And other thing is - if more eyes watch it's greater chance for finding and fixing bugs.
Well, I guess it's only a vulnerability when others know about it and can actually use it.There has been many cases of security flaws in linux where security flaws have gone unnoticed for a long time (sometimes years).
Unless I'm reading it wrong, it looks like you're missing kraftman's point. That being, when the security flaws in Linux are noticed, they tend to get taken care of pretty quick, and then the distros hop on that and pass it along to the users. No waiting a few weeks for the next "Patch Tuesday."
There are MANY distro's that do not do regular security updates. The only ones that are usually anal about getting the patches out there in a reasonable time frame are your larger distro's. Hell alot of distro's don't even have a update app. Also many times the length of those security updates often is a very short time unless it's a LTS solution.
You're repeating popular myths.Lets face it the number of people that actually audit linux is extremely small vs the number of people that audit windows. Linux enjoys most of it's security through obscurity.
Here's great article:
Last edited by kraftman; 01-18-2009 at 01:05 PM.
Last edited by kraftman; 01-18-2009 at 03:30 PM.
I'm with kraftman. I fail to see how that is the fault of Linux. I mean, yeah, if you had to (HAD to!) pay for your operating system, and it only provided fixes for a couple months, I'd be pissed. Especially if, to get additional fixes, I had to buy a new operating system. But:
1) you have to pay for Windows. If it cost what it did and Microsoft DIDN'T back the product for a good amount of time, there'd be an uproar.
2) Linux distributions that have been "abandoned" (as far as fixes are concerned) are free. Free as in speech, free as in beer. "Hey, you asshole, fix this thing I paid no money for and you are under no obligation to fix!" Right....
3) Linux distributions that ARE paid for (read: Suse Linux Enterprise, Red Hat Enterprise, etc) have a longer support lifeline. Typically, when support for one of their products ends, it is long after it has been super-ceded. Assuming you are still paying for your license/support contract/whatever, you're not boned. Novell, Red Hat, or whomever else won't keep supporting the system you're using, but they will help migrate you to a newer system.
And no, by "help" I don't mean "they'll send a guy over with a DVD and do it for you". I mean, I'm pretty sure your license/support contract/whatever will migrate to the new system (let's say you're running SLED 10, a few months back SLED 10.1 came out, and you still have, say, a year on your contract. Should be able to contact Novell and move your systems up to SLED 10.1 for the remainder of your contract), and people will be available from Novell should you have issues.