:mad:

More fun exploits for Windows...

Have a shufti here (http://www.theregister.co.uk/2006/01/11/ms_january_patch_tuesday/)

You have been warned...

and I'm not happy either...

me like cracks ... :D

well this should appease windows users...

less vunerabilities were detected in windows then in unix last year.

http://www.theregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/

And remember that most of the Linux vulnerabilities require that you have physical access to the computer to exploit...

so.... why not post the linux and bsd bugtraqs here as well huh?

Sure wizard, do a google search on freebsd exploits :) not to mention, do a search on openbsd exploits(if you find any, please submit to openbsd mailing list, cause Im 100% sure you wont find any)

i just thought it was intersting cuz both articles stem from the same news source.

anywayz i will always be happy with windoze...

keep in mind that *Nix have user heirachys ... Windows doesnt. If I attack an apache web server and get in to the system, I can only do things that the user "apache" can do... the hack does not get ROOT access to the system. (If apache is set up correctly) - same with all the rest - only if the attack happens as ROOT is the system compromised.

To compromise a windows box, just switch it on. :->

keep in mind that *Nix have user heirachys ... Windows doesnt. If I attack an apache web server and get in to the system, I can only do things that the user "apache" can do... the hack does not get ROOT access to the system. (If apache is set up correctly) - same with all the rest - only if the attack happens as ROOT is the system compromised.

To compromise a windows box, just switch it on. :->

Yup, but it looks like Microsoft is getting the idea though, there is a good chance Vista will work the same (similar) way.

Honestly its a curse having a windows machine, I am so sick of running Windows update already. Thankfully only my gaming machine runs windows. The rest all run linux, well except my firewall which is freebsd.

less vunerabilities were detected in windows then in unix last year.

- It is meaningless to use the absolute number of vulnerabilities discovered to compare two systems, because it says nothing about a.o. the severity of the vulnerabilities, in which software the vulnerabilities lie (OS or apps), or how long the vendors took to patch them.

- It is meaningless and unfair to compare the number of vulnerabilities in "Windows" to the number number of vulnerabilies in "UNIX" because the term "UNIX" refers to dozens of entirely different platforms, while Windows (more or less) refers to a single homogenous core. UNIX is not an operating system, it's not even a set of shared code - it's just a 'paper specification'. How many of those were Solaris bugs? IRIX? NetBSD? OpenBSD? FreeBSD? Linux? Darwin (i.e. OS X)? SunOS? HP-UX? AIX? UnixWare? NextStep? Xenix? System V? Open UNIX? (Note technically a few of those are only "UNIX-like" - to be a UNIX operating system you have to be certified to the specification, which AFAIK Linux is not). It seems natural to expect that a whole bunch of operating systems would, combined, have more bugs than Windows.

- Linux is free; Bill Gates is making billions every month. I would somehow expect the far more expensive system to be far more secure, simply because we pay so much for it, they should be putting far more effort into making it secure (notice how most Windows exploits are still being discovered by third parties, not even by MS? Are they even checking their own source code at all? Microsoft certainly has enough money to fix the problems ... with their profits you could hire over 200,000 programmers!)

- It's easier to find bugs in Linux and BSD because the source code is open. It seems likely that there are still hundreds of undiscovered exploits in Windows, as well as exploits that have been discovered but have not been publicly disclosed and are being quietly exploited on a daily basis to gain access to the private information of corporations (yes this happens and there are hackers who make a LOT of money doing this).

As soon as anyone talks about "number of vulnerabilities" my FUD detectors go off on 'full alert'. The bottom line to me is: How secure is a system to the end user? I.e. how much security crap (e.g. hacking/spyware/adware/viruses) does the average end user have to deal with, regardless of the reasons? E.g. if I have to recommend an operating system for my gran or dad, which one will give her/him the least worries? Currently Windows is the worst, by far.