Advertisement
Promo

Toolkit

In association with HP

Talkback

Post a comment


Story: How to talk to Microsoft about Linux

  • Previous comment

Posted by: paleo (Monday 14 June 2004, 11:57 PM)

  • Reply

"You should very well know that not even 1 percent of the worlds PC's run any type of Linux operating system, as compared to Microsoft's Windows, which runs on more than 90% of PCs around the world."

This line of reasoning is flawed at best. Apache runs on ~70% of all Internet hosting servers yet there have only been a handful of remote compromises in its history. Further, Linux runs on most of these servers so there is an ample supply of Linux machines to target on the Internet. If your argument was valid, we should see that Apache (esp. Apache on Linux) would be ravaged by worms and trojans but it isn't. Quite the opposite, actually as IIS continues to be the web server target of choice. (Just to clarify: I'm not talking about defacements here but exploitable conditions that lead to system compromise.)

Also, almost 80% of the world's DNS servers run BIND or some other open source program. If market share is the determining factor for targeting by virus/worms, shouldn't the Internet be down for long periods of time since the "bad guys" have the source for these critical Internet infrastructure machines? (http://dwheeler.com/oss_fs_why.html)

Anyway, just how many computers would you consider an acceptable number? There are many millions of computers connected to the Internet and even at a paltry 5% share, there is still more than enough computers to wreak havoc on the Internet. (which, by the way, is probably closer to a real number for Linux computers in use as a desktop OS. It's a whole other issue on how market share is determined to which the propagation of Linux does not lend well for counting.).

The reason these computers are not attacked large scale is the difficulty in their exploitation. Most of these machines are setup to where none of the Internet facing services have any "rights" on the host computer. Even if exploited, there would still need to be a secondary attack to provide any real access to the host machine (such as a local privilege escalation attack). MS's OS's, until recently, had no way to separate the the "root" privileges from the service. So if you exploit the service, you gain system compromising capabilities. Because most of the conditions on Windows were trivial and easy to exploit, Windows became the preferred target.

"So, in reality, if Linux had 90% of the operating system market we would be having hundreds "critical" updates being released by our vendors and community support."

It's important to separate "Linux the OS" from "Linux the kernel" and compare apples to apples here. If you think there would be hundreds of critical updates on just the Linux kernel, you would be mistaken (there haven't been hundreds of updates in the 12 year history of the kernel). Now, if you are speaking about "Linux the OS," that would be equateable to Microsoft and the security advisories of the companies with the next 5000 most popular applications. When Red Hat (or any Linux vendor) issues an advisory, 95% of the time, it is an application included in the distribution and not the Linux kernel itself. So, if you added up all the advisories issued from MS and Intuit and Adobe and Macromedia.... Well, you should be catching my drift here...

"Hackers and virus makers manage to find a way to discover exploits on a closed-source system, just imagine if they had the source code to Windows. Because in this case, they have the source code to Linux."

Well, some crackers and virus writers do have some of the source to Windows (http://www.harper.no/valery/CommentView,guid,d82a41c8-14ba-4b7c-b6a2-876cbcf0d460.aspx). Further, MS's own management says that it can't release source code because there are vulnerabilities so serious, it would compromise the security of the OS ( http://www3.gartner.com/DisplayDocument?doc_cd=106790). At least with Linux, the source is out there and yet somehow, it's not been exploited anywhere close to the numbers of Windows.

No OS is perfectly secure.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Story: How to talk to Microsoft about Linux

  1. I am sorry to have to be the one to break your bub... Michael Kingston
  2. Hey Michael Kingston! You should check your f... Another 'Linux Zealot'
  3. this is the first time ive posted here, i don... kre
  4. Well, sorry to burst your own bubble, but I'm afra... Mathias De Maré
  5. That isn't true. Windows isn't secure and it has t... Anonymous
  6. Oh, and something I forgot to mention: the fact th... Mathias De Maré
  7. i'm sorry Mike, but you need to learn and use Linu... Edward
  8. Linux is the kind of operating system that has suc... J Hill
  9. "You should very well know that not even 1 percent... paleo
  10. All these arguments about security and which OS is... Allister Jenks
  11. There is much ignorance about the issue of Linux a... Henry G
  12. Actually, its the arrogant attitude of superiority... Anonymous
  13. This article is interestingly biased towards Linux... Derek R.
  14. haha this is getting funny. Whoever posted this an... Raab
  15. This is a crazy article, so obviously biased that... John Allen
  16. I agree with John Allen. This article was poorly g... David Wright
  17. Sigh... It's a straightforward article really. Ask... Arthur B.
  18. To Anonymous USA, the network administrator. We ar... Jack Mac
  19. Don't forget to ask about the cost of CAL (client... Dan Kegel
  20. Not to mention, on the interoperability front Can... Anonymous
  21. I like the idea that one linux club came up with.... Jerry Watson
  22. Since we seem to be having a Linux Vs Windows deba... Ben Noble
  23. Oh, and to illustrate my point about the User Inte... Ben Noble
  24. I am going to introduce you all to a concept that... Anonymous
  25. After reading these messages, you see M$ shills sp... Kiko
  26. Wow Derek. Spokken like someone who chooses someth... Jeff Stone
  27. Just a response to Kiko's message.... "Newsflash:... Ben Noble
  28. Cheri
  29. Response to Ben Noble - I believe your aversion to... David Morgan
  30. Ben Noble - As for example provided... It is not a... David Morgan
  31. Mike believes that the "reason Microsoft has more... Qaz Zaq
  32. I have used Windows 95, NT, 98, NT4, 98se, Me, 200... Qaz Zaq
  33. Hmm, I use both. I've been around personal compute... jimcooncat
  34. Dear: Ben Noble I would like to thank you, I find... Samuel Warren
  35. "My point is, that Windows is more user friendly,... Ben Noble
  36. I just read this web page: http://www.microsoft.co... Ian MacGregor
  37. It's just beginning! Kikki Bona Sijabat
  38. I'd like to tell microsoft a idea i had and was th... Anonymous
  39. we have been using the internet and this sign abou... Anonymous
  40. Site - very comprehensive and meticulous from all... Phentermine

Back to: How to talk to Microsoft about Linux


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters