable to attack?

[Anonymous]

Hi all

For those who slate microsoft software for its vulnerabilites and prefer to use other 'more secure' offerings, then this provides a word of caution.

It is a surprising excert from one of the technical newsletters I pay to subscribe to.
The author has been in the industry since the first PCs were built and rather likes Linux.

It surprised me - especially the data from Symantec

Take FireFox http://www.mozilla.org/products/firefox/ , for example, a very nice browser from Mozilla.Org http://www.mozilla.org/ . It's free, Open Source, and the result of literally years of development. It's also a cross-platform application, available for Windows, Mac, and Linux--- a huge plus in computationally diverse environments because the configuration and training/learning curve is basically the same, no matter what platform the browser's installed on. Its human language support also is extensive, with versions in everything from Afrikaans to Welsh. No question: it's impressive software.

Some also like it simply because it's not from Microsoft. I think this approach has some merit: Whenever Microsoft loses serious competition in any software category, it grows complacent, and the pace of innovation slackens. IE6, for example, came out in 2001; an eternity ago, in computing terms. Except for a boatload of security updates and patches, it's still basically the same browser it was then.

But, US-CERT (United States Computer Emergency Readiness Team), a partnership between the Department of Homeland Security and the public and private sectors that impartially tracks all manner of security issues in operating systems and major applications, shows that the list of IE's current vulnerabilities is shorter than those for FireFox, Mozilla, and the other alternate browsers. Likewise, it also lists fewer Windows' vulnerabilities than for the other OSes.

The last time I mentioned a similar US-CERT finding, by the way, Linux partisans leapt up to tell me that US-CERT didn't know what it was doing. Linux *couldn't* have more security flaws than Windows! Everyone *knows* that Open Source software is so much better than anything from Microsoft--- right?

Well, to the dismay the more rabid anti-Microsoft partisans, reports from other independent observers corroborated CERT's findings.

For example, between July 1 and December 31, 2004, Symantec documented 13 serious vulnerabilities affecting Microsoft Internet Explorer, but found 21 vulnerabilities affecting each of the Mozilla-based browsers.

 

[Chris Knight]

Got my copy of the same newlsletter this morning!

 

[kityuser]

interesting reading however people are most probably more interested in how "likey" they are to get infected by such a treat.

the fact is that if more than 99% of the world desktops are windows based, and we use the assumption that hackers write viruses at target OS in proportion to the world useage, then for a non windows OS you are only 1% likey to contract a virus for the same time period as a windows based machine.

i.e. say 100,000 macs suffering a risk of 21 possible attacks

1 billion windows machines running a risk of 13 possible attacks


the numbers may be wrong but I`m sure you get the picture.

most people won`t care how "safe" the platform is, just how likey they are to get a problem,........... they are linked I know, but numbers come into play............

in terms of probablity of getting an issue I`d far rather stay with linux/sun or mac.
IMO that is

steve

 

[RogerS]

Interesting article...

And yet, if you look at the stats for last week there are 14 rated HIGH for Microsoft and 10 for all Unix/Linux flavours.

Explorer receives one mention. Firefix and/or Mozilla none.

To put things in perspective a lot of these are vulnerabilities that have been identified...and yes, if one were being pedantic then we'd have to continually patch them all. But, in reality, many of these vulnerabilities are only vulnerable under certain, specific conditions...such as physical access to the PC itself or the running of code under very obscure circumstances.

The only truly secure PC is one that is locked away in a highly secure environment and not switched on ever. :wink: