The myth of the thousand updates for Linux, debunked
,----[ Quote ]
| For the last six months, I’ve been reading article after article spewing the
| same bovine manure: Look at how many updates Distribution X issued! How can
| it be more secure than Windows? Let’s bury that stupidity under a ton of
| facts:
|
| “Look at the pace of the update releases!”
|
| Microsoft shills’ latest tune goes something like this: “but Linux is so much
| more insecure than Windows — just look, every day you see security updates
| released!”.
|
| True: open up your Linux distribution’s update manager after three months of
| not upgrading, and you will see quite the list. Probably a bit more than your
| Windows or Mac OS X updates.
|
| But only a minority are security updates. From that minority, only a handful
| apply to your scenario. And even so, the number of updates is of no
| consequence. As a matter of fact, you should be happy you have all these
| updates for you to install.
|
| Don’t just take my word for it — let’s explore why.
`----
http://rudd-o.com/archives/2007/10/22/the-myth-of-the-thousand-updates-for-linux-debunked/
Windows zombies are meanwhile celebrating.
Storm Worm retaliates against security researchers
http://www.theregister.co.uk/2007/10/25/storm_worm_backlash/
New strain of Gozi Trojan prowls the net
,----[ Quote ]
| Only 26 per cent of the major antivirus providers protect against the new
| variant, he said. It is detected under names including OrderGun, Orderjack,
| Germ, Small.BS, Pinch, Snifula, Ursnif and CWS.
`----
http://www.theregister.co.uk/2007/10/26/new_gozi_strain/
Related:
How secure are Linux, Window and Mac OS?
http://www.masuran.org/node/29
2006 Operating System Vulnerability Summary
http://www.omninerd.com/2007/03/26/articles/74
Linux vs. Windows: Which is Most Secure?
http://www.esecurityplanet.com/views/article.php/3665801
Linux Security: A Big Edge Over Windows
http://www.linuxinsider.com/rsstory/54742.html
The problems with Vista laid bare - What might have been
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
http://blogs.zdnet.com/threatchaos/?p=311
Linux more secure than Windows, national survey shows
http://www.xomba.com/linux_more_secure_than_windows_national_survey_shows
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
Microsoft patches serious flaws secretly and sometimes gets caught. Here are 4
recent examples:
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft reacts to kernel hacks, defends Vista
,----[ Quote ]
| Microsoft wasn't much help in figuring out exactly what was beefed up by the
| PatchGuard update; the accompanying information was extremely vague. The
| MSRC's release manager, Simon Conant, was just as tight-lipped in a posting
| to the center's blog. "The update adds additional checks to Kernel Patch
| Protection for increased reliability, performance, and security," Conant
| said.
`----
http://www.infoworld.com/article/07/08/15/Microsoft-reacts-to-kernel-hacks_1.html?source=rss&url=www.infoworld.com%2Farticle%2F07%2F08%2F15%2FMicrosoft-reacts-to-kernel-hacks_1.html
Stealth Windows update prevents XP repair
,----[ Quote ]
| A silent update that Microsoft deployed widely in July and August is
| preventing the "repair" feature of Windows XP from completing successfully.
|
| [...]
|
| Accounts of conflicts with XP's repair option came to our attention after
| Microsoft's "silent install" of Windows Update (WU) executable files, known
| as version 7.0.600.381, was reported in the Sept. 13 and 20 issues of the
| Windows Secrets Newsletter.
`----
http://windowssecrets.com/2007/09/27/03-Stealth-Windows-update-prevents-XP-repair
Windows Update's Sneaky Updates
,----[ Quote ]
| "The only altered files that have been reported to date are 18 small
| executables used by WU itself. Microsoft is patching these files silently,
| even if auto-updates have been disabled on a particular PC."
`----
http://www.microsoft-watch.com/content/operating_systems/windows_updates_sneaky_updates.html?kc=MWRSS02129TX1K0000535
Also see:
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
Microsoft : Arrogance leads to Vulnerability
,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----
http://securityblog.itproportal.com/?p=514
|
|
