This was a response to "Correct me if I'm wrong" posted by an irrate Linux FUD-er. ( http://www.zdnet.com/six-open-source-security-myths-debunked-and-eight-real-challenges-to-consider-7000014225/ )
You're wrong and probably never worked for a software company.
I've been through this a couple times before, but I'll describe it again.
Software versions are charactized by version numbers, in my case, when I worked for Bentley Systems, a version was designated by numbers like 05.07.01.22.
Software, like Firefox makes versions for Windows and Linux among others. Basically the core parts of the program operate in the same manner and the API is different to work on Linux and adjustments are made for libraries, directories, etc.
The dirty little secret here at ZDNet and among the shills is that they blame an application for allowing an intrinsic problem or vulnerability with the OS to be accessed. Shills, Ed, and ZDNet are great at blaming the application, such as Chrome or Firefox for the problem and not addressing the core Windows vulnerability. Then, they read documentation and without knowing anything about how things are done, blame the Linux counterparts, because they are listed.
The problem is that items present in the application allow the core Windows vulnerability to be used to infect Windows. The application issue may also be present in the Linux version, but because Linux is so much more secure than Windows, there is no problem or infection with Linux. The only way Linux could be infected is if the malware could read the mind of the user and get his password.
Developers review the Windows version issue and make adjustments so it does not allow the Windows vulnerability to be addressed and also make the change across the board to all sister versions to maintain consistency. Because you are naive and see Ubuntu listed as affected, it does not mean Ubuntu ever had a security issue at all, the Ubuntu version is just having the code changed for consistency. In other words, no application for Windows is ever going to fully prevent all the Windows critical flaws from being accessed. Those application characteristics causing the Windows issues may be present the Linux version, but can't be used to attack Linux, but are being changed anyway. In most cases, the change may be an operating improvement and be more efficient.
It's so silly to ZDNet pull the same BS over and over again, year after year. If you want to believe it, you are only following the ZDNet propaganda trail, Do yourself a favor, pour yourself a strong one, and install Ubuntu or Mint on a second machine, run it as a Live DVD, or install it as a dual boot and your primary computer. Then, install, Chrome, Opera or any other open source program you like and try to get infected. Then come back here and post the Website and how you got infected. That's something that no one, in all these years of accusations has ever been able to do. Once you see that you don't get infected you;ll begin to see how ZDNet twists information and is just a stooge for Microsoft.
As far as you referencing Linux Torvalds and the linux.com issue it was related to stolen passwords. Anyone who gets poorly secured passwords an attacks a system can't be stopped. Most times the admins are storing their login information on a Windows box, that gets easily hacked by a zero-day or a crafted emai that allows access. Remember the big ZDNet push for articles about Google, which runs 100% Linux getting hacked? Well, two Chinese employees were storing data on a Windows notebook and it easily got hacked. Since then, Google forbids employees from using Windows or work. you don't hear about that anymore here, do you? Forbidding employees to do company work on Windows is the single most important any manager can make.
If you dig deeply into these articles against open source and Linux, you will find, as I have, that the core problem is Windows and you will see a critical update down the road, at a later time to silently correct the Windows problem. But that is never brought up here.
Software versions are charactized by version numbers, in my case, when I worked for Bentley Systems, a version was designated by numbers like 05.07.01.22.
Software, like Firefox makes versions for Windows and Linux among others. Basically the core parts of the program operate in the same manner and the API is different to work on Linux and adjustments are made for libraries, directories, etc.
The dirty little secret here at ZDNet and among the shills is that they blame an application for allowing an intrinsic problem or vulnerability with the OS to be accessed. Shills, Ed, and ZDNet are great at blaming the application, such as Chrome or Firefox for the problem and not addressing the core Windows vulnerability. Then, they read documentation and without knowing anything about how things are done, blame the Linux counterparts, because they are listed.
The problem is that items present in the application allow the core Windows vulnerability to be used to infect Windows. The application issue may also be present in the Linux version, but because Linux is so much more secure than Windows, there is no problem or infection with Linux. The only way Linux could be infected is if the malware could read the mind of the user and get his password.
Developers review the Windows version issue and make adjustments so it does not allow the Windows vulnerability to be addressed and also make the change across the board to all sister versions to maintain consistency. Because you are naive and see Ubuntu listed as affected, it does not mean Ubuntu ever had a security issue at all, the Ubuntu version is just having the code changed for consistency. In other words, no application for Windows is ever going to fully prevent all the Windows critical flaws from being accessed. Those application characteristics causing the Windows issues may be present the Linux version, but can't be used to attack Linux, but are being changed anyway. In most cases, the change may be an operating improvement and be more efficient.
It's so silly to ZDNet pull the same BS over and over again, year after year. If you want to believe it, you are only following the ZDNet propaganda trail, Do yourself a favor, pour yourself a strong one, and install Ubuntu or Mint on a second machine, run it as a Live DVD, or install it as a dual boot and your primary computer. Then, install, Chrome, Opera or any other open source program you like and try to get infected. Then come back here and post the Website and how you got infected. That's something that no one, in all these years of accusations has ever been able to do. Once you see that you don't get infected you;ll begin to see how ZDNet twists information and is just a stooge for Microsoft.
As far as you referencing Linux Torvalds and the linux.com issue it was related to stolen passwords. Anyone who gets poorly secured passwords an attacks a system can't be stopped. Most times the admins are storing their login information on a Windows box, that gets easily hacked by a zero-day or a crafted emai that allows access. Remember the big ZDNet push for articles about Google, which runs 100% Linux getting hacked? Well, two Chinese employees were storing data on a Windows notebook and it easily got hacked. Since then, Google forbids employees from using Windows or work. you don't hear about that anymore here, do you? Forbidding employees to do company work on Windows is the single most important any manager can make.
If you dig deeply into these articles against open source and Linux, you will find, as I have, that the core problem is Windows and you will see a critical update down the road, at a later time to silently correct the Windows problem. But that is never brought up here.
Prove that Linux gets hacked. It's something never done here.
If you feel that strongly about it, post how and where you got hacked. I'm waiting.Test the theory yourself
Get a box and harden Windows, use ANY anti-malware you like.
Get a box and install any Linux distro, any of them, pick the weakest one you can think of.
Go look at any web site you like with Firefox, Opera or Chrome on both ... NO IE (not supported on Linux).
(hint: adult content and gaming sites that are 2nd or 3rd tier are reportedly famous for infections), try google searching "most dangerous web sites".
The rules of the game are:
* only following links or using the back button icon of the browser are allowed
* if windows pop up you are not allowed to touch them anywhere (including the X to close).
* if the back button is not usable or the browser is non-responsive, close the browser with task manager.
The object is to visit infected sites and return without touching anything.
See which system is left running after 1 hour.
Please report your results HONESTLY.
* ( ... no clicking (X)
* If the browser locks up ... use the "task manager" to kill it.
0 kommentarer :
Post a Comment