Author Topic: Interesting...Windows security flaws < UNIX's? (Read 1053 times)

ReggieMicheals · « **on:** 9 May 2006, 00:36 »

http://www.us-cert.gov/cas/bulletins/SB2005.html

Quote

This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.

A little old, but this just doesn't seem to add up...

WMD · « **Reply #1 on:** 9 May 2006, 02:06 »

It probably counts the same thing in each distribution as its own.

toadlife · « **Reply #2 on:** 9 May 2006, 02:15 »

Quote from: WMD

It probably counts the same thing in each distribution as its own.

No it doesn't but they do count vulnerabilities more than once. For example...

For linux/unix...

Quote

Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)

And in Windows too...

Quote

Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)
Microsoft Windows ANI File Parsing Errors (Updated)

TB · « **Reply #3 on:** 9 May 2006, 05:14 »

Plus one must consider the whole closed/open source factor. Only Microsoft can truly know how many security holes Windows has.....assuming that they actually have people looking for them (a little voice inside me is saying they probably don't).

piratePenguin · « **Reply #4 on:** 9 May 2006, 11:04 »

"Winamp Arbitrary Code Execution" ???
Is winamp part of Windows or something?

Aloone_Jonez · « **Reply #5 on:** 9 May 2006, 11:33 »

It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once.

piratePenguin · « **Reply #6 on:** 9 May 2006, 19:30 »

Quote from: Aloone_Jonez

It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once.

Even then it's still numbers.

Something like "one year on default Ubuntu + updates and one year on default Windows XP + updates - who's been safer?" would be more useful. (I can't imagine Windows not having it's ass handed to it because, afterall, it ships with IE with ActiveX enabled.)

inane · « **Reply #7 on:** 10 May 2006, 02:48 »

These people are ran by the National Cyber Security Division and according to Wikipedia "An audit of the division, conducted by DHS's inspector general Clark Kent Ervin, cast a negative view on the division's first year. Although the report praised the formation of the US Computer Emergency Readiness Team (US-CERT) and its cyber alert system, the division received criticism for failures to set priorities, develop strategic plans and failing to provide effective leadership in cyber security issues."

Secondly keep in mind that they probably run on some POSIX variant...

Pathos · « **Reply #8 on:** 10 May 2006, 10:16 »

The numbers are not indicative of the true number of security flaws.

but I think we have to realize XP has had no real enhancements since it was released and has been getting security reports for years and has only been making changes as required.

Linux is always being extended and I don't think its had the same coverage that windows has had in the past.

H_TeXMeX_H · « **Reply #9 on:** 15 May 2006, 06:18 »

How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier.

toadlife · « **Reply #10 on:** 15 May 2006, 06:26 »

Quote from: H_TeXMeX_H

How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier.

Well I've read on more than one occassion from security professionals that in *nix OS's, it is generally easier to escalate priviledges than in Windows.

How would this "test" of yours work anyhow?

H_TeXMeX_H · « **Reply #11 on:** 15 May 2006, 06:34 »

I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack.

toadlife · « **Reply #12 on:** 15 May 2006, 06:45 »

Quote from: H_TeXMeX_H

I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack.

Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon.

How about IIS6 vs Apache? If it were that, my money would be on Windows/IIS6.

H_TeXMeX_H · « **Reply #13 on:** 16 May 2006, 06:17 »

Come on ... I'm sure a real 1337 haxxor can hack anything

piratePenguin · « **Reply #14 on:** 16 May 2006, 07:07 »

Quote from: toadlife

Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon.

How about IIS6 vs Apache? If it were that, my money would be on Windows/IIS6.

You mean "(Windows Server 2003 or Windows XP Professional x64 Edition) and IIS6", seeing as that's all II6 runs on.

Author Topic: Interesting...Windows security flaws < UNIX's? (Read 1053 times)

ReggieMicheals

Interesting...Windows security flaws < UNIX's?

WMD

Re: Interesting...Windows security flaws < UNIX's?

toadlife

Re: Interesting...Windows security flaws < UNIX's?

TB

Re: Interesting...Windows security flaws < UNIX's?

piratePenguin

Re: Interesting...Windows security flaws < UNIX's?

Aloone_Jonez

Re: Interesting...Windows security flaws < UNIX's?

piratePenguin

Re: Interesting...Windows security flaws < UNIX's?

inane

Re: Interesting...Windows security flaws < UNIX's?

Pathos

Re: Interesting...Windows security flaws < UNIX's?

H_TeXMeX_H

Re: Interesting...Windows security flaws < UNIX's?

toadlife

Re: Interesting...Windows security flaws < UNIX's?

H_TeXMeX_H

Re: Interesting...Windows security flaws < UNIX's?

toadlife

Re: Interesting...Windows security flaws < UNIX's?

H_TeXMeX_H

Re: Interesting...Windows security flaws < UNIX's?

piratePenguin

Re: Interesting...Windows security flaws < UNIX's?

Share or donate

« previous next » Print Pages: [1] 2 Go Down Author Topic: Interesting...Windows security flaws < UNIX's? (Read 1053 times) ReggieMicheals Member Posts: 186 Kudos: 228 Interesting...Windows security flaws < UNIX's? « on: 9 May 2006, 00:36 » http://www.us-cert.gov/cas/bulletins/SB2005.html Quote This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities. A little old, but this just doesn't seem to add up... Logged Operating System Advocacy. I've given up on the Microsuck project, as well as any of the minisite spinoffs. You can still view the new beta site, though! WMD Global Moderator Posts: 2,525 Kudos: 391 Re: Interesting...Windows security flaws < UNIX's? « Reply #1 on: 9 May 2006, 02:06 » It probably counts the same thing in each distribution as its own. Logged My BSOD gallery "Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez toadlife Member Posts: 730 Kudos: 376 Re: Interesting...Windows security flaws < UNIX's? « Reply #2 on: 9 May 2006, 02:15 » Quote from: WMD It probably counts the same thing in each distribution as its own. No it doesn't but they do count vulnerabilities more than once. For example... For linux/unix... Quote Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated) And in Windows too... Quote Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Microsoft Windows ANI File Parsing Errors (Updated) Logged TB Member Posts: 112 Kudos: 0 Re: Interesting...Windows security flaws < UNIX's? « Reply #3 on: 9 May 2006, 05:14 » Plus one must consider the whole closed/open source factor. Only Microsoft can truly know how many security holes Windows has.....assuming that they actually have people looking for them (a little voice inside me is saying they probably don't). Logged piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Interesting...Windows security flaws < UNIX's? « Reply #4 on: 9 May 2006, 11:04 » "Winamp Arbitrary Code Execution" ??? Is winamp part of Windows or something? Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. Aloone_Jonez Administrator Posts: 4,083 Kudos: 954 Re: Interesting...Windows security flaws < UNIX's? « Reply #5 on: 9 May 2006, 11:33 » It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once. Logged This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft. Oh and FUCKMicrosoft! :fu: piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Interesting...Windows security flaws < UNIX's? « Reply #6 on: 9 May 2006, 19:30 » Quote from: Aloone_Jonez It'd total bullshit, you can only count vunerabilities in core system componants like the network services and kernel and what's with counting the same ones more than once. Even then it's still numbers. Something like "one year on default Ubuntu + updates and one year on default Windows XP + updates - who's been safer?" would be more useful. (I can't imagine Windows not having it's ass handed to it because, afterall, it ships with IE with ActiveX enabled.) Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. inane Member Posts: 107 Kudos: 233 Re: Interesting...Windows security flaws < UNIX's? « Reply #7 on: 10 May 2006, 02:48 » These people are ran by the National Cyber Security Division and according to Wikipedia "An audit of the division, conducted by DHS's inspector general Clark Kent Ervin, cast a negative view on the division's first year. Although the report praised the formation of the US Computer Emergency Readiness Team (US-CERT) and its cyber alert system, the division received criticism for failures to set priorities, develop strategic plans and failing to provide effective leadership in cyber security issues." Secondly keep in mind that they probably run on some POSIX variant... Logged Pathos Member Posts: 518 Kudos: 416 Re: Interesting...Windows security flaws < UNIX's? « Reply #8 on: 10 May 2006, 10:16 » The numbers are not indicative of the true number of security flaws. but I think we have to realize XP has had no real enhancements since it was released and has been getting security reports for years and has only been making changes as required. Linux is always being extended and I don't think its had the same coverage that windows has had in the past. Logged H_TeXMeX_H Member Posts: 1,988 Kudos: 494 Re: Interesting...Windows security flaws < UNIX's? « Reply #9 on: 15 May 2006, 06:18 » How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier. Logged toadlife Member Posts: 730 Kudos: 376 Re: Interesting...Windows security flaws < UNIX's? « Reply #10 on: 15 May 2006, 06:26 » Quote from: H_TeXMeX_H How about this ... get a 1337 haxxor and ask him which system is easier to hack Window$ or Linux (when both are "properly configured") ... I'm betting on Window$. Or put them to the test, see which one is compromised faster, easier. Well I've read on more than one occassion from security professionals that in nix OS's, it is generally easier to escalate priviledges than in Windows. How would this "test" of yours work anyhow? Logged H_TeXMeX_H Member Posts: 1,988 Kudos: 494 Re: Interesting...Windows security flaws < UNIX's? « Reply #11 on:* 15 May 2006, 06:34 » I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack. Logged toadlife Member Posts: 730 Kudos: 376 Re: Interesting...Windows security flaws < UNIX's? « Reply #12 on: 15 May 2006, 06:45 » Quote from: H_TeXMeX_H I dunno, take two identical computers, on one install Window$ on the other Linux, then beef them both up security-wise (harden them), and then get a group of 1337 haxxors and have them hack in remotely. As proof of entry they leave a text document behind or alter some part of the system. Then see which one takes longer to hack. Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon. How about IIS6 vs Apache? If it were that, my money would be on Windows/IIS6. Logged H_TeXMeX_H Member Posts: 1,988 Kudos: 494 Re: Interesting...Windows security flaws < UNIX's? « Reply #13 on: 16 May 2006, 06:17 » Come on ... I'm sure a real 1337 haxxor can hack anything Logged piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Interesting...Windows security flaws < UNIX's? « Reply #14 on: 16 May 2006, 07:07 » Quote from: toadlife Ok. If "hardening" meant, both would have firewalls enabled then nobody would ever get into either system. If it meant not enabling a firewall, but disabling all services, then nobody would ever get into either system. In order for the systems to be hackable at all, they would have to be running some sort of daemon. How about IIS6 vs Apache? If it were that, my money would be on Windows/IIS6. You mean "(Windows Server 2003 or Windows XP Professional x64 Edition) and IIS6", seeing as that's all II6 runs on. Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. Print Pages: [1] 2 Go Up « previous next » Stop Microsoft » Forum » All Things Microsoft » Microsoft Software » Interesting...Windows security flaws < UNIX's?
Share or donate