Windows as secure as OSX....

[seer]

Found this  link on <> moobunny.. Seems every "big" OS has the same amount of security problems.

[mikeymike]

:roll: @ article

The Microsoft Windows application

It's not an application, it's an operating system.

Before I start, I'm not a Mac OS X fan, I've barely used it, but for god's sake some people really ought to get their facts straight (comment not aimed at original poster).

In their statistics they change wording when they get to Mac OS X.  Previously they say "remotely exploitable", then they say "exploitable over the Internet".  "Remotely exploitable" is an official term in security vulnerability circles, and "exploitable over the Internet" is not.  While they both have potentially compatible meanings, it is poor journalism (and if Secunia did the same, poor of them as well) to potentially change the goalposts in such a way.

Admittedly the focus of my work is Windows security so I'm going to take more notice of Windows vulnerabilities than for other operating systems, but a remotely exploitable vuln  like the DCOM vulnerabilities would definitely have got my attention, and quite frankly I have not heard of one for Mac OS X.  In recent history (last few months) I have heard of one Mac OS X vuln which required user interaction on not one but two occasions to successfully exploit it.

Windows vulnerabilities tend to be in the shape of "if you use this product, you're screwed".  IE vulns for example 99% of the time are "if you look at this web page, you're screwed, but if you switch off 'Active Scripting'...".  In my limited experience with other operating systems, this is not usually the case.  Usually the vulnerabilities are more obscure.

Windows vulnerabilities also usually stem from "this stupid component should not even be running in the first place on a default install but MS have it running, in their infinite wisdom", such as Windows networking filesharing services, DCOM, all left running.  B'duh.

[Colin_Camper]

Every badly administered 'big' OS will be vulnerable.

I would be surprised if OSX has more vulnerabilities than windows. Being BSD, it is a lot more mature and the source, like Linux, is reviewed by peers.
With windows, since last years worms, most trouble now is caused by IE and malware web sites that can directly infect a PC AND leave a door open for worms like netsky.
It would be surprising if the Unixes suffered the same fate since the security model makes it much harder for browser s/w to escalate privaleges and do these things.
Still, its possible with a badly administered Unix - look how many hosting companies run mysql as root!

[HopperJF]

Windows as secure as OSX? No.
Windows an operating system? No. It has long been simply an "application" which runs over DOS. Even now, Windows XP has to emulate DOS for it to work.

Windows is not an OS, it never will be.
It's  just a poor DOS program plagued with flaws, bugs and security holes which after bad negotiation has a prescence in many homes.
Sad, very sad.

[seer]

It's not an application, it's an operating system.

Yeah, thought about that one to (tho with all the stuff that comes with Windows you could argue is an "OS Application").

There are other little things about the article that's a bit.. weird..

I posted this link because I think it's only fair that users of Linux/OSX are aware of problems in their security.. Most think they have none, and that only Windows has problems..

BTW, secunia has an big list of "tested" products..

/edit

Same goes for IE versus mozilla

[seer]

No. It has long been simply an "application" which runs over DOS. Even now, Windows XP has to emulate DOS for it to work.

You're describing Windows 95/98. This isn't the case for Win NT4 / 2000/ XP. There is no DOS in 2000 / XP, it's more like a UAE type of emulation (NTVDM.exe)

And don't mistake "console" programs with MS-DOS programs.

The only time you really see MS-DOS in XP is when you install it from CD as a clean install.

If XP was still running on MS-DOS (Notice MS-DOS, not just DOS, as that could be PC-DOS, Amiga DOS etc) it owuld be very easy to run old MS-DOS games/programs on XP.. While lots of them just don't run and only a few with getting the right settings..

[mikeymike]

Every badly administered 'big' OS will be vulnerable.

True, but that's not the point.  An OS should be reasonably secure by default, not priding functionality over security.

I would be surprised if OSX has more vulnerabilities than windows. Being BSD

BSD is just a kernel.  Mac OS X is a lot more on top of that.

Still, its possible with a badly administered Unix

See response to first quote.

[mikeymike]

Windows an operating system? No. It has long been simply an "application" which runs over DOS. Even now, Windows XP has to emulate DOS for it to work.

No, it, doesn't.  For the umpteenth time.

Windows NT4, 2k, XP, 2k3 are all based on the NT kernel, which has no compatibility whatsoever with MS-DOS.  Any calls by MS-DOS applications are made through an emulation layer.  Windows NTx also has an emulation layer OS/2 and POSIX-compliant code.  You can see whether any emulation is going on due to NTVDM.exe running in the process list.  Old installers sometimes need to, and old applications that can't talk win32 native properly also need it.

[seer]

True, but that's not the point. An OS should be reasonably secure by default, not priding functionality over security.

Indeed. SP2 for XP does seem to set things right in that respect (a little), but then, the default settings would make acces to a XP/SP2 PC on an home network (workgroup) impossible without adjusting it..

Looking at it from a normal home user, having the least security options set is the easiest to get it up and running.. (NTFS and share permissions isn't everybodies cup of..)

[mikeymike]

Yeah, thought about that one to (tho with all the stuff that comes with Windows you could argue is an "OS Application").

Hmm, it's creating an unnecessary new term.  The only exception IMO is IE, and that should be given its own category of "bastard" :-)

I posted this link because I think it's only fair that users of Linux/OSX are aware of problems in their security.. Most think they have none, and that only Windows has problems..

Oh yeah, totally.  In fact, UNIX-variant operating systems such as Linux are targetted by attackers who want to silently compromise a system for their own use, simply because those operating systems are more flexible/powerful for their needs (and no, I'm not saying Linux is more powerful than Windows, it's horses for courses).

Many Linux distros have 'quite bad' (I'd class Windows as 'awful') security by default.  I was about to say 'Linux users should', but I'll say instead "Users of all operating systems should", run through their system with a fine toothcomb, check what services are listening on what ports, any processes running that shouldn't be, any extra users set up that shouldn't be, etc.

Same goes for IE versus mozilla

Whoop-de-do, you found a Mozilla vuln.  That'll be something that happens approximately twice a year, rather than every week with IE :-)

[seer]

The only exception IMO is IE, and that should be given its own category of "bastard"

Well, I just figured out the best way to run IE.. Well except for not running it.. is to set the security zone for the default internet zone to highest, and put all the sites I visit in trusted sites ;-)

Whoop-de-do, you found a Mozilla vuln. That'll be something that happens approximately twice a year, rather than every week with IE :-)

Well, it's an start.. I'm sure we'll be able to find more ;-) :lol:

[mikeymike]

seer wrote:
The only exception IMO is IE, and that should be given its own category of "bastard"

Well, I just figured out the best way to run IE.. Well except for not running it.. is to set the security zone for the default internet zone to highest, and put all the sites I visit in trusted sites ;-)

Suggestions:  Firefox Mozilla Opera

Opera 7.5x is IMO more usable than previous versions, though Firefox/Moz are still far more my cup of tea :-)

Whoop-de-do, you found a Mozilla vuln. That'll be something that happens approximately twice a year, rather than every week with IE :-)

Well, it's an start.. I'm sure we'll be able to find more ;-) :lol:

By all means please do.

[mikeymike]

@ HopperJF

If I statements that demonstrated ignorance on such a level as you have, I'd expect to get flamed from here to next year.  If you are going to participate in such a discussion, it is best to know your subject first (and/or at least admit points on which you don't have knowledge in).

Otherwise you just succeed in making yourself looking very, very silly.  As well as having an attitude.

[seer]

@mikeymike

@ HopperJF

If I statements that demonstrated ignorance on such a level as you have, I'd expect to get flamed from here to next year

Did I miss something ? You allready responded to him ??

[seer]

Suggestions: Firefox Mozilla Opera

I know them all, not sure which one I prefer tho.. I do find myslef starting IE more tho.. It's easier and I'm lazy..

By all means please do.

I doubt that I will find any, I usualy don't go to weird sites.. (Why would anybody anyway, only by accident or searching for cracks I suppose ?)