I think your letting your opinion get in the way of the facts. MS product have very rich network filesharing, service sharing etc designs by nature. They are client/server systems from the bottom up. They are designed to share data and make system adminstration easy from the word go.

So that said. They have a well documented API and interface that inherently leaves security holes open.

Now i have a VPN MS network " i am stuck with it nothing else is comparable and I need these applications " that is damn near unhackable.but it took alot of optimization to make it such.

So everything is encrypted VPN etc but I still have outside network acess. Some of this is done with the router hardware, the server and the clients.

I do take a performance hit for doing this but its as secure as anything else.

But linux is more secure as a base install becuase it isn't as feature rich and generally linux users prioritize security over convience.

So its really just alot of BS.

now if you want to talk defualt system builds

Linux is massively more secure then windows. But windows can be secured just as well.

Its a lie to say anything else.

I hope god forgives me.

Yep, I'm, like any human, have this subjectivism/opinion/habbit BS. Comes from experience(or exposure), I guess.

They do have very rich(or more precisely rich reach) filesharing, yes, that they start sharing C$ drive, netbios, RPC over the whole internet instantly - "hey its me, Im ready for drive". Thats besides obvious phoning back to HQ. I don't understant what nature(habbit) what: lameness, insecurity by default or LAN-only concept.

Oh, I didn't mean that. I meant something simpler:
They have documented and undocumented functions.
Documented change over time and there is long legacy path(via redundancy(gigabytes), "symlinks" etc)
Undocumented change, when MS want it.
Within that functions ppl sometimes find bugs.
Then, when bugs(sometimes) get officially patched - new bugs apprear.
So, you have some app that may be using documented or undocumented features and which is closed source and with developer probably stopping support at some time. And each linked function may break anytime on update. Or it is even bringing own DLLs to the *fun house*, trying to overwrite the original(who cares). This was somehow corrected by MS via hack in vista(?), so we should not take it seriously, but still copies are stored.
...and MS tries to maintain consistent API and ABI all the way & at the same time keeping bug-per-bug compatibility with legacy libraries.

If you multiply all these members of the "House, built by Jack", you will understand why every additional installed app slows, insecures and breaks - thus assisting in (regular) clean reinstall(reason why nlite, altris juice, wpi & similar appeared btw).

How many versions of .net do you need for recent amd catalyst control center btw? And how should they (and their patches) be installed so it works without errors? Of course, winupdate takes care (most times) about it and everything legacy is probably already integrated in new windows versions(but new keep coming), but .net is not the only library to introduce more errors due to wrong version/overwrite/order.

And now there comes AV in this *fun house*. AV does not even try to use "Heu!"-ristics to any big extent due to awesome amount of malicously behaving DRM and copyprotection(though sometimes it does draw msgbox with lovely false positive), but relies on signatures (that are useless against polymorphs, themself being very old technic). "Hello, this is KAV and I forcast with 60% probability that you get infected today".

The idea to digitally sign, although does not remove holes, does allow somehow secure software installation(although hacking/bruteforcing it is not rare) - and you end up with standard "trust me (blindly), as Im your vendor" situation.

And now, there is WINE, which in its own FAQ about completeness meantioned that every w-s api is like a book, each one contributes,(not one and only book which is updated, without legacy array, but many) and they must maintain bug-per-bug compatibility.

So yes, here goes 1% secure beer.

So "your" windows is not looking direction internet directly, but via a long titanium tube,- with other end wide open? I dunno, they infected nuclear powerplant and it went just fine.

Not every distro linux is secure and I do not understand what features linux is missing, but linux users tend to be even more unaware of security than windows ones. You know, when you are always warned, constantly high, you spot better(and it still gets infected), than a totally relaxed lazy "unhackable" penguin that is just pullin official builds of opensource code from official server via secure connection.

If you put it in the metal box, cover with cement and drop in the ocean, yes. =) But linux is secure mostly due to open source nature(and people checking the sources), people hacking security and somebody with enough money to buy them coffee. IMHO.

But what good is all that, considering how poorly it works? I had to deal with yet another SMB malfunction just yesterday morning and as far as I can tell, all sorts of random failures are definitely nothing unusual to begin with. On the contrary - all of this mess is so common, that our college administrators refuse to even consider using SMB for anything important.
I figure that all this erratic behavior must be caused by something really horrible going on under the hood and since that can never be fixed, because it would cause massive breakage of backwards compatibility, I can pretty much only laugh at any claims of how secure one can supposedly make it.
Not to mention that publicly documented exploitable bugs, discovered by someone randomly poking around, are most likely just the tip of the iceberg and all that stands between the attacker and so called "security" mechanisms of any proprietary system may well be just the code's obscurity.
As far as API design is concerned, I believe it's much better to start with a minimal set of functionality that can cover every conceivable application at the time, extend it only when there's no other way, keep cleaning it up and completely rewrite it when necessary, rather than trying to gradually deprecate parts of largely superfluous set of calls designed for convenience, which can obviously get very messy, because people are lazy and force you to keep old crud around indefinitely. That's where I believe libre projects got it right and why they're inherently more secure.

Its not the old crud, its the nature of the way client/server setup is between 2 windows machines.

Look at remote desktop and remote registry. Great tools, but huge huge problems in terms of security.

Libre projects are more inherently secure beucase they aren't as feature rich.

Now wether thats a good thing or a bad thing depends on what you need out of your system.

I have a VM that hosts my net acess on my primary server. All of our in house machines are VPN'd only to each other and the network is firewalled off really hard.

Its a rather elborate setup but its been up for about 6 years and we haven't had a machine get infected yet. We surfe porn at work with wild abandon. My setup is WAY beyond what any ordinary user would ever attempt. Not to mention my massively stripped down low feature custom tweaked version of xp.



Linux is by defulat generally more secure for a couple of reasons.

1. not enough systems to target.
2. linux developers are focused on security
3. lower feature count.

thats why. if windows took the same approach alot of enterprise deployments wouldn't be able to function and change as easily. it really depends on the needs of the system admin and the functionality the company needs fro the system.

as for a home desktop user. Windows has WAY more features then it needs and exposes to many "admin" privlige back doors out to the network.

This is exactly what I've meant. Not haste for pr0n, but the connection. =) =)
A large titanium tube made of >linux-based< hardware firewalls protecting several proprietary blob heaps on the other end.
How does it going to protect against threats on 5,6,7 OSI levels? You trust your antivirus? =) I think it trusts you back =)

I congratulate you on reinventing the wheel (that should be invented by the company you paid your money to) and enjoying stripped down experience. And trusting your antivirus =)


I do not like the word "generally". It makes us look like we come from ancient greece.
1. Linux has more than enough systems to target. This is straight BS. 90% of internet is linux/bsd and still thriving. ... And please read (2) underneath and come here again to target anyone - you are welcome. =)
2. I bet windows AV companies are much much more focused on security. In fact they are so focused that they are glued to it. You pay them money for it, so they really should. Or they will loose their jobs without upcoming viruses etc. Grown from the lab next door. Instead, when Sourceforge was hacked recently (maybe them involved ), it was detected, stopped, analysed and fortified immediately. In fact crackers helped SF to advance security. You see the difference between windows and linux is that 1st one is theoretic, whilst 2nd one gets hacked(and improved - inplace) on constant basis. And because its opensource it greatly adds to it - here you see the true reason for linux(and foss in general) security.
3. Please name missing features within stock XP vs stock Linux - I would be very happy to listen. =)


If this is a feature, I'm speachless

actually our routers are hard coded " old school" assembly programmed devices. They require a serial capable to configure. These are not consumer hardware parts. They also are very obscure which helps with security. Its hard to hit a mall target.

I don't run any anti virus software at all.


We don't use a anti virus, I strip out uneeded features. Granted I did pay for them at some point but mostly its about disabling back door acess.

thats a flat lie. Linux is on about 52% of the servers out there, unix is on around 20% and windows server is running another 20%. If you include VM's windows and linux cohabitate 75% of the market space eqaully.

Windows can be JUST AS SECURE AS LINUX, keep repeating that till it sinks in. The trouble starts with activex controls, and Ie vulenerabilitys " which firefox shares with IE" and to many advanced admin remote management features.

where do you want to start ? thats a long long list and we are discussing built in features not third party add on's.

I think alot of the average linux usebase doesn't really get it.windows is a very easy system to deploy and manage remotely. its the same thing that cuases its weakness at the same time.


the home versions get pretty much all of the same network acess and remote manageent features as the regular office versions of windows.

Multiuser is wasted on most users on desktops. all of the cruft that goes with it is essentially the bulk of the problem.

Ah, so that's how you came to that conclusion.

Its the truth. It can be, but by default it is not. It takes alot of diligence and time to make it so. I have machines that are up at 40,000 hours of continous up time, in fact I needto start replacing dirves, with no virus's etc.

Is it me or is the article written in a very confusing way? I thought their system was attacked after switching to linux, which is what the title implies.

But the attack happened DURING the switch, so their Linux solution wasn't up and running yet. and it was Microsoft's .NET architecture that was attacked (does that mean the system was running Windows at the time?) .. A lot of things in the article seem too vague