On Sat, 14 Jun 2008 15:14:29 -0700, Bill Eitner wrote:
> Unbeliever wrote:
>> A J Hawke wrote:
>>> On Sat, 14 Jun 2008 18:38:10 +0100, Unbeliever wrote:
>>>> A J Hawke wrote:
>>>>> Q: Best Anti Virus?
>>>>> A: None - dump windows
>>>>
>>>> And Linux is invulnerable?
>>>
>>> Compared to Windows?
>>
>> You have not answered the question - is Linux invulnerable or not?
>
> Linux is plenty vulnerable--
> it's just not targeted to
> anywhere near the degree that
> Windows is targeted.
Apache is more popular than IIS, and over the years has had a tiny
fraction of exploitable security holes complared to what IIS has had.
There are several reasons for this:
1. Development model. The source code is developed out on the open. You
can't hang crap code all over the place because everyone will see it. A
popular open source project (apache, the linux kernel, etc.) can have
hundreds or even thousands of developers contributing to it, many of whom
are world class.
2. Full-disclosure bug re****ting model. In the past software companies
have tended to sit on bugs, even dangerous security vulnerabilities,
because they reasoned that it would be more expensive to fix them than to
lose a few of their clients. So after seeing companies sit on known
problems for years while they were being exploited in the wild, security
researchers gave the companies time to fix problems and then published
the bugs online. The free software movement has always used the full
disclosure bug re****ting model. Known bugs do not hang around very long.
I work exclusively with linux in my job but am not particularly religious
about it. But this popularity argument completely misses it.
|
