I had no idea VISTA was still with us.
No, they dont have the vast majority of server market. They have a large share (perhaps majority) of the WEB server market, and those web servers get hacked all the time. But they are regularly backed up and restored as soon as they do get hacked. They have that majority primarily due to the high cost of licensing microsoft servers. My former employere had probably a 100 win2k servers to every linux or sco servers.
[/quote]
and yet the number of successful viral attacks can be counted in the few dozens, the worst of them a decade or more in the past.
[/quote]
Because usually when someone goes after a server they dont use a virus
You can find all kinds of exploits for linux boxes if you know where to look…just they dont get used very much. It has everything to do with market share. If linux was used on the majority of desktops, like windows, and had to be made to cater to the average user who views decent security practice as an annoyance then you would see ever bit as much of a problem with Unix. its inherent to making a computer accessible and useable to an uneducated and lazy public.
I’m not bashing linux, or really defending microsoft…I use both operating systems every day.
Depends on what you mean by a server. Microsoft has actually made very little progress in the data center, they are a small percentage of enterprise database and application servers. This doesn’t mean file and e-mail and departmental servers aren’t servers, I’m just pointing out that both of you may actually be right.
As for security, if you don’t think Unix/Linux is more secure than Windows, then lets talk about AS400. The AS400 is one of the most secure general purpose operating systems out there, I don’t think I’ve ever seen anyone in the security field dispute that. There are a few reasons they were able to achieve this, probably the biggest being capability based security (Capability-based security - Wikipedia) coupled with the fact that it is object based so it is not possible to “execute” a “file” only a “program”, and that memory access is controlled so there can be no buffer overflow.
If IBM can do it, so can Microsoft. The problem really is a business problem from their perspective: is it worth it. For IBM it was worth it because the AS400 was being placed in banks and other large businesses that required excellent security. For Microsoft they’ve come from a single user disconnected environment where security was not an issue, and now they have about 40million lines of code to change which is a big job. I think the best they can do is to keep chipping away at it.
Guess that depends on where you are and who you talk to. My previous employere…though it was a couple of years back…was over 10,000 users or so and almost all run on microsoft. We had unix servers…our security department actually would not allow linux servers until right about the time I left…and a few other platforms…but mostly application and database servers were in fact microsofft based.
well…its more complicated than that. The question is will people stand for it? You can make anything secure, but people scream when you do so. Microsoft has to balance security against what the public will accept. ust like the airlines where people bitch about having to take off their shoes.
Understood, I was just referring back to IDC stats regarding MS lack of success in the datacenter.
Yes MS needs to do a balancing act. Are you arguing they have done a good job with security and the current state of affairs is due to this balancing act? If so I would disagree.
It’s true, MS needs to bend over backwards to make their system easy to use due to the broad audience, but how does that translate into allowing buffer overflow type exploits? That is one thing that is simple to prevent and, frankly, should never happen. I will give MS credit for things they do well (SQL Server is far easier to use than DB2 or Oracle), but I won’t give them a pass on security and stability. I understand why they are in the position they are due to historical reasons, but I disagree that it is inevitable because I have worked on systems that were rock solid, I know it can be different.
Sure. It was put under the AmeriCorps umbrella before I served, but it still exists.
Competitors=people making viruses, or competitors=anti-virus companies? The former is silly, and as for the latter, could they actually be successfully sued for making a business that exploits their current weaknesses unnecessary? It sounds like it would were there a cancer vaccine created and oncologists chose to sue the makers of the vaccine.
The latter.
Some of the complaints contained in previous lawsuits against Microsoft were no less ridiculous. Browser developers whined that bundling IE with windows was unfair competition. From a security standpoint, while it is good to try to eliminate exploitable weaknesses, it is as important to develop virus detectors that target the techniques used by the virus writers to achieve an effective security solution to viruses. Yet just as with the bundling of the browser, any attempt to bundle an anti-virus application would surely invite new lawsuits from the big AV companies.
The reason people won’t stand for it is that the old OS was designed that you had to be an Administrator to do things that you shouldn’t have to be an admin to do. I had root on my workstation, and installed lots of stuff, but only had to switch to root when I screwed up something and had to run fsck when rebooting - once every couple of years.
The stupid people are users, not admins - who have workstations on their desks. Now we use mostly thin clients, which really reduces the opportunity for the average user to screw up. Not every UNIX user is capable of installing Linux.
This is a bit of a hijack, but I do NOT agree that the lawsuits re bundling IE with windows were unreasonable lawsuits. I see no logical reason for a browser to be part of an OS just as I see no logical reason for a music player to be part of an OS. Bundling everything but the kitchen sink into Windows squeezes out independent developers.
On the other hand, giving me a computer with enough software to handle all of the basic functions without having to constantly reject offers to buy the “pro” version serves me, the consumer.
Install Windows 98 first edition, the one with no IE bundled.
Try to get on the internet.
Have fun.
Just because the product is there, doesn’t mean anyone is being forced to use it. When I reinstall Windows, I use IE a total of twice: once for Windows Updates and once to download Firefox. Windows does not make it difficult for me in any way to switch browsers. But if I didn’t have IE in the first place, I’d have no way to install Firefox because I’d have no way of getting online!
I agree here. No system is virus proof, and although it appears Linux and Mac are more resistant, the lack of attacks are in correlation to the lack of users. So many Macs are running without any protection at all, that if someone did decide to attack Macs, there’d be a serious problem. But there’s not enough money or fame in it, so why bother?
Besides- viruses are almost passe anyway, if one gets a good firewall, like through a good router. It’s Spyware that’s the main problem now.
No one was asking that systems ship with no browsers - just that the computer companies have the choice of including Netscape (then) instead of IE. Remember that Microsoft was claiming that a Netscape icon would “ruin” the Windows experience.
You or I have no problem downloading the browser we really want - but my neighbor, or my 90 year old father in law are unlikely to. They’re where most of the market is.
I had no problems when I had Windows 98 first edition. As Voyager indicated, I wasn’t suggesting that no browser be provided, just that there’s no reason to integrate it tightly into the OS. If you use choose to use another browser, you still have IE which you can more or less make invisible but you can not remove.
Those machines aren’t usually used as general-purpose machines- the person who runs a web server or database server probably reads their email and does their web browsing on a different machine, which eliminates a lot of popular vectors for viruses. If you want a machine to be really secure, you set it up to do one thing, or a very few things, and remove as many other programs that could access the internet (and, thus, provide potential security holes) as possible. The more ways into a computer you can lock down, the easier it is to secure it.
I’m not sure I buy bdgr’s argument that there’s no money or fame in pwning *nix or OS X, or that there wouldn’t be a media feeding frenzy over it.
Granted, a Linux worm wouldn’t make CNN Headline News unless it took out, say, Google or Amazon, but I’d be willing to bet that the industry/geek media would be all over a worm that hosed millions of sites hosted on Linux boxes. *nix exploits, especially on OSX and Linux, are BIG NEWS in certain circles.
Here’s an example of a totally lame OS X “security competition” that made the front page of Slashdot. It was just stupid: the guy gave everybody an account via SSH, and one of the “hackers” used a well-known priveledge escalation vulnerability to get root.
If somebody figured out that they could use an RDP account to pwn a Server 03 box in a half hour, would it even make the news?
Remember the US-CERT report from earlier this year that completely cocked up the Linux vulnerability numbers by counting a single vulnerability on multiple distributions as multiple individual vulernabilities?
I’m perfectly willing to accept that Linux, OS X, Solaris, or whatever is significantly less secure than OpenBSD based on technical merits, but the pro-Windows “user base” and “fame and fortune” arguments have always sounded pretty hollow to me.
You wouldn’t be suggesting a ‘correlation’ between a very few points, would you?
I drive a 73 International travelall…its old and ugly but You know what? It’s damn near theft proof. Not a single Traveall was reported stolen in the last two years in my city. Tons of hondas, mercedes, chevys get ripped off every day. Security really sucks on modern cars. I dont even have to lock my travelall, and I live in a bad neighborhood.
That’s a poor analogy. You’ve yet to prove that we don’t hear about significant *nix vulnerabilities, or that there would be no fame or fortune to be gained from exploiting them.
Apache’s got 60% of the web server market. Those are Internet-facing machines, almost always running some form of Unix, with at least one well known port open.
That’s one great big honking vector. Successfully exploiting a vulnerability would bring down Google, Amazon, and my employer, which is bigger than both of 'em.
Microsoft web servers rarely get viruses ether…virii usually effects workstations.