back to article And the buggiest OS provider award goes to ... APPLE?

Apple's operating systems and Linux racked up more vulnerability reports than Windows during 2014, according to research from security outfit GFI. Cupertino's OS X and iOS platforms topped the 2014 bug charts with 147 and 127 holes disclosed in each, nudging out the Linux Kernel with 119 flagged flaws, the National …

Silver badge

Re: This is not a football match. @h4rm0ny

There's not much I can argue against in that post. Seems to be (sadly) right on the money. Especially your summary of the main distros. I'm quite sure that Poettering probably would take it on - seeing as there's nothing he's encountered so far that he hasn't tried to vacuum into systemd. But like you, that's not a solution I look forward to seeing.

2
0
LDS
Silver badge

Re: This is not a football match.

It looks you never used AD and printers. In Windows you can load printer drivers on a server, and have them automatically deployed when a user adds a printer. Users can search for printers in AD (and you can search also for printer features), or printers can be automatically added through group policies. You can set them up per site, so if a user moves it will always find the nearest printers already added.

Even Plug&Play has been doing for years what you say CUPS does, and since it can look for drivers from Windows Update (or a WSUS server ), unless you want the latest drivers from the manufacturer, the printer is added automatically.

CUPS comes with many drivers as well, but it often lacks specific drivers to exploit specific printers functionalities, especially the high end photo printers.

0
0

Are issues being found because we are looking harder, or because more are being made, or both? Who knows, as you can't come to any useful conclusion from this data.

2
0
Silver badge

Comparing like with like ?

It is very hard to see what they are comparing with what. If it is a default install then all operating systems will install a very different collection of applications ... this makes a naive comparison meaningless.

4
4
Silver badge
Thumb Up

Re: Comparing like with like ?

If you read the linked article, he actually breaks it down by GNU/Linux distribution (that's even referred to in El Reg's summary) and he also addresses break down of the vulnerabilities between OS and application. He's actually done an extremely good job here - I'm impressed.

4
1
Silver badge

Not comparing at all

The purpose of the source article is to demonstrate the importance of keeping up to date with the patches with whatever software you are using. No-one gets to sit back and say "I don't need no steeking patches", no matter what OS they are using. The statistics do point at two important security tips not mentioned in the article: "If you do not need it, do not install it", and "If at all possible, turn it off".

For a proper comparison, you need to know what is being defended, and who it is being defended against. Publicised exploit statistics are not a good source for comparison. I would suggest setting up multiple high value targets with the same budget, regularly pulling the hard disks, comparing the contents to a clean install and seeing which OS survives the longest.

3
0
Silver badge

Re: Comparing like with like ?

@alain williams - "It is very hard to see what they are comparing with what."

It's easy, he's comparing apples to oranges. For example, I just went to the NIST database and did a few queries of my own. Red Hat Enterprise had a total of 37 vulnerabilities, and that included things like vulnerabilities in Java (which might be better classified as third party).

So why does all of RHEL have fewer vulnerabilities than the Linux kernel supposedly does on its own? The reason is simple, I took a quick scan over the Linux kernel vulnerability list, and it was dominated by new "releases" such as 3.17 or 3.18. I'm running a fairly new user kernel, and it's only 3.13.

A "release" by Kernel.org doesn't automatically go into production on RHEL, Suse, or Ubuntu. Kernel development is time based, and each "release" is simply whatever they happened to have when the release date (every few weeks) rolls around. You don't install kernels from Kernel.org unless you are either a kernel developer, or else you are really, really adventurous. Instead, you wait for your distro to test and package one up, and they won't do that until it has been tested. That's not even taking into account the difference between development releases and long term support releases (which I won't go into).

That doesn't even take into account the fact that the kernel that Red Hat (for example) releases is not the same thing that the central kernel developers released. Red Hat, Suse, etc. add their own fixes and patches, and send the results upstream (with a CVE) as well as to their customers. That's what distros get paid to do.

To get the equivalent to this for Windows, you would need access to Microsoft's internal bug tracker and then report "oh noes! Windows 12 development version has bugs in it!". Well no guff, non-released development software does indeed have some serious bugs. The question that matters is how many of those bugs make it out into an actual public release that people are expected to use for serious work. Because Linux development takes place out in the open instead of behind closed doors, you get to see all the internal screw-ups before they get fixed that you don't get to hear about when they happen in the development of proprietary code. What matters to you and I though is what gets shipped as a final product.

So why did GFI spaff out some rather obvious guff? Well:

a) They really have no idea what they're doing, or

b) They're trolling for business from panicked users by positioning pumped up numbers in the press.

I would take a guess that the answer is "a", someone knows how to click on a NIST web form, but has no idea what the numbers really mean. If that's the sort of company you want to pay to handle your security for you, then good luck.

3
0
Silver badge

Android

Android isn't in the list. I went back to the original article and found its entry:

6 total vulnerabilities 4 high severity 1 medium severity 1 low severity

This is really interesting. Why? Because the state of actual security of Android in the wild is atrocious. And yet in terms of vulnerabilities the OS itself is pretty low. Why the contradiction? Most people probably are already answering: OEMs. Regardless of whether it should be the OEMs stepping up or Google having set up a different model in the first place, the unpatched and out of date Android systems out in the world are innumerable. Vulnerability stats aren't the only key part of security - update model is a critical part so any discussion about relative security of different platforms needs to include this.

If Google genuinely thought that their 90 day policy improved security then where they should direct it, is against their own OEMs. Either Google is responsible for Android security or it is not. And if it is not (as is frequently stated by those who argue against critics of Android security), then Google should be treating the OEMs that same as it treats other companies such as Apple and Microsoft. Android is currently where Microsoft was in the XP era - fragmented updates across a userbase that is largely security-ignorant. And like Android, MS wasn't selling it directly in many of these cases, but leaving responsibility with the OEMs.

MS eventually realized two things: One, whether it was the OEMs fault or not, it was harming them. Two, educating users on security wasn't working. So they took back control and they started putting in their own security tools even though that upset their business partners who sold anti-virus software of their own. Google needs to look at doing the same thing even if it's painful or upsets their OEMs.

14
2
Anonymous Coward

Re: Android

Many OEMs just don't care. I recently asked ZTE about my phone, which I bought in January.

Their answer was, It's a device we designed in 2013, we no longer care about it. So I'm stuck with Android 4.1. Hopefully this phone will last long enough for something that actually meets my needs comes on the market.

That or maybe I'll just wean myself off the need for a mobile phone and the mobile carriers/phone makers/etc can do without my business.

1
0
Silver badge

Re: Android

I don't know that OEMs are necessarily the biggest problem. By far the biggest issue Android has is that idiots will happily install every piece of malware they can find as long as it pretends to be a free fart app. It doesn't matter how secure and up to date the OS might be if the user happily gives all the malware they can find full access to everything.

0
0
Silver badge

Re: Android

>>"By far the biggest issue Android has is that idiots will happily install every piece of malware they can find as long as it pretends to be a free fart app"

That's what I meant when I compared it to XP and how trying to educate users just didn't work for MS which was what they tried to do for a long time. Send an attachment saying "BritneySpearsNaked.exe" and half of my colleagues back then would cheerfully infect themselves. :( That's why pretty much every Windows system these days as anti-virus built in by default and tools like SmartScreen. Microsoft gave up waiting for the kids to grow up and just went back into parent mode (for better or worse).

You can't stop people being stupid, but there's definitely room for Google to work on the same problem with Android.

2
0
Silver badge

Re: Android

Your statutory rights are unaffected by manufacturer's interpretations. You are perfectly within your rights to insist upon repair or replacement if you can demonstrate a defect in the product. IANAL but a known security vulnerability should count. Mention this and a possible to trip to the small claims court the next time you speak to them.

0
0
Anonymous Coward

Re: Android

"Android isn't in the list. I went back to the original article and found its entry:

6 total vulnerabilities 4 high severity 1 medium severity 1 low severity"

That still sucks compared to say Windows Phone 8 on zero vulnerabilities...

1
1

Re: Android

>>This is really interesting. Why? Because the state of actual security of Android in the wild is atrocious.

This is doubly interesting.

I know what tune exactly you're humming, h4rmony, yet let me kindly ask your definition of the security in the wild? There is a virus/trojan in the lab or wild receptively. Never heard about "security in the wild", though.

Or is it a number of Android apps lurking "in the wild" awaiting for users' installation? The statistics of bad wares is meticulously conducted by many AV vendors and reflected in the press, not that it goes very well with my own "local" experience...

If that was the atrocity you're talking about, why didn't you say a word in all of the previous posts about the Windows viruses/trojans atrocious "security in the wild"?

Even if one discounts viruses, those two atrocities beg to differ quite much though, IMHM.

1) How do you prevent installing a trojaned application? On Windows -- by using an AV (recommended by Microsoft) often after the installation. On Android -- by analyzing the transparent apps permissions before the installation.

2) The destructive capabilities of an app. On Windows, the installer does not mandate running it as a separate user and usually ends up running as a current user or admin. Android's installer creates a new user for the app, effectively separating the apps away from all other apps and processes.

3) Third is my experience of not having met a single Windows user that had no malware problem (in the past at least) and likewise, never seeing an Android user that had installed a trojaned app once.

0
1
Silver badge

Re: Android

>>"I know what tune exactly you're humming, h4rmony, yet let me kindly ask your definition of the security in the wild? There is a virus/trojan in the lab or wild receptively. Never heard about "security in the wild", though."

"In the wild" means real world common usage. So if an OS has fixes for 70% of its vulnerabilities, but most of those fixes aren't installed by the majority of the OS's user base, as is the case with Android, then there is a large discrepancy between the OS in the wild and in the more controlled environments of the vendor and minority exceptions.

>>"If that was the atrocity you're talking about, why didn't you say a word in all of the previous posts about the Windows viruses/trojans atrocious "security in the wild"?"

Because the point I was making was the importance of patch release processes and how OEMs are severely damaging Android security and making it a joke in the IT world through their unwillingness to patch things. I didn't go on a tangent about Microsoft or viruses because these are irrelevant to whether what I say or not is accurate. All supported Windows OS installations have access to the latest patches. Most Android ones do not. Hence when I talk about this problem, I'm talking about Android.

0
0

Re: Android

>>..but most of those fixes aren't installed by the majority of the OS's user base, as is the case with Android..

Despite all this deplorable situation you describe, how many times have you heard about the actual exploits of those vulnerabilities in the wild? How many times did you personally hear from users around you about highjacked Android desktops, Android scareware, sniffed password etc? What about the altera pars, MS Windows? As far as I am concerned, I know a lot of users from both of these worlds. The subjective score from my sample is "most to none" , that is most MS Windows users I know have had at least one malware problem before and specifically complained (directly or indirectly) to me about that, whilst no one I know has ever mentioned to me a single Android malware problem on his/her phone or tablet.

To me, when a "mostly unpatched" system with the "atrocious security in the wild " is less exploited than its counterpart with the mostly patched and "the great security in the wild" is a manifestation of the fact that the former has a much superior security design than the latter.

0
1
Silver badge

Re: Android

Eulampios - an argument about Android vs. Windows security based on your demands about how many times I have personally known a user affected by malware is as pointless as you creating the argument in the first place. I commented about the dire state of Android updates by OEMs and how that needed to be resolved. Why you feel the need to leap in and point at Windows to make it an OS vs. OS battle, I don't know and little care. And arguments about how you personally have never had anyone come to you for help with "highjacked Android desktops" as you put it (!), is no basis for any kind of insight.

You use the phrase "altera pars" which means listen to the other side. Why do you see things as "sides" or respond to someone pointing out a very real problem in the Android ecosystem with attacks on Windows? You are absurdly partisan and it is, quite frankly, boring.

EDIT: And as, based on previous experience, you're unlikely to let this go, I'll answer the pointless question with an answer that is equally meaningless statistically: "once". In the last couple of years I can recall one person coming to me with a problem of malware on their Windows machine. They had received one of those fake calls from people claiming to be from Microsoft and got her laptop infected. The comparison number of people who have come to me with problems with an Android phone is zero. So I suppose to you that represents Android being infinity times more secure, does it not? Anyway, most people I know have iPhones and most of those with less money have Windows Phones so far as I've actually paid attention to what my friends use. One has a Meego phone, iirc. Is any of this helpful? No, didn't think so. Maybe at least it will show how pointless you insisting on using such metrics for comparison is, however.

1
1

Re: Android

>>Eulampios - an argument about Android vs. Windows security based on your demands about how many times I have personally known a user affected by malware is as pointless as you creating the argument in the first place.

However pointless it might be to you, h4rmony, it is not necessarily pointless to the end user that have to deal or not to deal with the aforementioned malware.

>>Why you feel the need to leap in and point at Windows to make it an OS vs. OS battle,

Since you're not a moderator of the current forum, you're not to judge about my needs, so I would say and comment whatever and whenever I feel and think appropriate, shutting me up here is going against the "let the other side be heard as well" paradigm, you have alluded to.

On the other hand, although the term "altera pars" is often idiomatically used with audiatur, the 3d passive subjunctive present form of the verb "audire", to listen, it just means an-/the other side in Latin and was supposed to mean simply what is said: the "other side". Should've used the neutral koine term "ἡ ἄλλη πλευρά" instead :)

0
1

not consistent at all

This is pretty silly. Most of the bugs found on OS X were in SSL, bash and so forth that are present on Linux as well, just not in the *kernel*.

5
3
Anonymous Coward

Re: not consistent at all

Well people keep saying that open source is great because bugs and security flaws get found, then others complain when they are found.

10
1
Anonymous Coward

The writing was on the wall when Tim Cook starting firing some of the long term Apple software engineering guys.

1
4

The OS changed way to much for those developers to be useful, which is why most of them were layed-off. The OS went from being produced whole-cloth internally with tight integration between the hardware and the OS itself. Then OS X came along and they basically scrapped everything and started over with a NetBSD kernel and a shell over it. A few years later, they went and completely changed the hardware, going from PowerPC to IA-64 bringing a complete change in architecture (CISC is favor of RISC, reversal of endianess, bus changes, etc...). The current iterations of OS-X have far more in common with Windows and Linux than they do with MacOS 9. With all those changes, even the lead architect on OS-9 would be about as useful to the OS-X dev team as a philosopher would be to NASA.

1
1

MS could probably close a few of those holes...

...if it just switched some of the security options in Windows on by default.

Will they at least get rid of Admin accounts as the default and integrate EMET into Windows as standard?

Other than that I feel Windows gets its rap purely to the size of it's user base.

If there is a flaw in Windows and 90% of the worlds users use it then they need to know and the worlds media responds in the usual fashion.

If there is a flaw in OSX then it gets onto a few news articles and is usually downplayed for some reason and then slips off the radar a day later.

If there is a flaw in Linux then its posted up on a few forums for those that need to know.

But at the end of the day if anyone here can write perfect secure code with 100% reliability then please step forward with your resume...

1
0

Re: MS could probably close a few of those holes...

Microsoft has been trying to push security-by-default for the last several releases, but turning on too much at once ended up resulting in many of the issues in Vista and many of the compatibility issues you see between releases. UAC was an attempt at reducing the impact of giving users admin rights, if they strip everyone of admin rights by default, they'll just go and give themselves admin rights anyway (For the same reason that I see so many Linux newbies just log on as root after becoming frustrated with running sudo when they just want to install a single package).

The problem is that Microsoft wants to implement new security features, but they also need to pay the bills. No one is going to buy a copy of Windows that they'll have to wait months before software gets properly re-written to run in a secure environment.

0
0
MJI
Silver badge

the Apple bugs are ?

Well are they Apples or are they BSDs?

0
0
Anonymous Coward

Re: the Apple bugs are ?

I count 24 OS patches across all supported versions of FreeBSD for all of 2014. And that does include some things like OpenSSL (6 patches alone) that are included as part of the OS distribution, but not BASH (Shell Shock) that only affected completely optional software. Also, that is patches, which are generally fewer than the number of bugs discovered.

0
0
Silver badge
Gimp

Apples compared to Oranges

OK, I admit it - I read the original article. Not the best headline unless Betteridge's Law applies?

The original article states that Windows 8.x and Internet Explorer combined have 278 vulnerabilities including 242 High Level vulnerabilities. OS X and Safari have 217 including 67 High Level vulnerabilities...

2
6
Meh

Re: Apples compared to Oranges

You can choose your browser but you are stuck with the OS.

Foundations built upon sand as the old fable goes.

2
1
Silver badge

Re: Apples compared to Oranges

@Britt

These are client systems, not minimal Debian or OpenBSD server installations that can do useful stuff without a browser - Have you tried running OS X or Windows without their bundled browsers? You can't uninstall the core components on either machine, but you can uninstall a lot more of Safari. I note that Chrome and Firefox also have more high level vulnerabilities than Safari, so if you were using OS X you might not bother.

0
2
Meh

Re: Apples compared to Oranges

That's OK then. It's not like swathes of people click on the "Faster browsing!" button every time people hit up Google is it.

Once again, if the foundations are less than desirable, no matter how good or bad the applications running on top are, it's still Swiss cheese.

2
1
Anonymous Coward

Re: Apples compared to Oranges

"The original article states that Windows 8.x and Internet Explorer combined have 278 vulnerabilities "

But that IE number is the total vulnerabilities for all versions of IE from all current OS versions...

1
0

Stop counting CVEs!

I can well believe Windows has got to a stage where security vulnerabilities are not as prevalent (relatively - they're probably absolutely more prevalent) as they once were, but...

Stop counting CVEs!

It's not even accurate enough for a ballpark figure.

CVEs are public (after any embargo). Not all security vulnerabilities are made public, and Microsoft are as guilty as, if not more than, any other vendor. Its CVE counts like this that actually encourage vendors to avoid disclosure if at all possible.

Microsoft handles its own CVEs, as do other vendors such as Red Hat. Sure, they all have guidelines on what to issue CVEs for, but all CVEs are not equal. A single CVE identifier is supposed to cover one issue, yet Microsoft has been known to issue one CVE covering many vulnerabilities.

Disclosure of security vulnerabilities is not exposure to security vulnerabilities. The timely disclosure of vulnerabilities is more likely to prevent exposure because it gives those actually maintaining the systems the opportunity to mitigate the vulnerabilities. The very fact the Microsoft complained about Google's 90-day disclosure policy, that's ~3 months by the way, means they are not fixing vulnerabilities they know about in a timely manner. You can't assume that just because a vulnerability is not widespread public knowledge that attackers don't know about it. This goes even more so for a vulnerability that has already been reported to the vendor -- at least one other actor, the reporter, knows about the vulnerability, and you should assume that others do too.

6
2
Anonymous Coward

Lies, damned lies...

"more nasties in Mac OS ... than in Windows"

This is true only if you compare apples and oranges.

The table shows that, if you combine all versions listed, Windows OS has 248 vulnerabilities, making Microsoft the clear winner/loser (always assuming that no nasty is double-counted).

Statistics can be tricky - but they're not that tricky.

7
10
Silver badge
Facepalm

Re: Lies, damned lies...

>>"The table shows that, if you combine all versions listed, Windows OS has 248 vulnerabilities, making Microsoft the clear winner/loser (always assuming that no nasty is double-counted)."

Do you really think that most of the vulnerabilities listed for "Windows 8.1" are not also vulnerabilities in "Windows 8"? That there isn't massive overlap between the different versions and you're not just counting the same vulnerability twice? Maybe we should add up all the different Linux distributions make Linux the worst OS instead of OSX? It's using the same logic you just have!

"Statistics can be tricky - but they're not that tricky."

Too tricky for you, nitwit.

16
7

Re: Lies, damned lies...

I think you might not have understood the numbers. They describe vulnerabilities found that affect each system. Consequently, the same vulnerability can affect more than one version and is represented in the numbers multiple times.It therefore makes no sense to sumg the numbers for windows since the total is meaningless. An easy to see example is compariosn of v8 to v8.1 figures, which are identical because they share so much code that the vulnerabilities tend to work on both.

2
0
Anonymous Coward

Re: Lies, damned lies...

"Too tricky for you, nitwit."

As the nitwit in question, I should maybe point out that language can be tricky too, especially if you ignore part of what's written. Didn't you notice what I said about double counting?

There is no evidence in the article which enables anybody to say how many vulnerabilities in Win 8 also affect Win 8.1 (to use your example). There may be 'massive overlap', as you suggest - but, on the basis of the table we have, all we can say for certain is that it is between 0% and 100% (inclusive). At least, that's all I can say - and that's all I did say.

2
3
Silver badge

Re: Lies, damned lies...

>>"As the nitwit in question, I should maybe point out that language can be tricky too, especially if you ignore part of what's written."

Yes, I did. You put a minor get-out clause in there and then proceeded to roll forward with your conclusion anyway.

>>"There is no evidence in the article which enables anybody to say how many vulnerabilities in Win 8 also affect Win 8.1 (to use your example).

It doesn't need to be in the article. We can bring the context ourselves. Windows 8.1 and Windows 8 are overwhelmingly the same code base and this is trivial to check by inspection if you doubt it. 8.1. is mostly some GUI changes. One would have to be entirely ignorant of this fact to think summing the total of two different versions of Windows was a legitimate comparison to a single version of OSX.

>>"At least, that's all I can say - and that's all I did say."

That isn't all that you said. You titled your post "lies, damned lies and statistics", stated that it was comparing apples to oranges and declared Microsoft to be the "loser" with a small admission that it might not be true. When anyone with any context would rightfully throw out the idea of summing the bugs from 8 and 8.1 after a moment's thought. Your entire post is based on a premise that is trivial to show is wrong. That you acknowledge the premise doesn't mean it's not silly to hold it up as a reasonable possibility.

5
3
Anonymous Coward

Re: Lies, damned lies...

"The table shows that, if you combine all versions listed, Windows OS has 248 vulnerabilities, making Microsoft the clear winner/loser (always assuming that no nasty is double-counted)."

Well they will be double (or more!) counted if you add together all different Windows OS versions - and compare to one Mac-OS version....

0
0
Anonymous Coward

Re: Lies, damned lies...

"8.1. is mostly some GUI changes"

It was a 3.6GB download on top of Windows 8. That's a lot of GUI...

0
0
Silver badge

Re: Lies, damned lies...

>>"It was a 3.6GB download on top of Windows 8. That's a lot of GUI..."

That update pack incorporates the majority of the patches and updates that were issued to Windows 8 in between 8 and the release of 8.1. What you downloaded isn't just updates to the UI, it bundles together all of the intervening changes that Windows 8 receives as well.

0
0

I think the long and the short of it is...

...whichever OS you choose, you cannot afford to be complacent.

We all need to accept that our fave OS could bite us at any time.

4
0

Why no Windows Server 2008 r2 or 2012 R2?

They do realise that 2008 and 2008R2 are completely different OS's. One based on Vista and the other on Windows 7.

I hope they're not bundling them both in together as 2008.

3
0
Roo
Silver badge
Windows

"For example, unlike Windows, the Linux Kernel can be upgraded independently of the rest of the operating system; therefore it is hard to link Linux Kernel vulnerabilities to a specific Linux distribution or Linux distribution version."

If Florian gave a fuck about producing an accurate or useful picture for the punter, all he had to do was pick a distribution, and take an inventory of the kernel revisions that got punted with that distro over the year. It's not hard, the information is in the public domain.

Instead, Florian has decided to use a methodology that produces a figure that isn't representative of what a real world Linux user would encounter (because in practice distributions ship a small fraction of the kernel revs that are out there), but just happens to be the biggest possible value he could arrive at with the least amount of effort.

He really shouldn't have bothered.

3
6
Roo
Silver badge
Windows

Care to elaborate on the reason behind the down vote or are you simply trying to bury bad news for a shilling ?

2
6

Chalk and 492 variants of cheese

Talking about 'Linux' is a bit like talking about 'cheese'. There are so many different distros - some are based on kernels and repositories that are months behind the latest releases and are more likely to have bugs and security flaws.

Also, being open source, Linux software is generally more open to scrutiny. Flaws are published as they are found whereas proprietary systems often have flaws going back years that the manufacturers have been keeping quiet about.

1
4
Anonymous Coward

"If Florian gave a fuck about producing an accurate or useful picture for the punter, all he had to do was pick a distribution, and take an inventory of the kernel revisions that got punted with that distro over the year."

But then he would have had to include all the other software in a Linux distribution - which would be ~ 5 times more vulnerabilities according to the article...

1
2
Silver badge

When it comes down to severe vulnerabilities Linux kernel & Windows are more or less level. It's Apple that has the problems. Also that pariah of applications, Flash, comes out lower than IE, Chrome and Firefox but a larger proportion of vulnerabilities are severe. Another oddity: Seamonkey which combines browser and Thunderbird functionality comes out lower than either Firefox or Thunderbird.

1
2

Obscurity versus no obscurity

Seems strange that proprietary Apple relies on obscurity so they should really have less 'visible' holes.

Quite worrying, far more so than the continued non reporting of their often flaky OS systems.

0
3
WTF?

Put up or shut up

A methodology that generates a result that's so much at variance with common experience needs to come with an explanation. Or at least a theory.

Windows is difficult to make secure because of its structure and complexity, and all the wonderful "features" which seemed like a good idea (to Microsoft) but are now forgotten, but still available (to hackers).

3
8
Silver badge

Re: Put up or shut up

>>"A methodology that generates a result that's so much at variance with common experience needs to come with an explanation. Or at least a theory."

Who says that it is at variance with common experience? I've generally found GNU/Linux and Windows to be comparable in security (assuming competent admin in both cases) with a slight practical edge to Windows because of their more standardized (imo) release process.

>>"Windows is difficult to make secure because of its structure and complexity, and all the wonderful "features" which seemed like a good idea (to Microsoft) but are now forgotten, but still available (to hackers)."

Like being able to pass in function definitions by text to Bash as an environment variable? Shame on you - this is the first out and out partisan post in this thread.

EDIT: What did I say in my first post here? We'll find out when it gets to lunch time? Lo and behold it hits 12:30 and we suddenly get our first two partisan shots. *sigh*

6
3

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018