Linux vulnerabilities

[LanceM]

https://www.techradar.com/news/windows- ... ally-linux
Something to reflect on.

[BenTrabetere]

"Of course, there’s a lot more to security than the mere number of vulnerabilities which pop up in any given operating system or product. There are a number of other important points to consider here, too, such as the nature of those vulnerabilities, the likelihood of them being targeted, and of course the response and ease of patching them, among many other factors."

8th paragraph in. This is known as 'burying the lede.'

[Pjotr]

Only things that matters to me:

1. How critical were those vulnerabilities in real life?
2. Were they fixed?
3. How quickly were they fixed?

My experience with Debian/Ubuntu/Mint in the past decade is, that critical vulnerabilities which are dangerous in real life, tend to get fixed very rapidly.

[rene]

8th paragraph in. This is known as 'burying the lede.'

I also get the fairly distinct impression that they've tallied up published issues in, ooh, some 51000 individual pieces of software in the Debian repo's vs. those in "Windows". It's then in the second bit of the "mspoweruser" source article that they tally up all issues in all Microsoft products and find Microsoft to have some double the issues of "Debian" --- and Microsoft's products aren't the only potentially vulnerable Windows products that people use on Windows, whereas (basically) those Debian repo packages are on Debian.

That is; it would seem that this article's author doesn't understand that "Debian" is not one entity that a user has all parts of installed, or is deliberately not considering such. The mere fact that N pieces of software available in the Debian repositories have vulnerabilities doesn't mean I as a user have N vulnerabilities. I could have none; am at the very least guaranteed to have only a small percentage of them.

Please be careful with "security" crapola from the internet. Basically 90% of it is marketing and/or otherwise clueless drivel by idiots.

[Portreve]

1. How critical were those vulnerabilities in real life?
2. Were they fixed?
3. How quickly were they fixed?

And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apple’s macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.

All of the top five places were taken by operating systems, although Firefox and Chrome filled the next two positions with 1,873 and 1,858 vulnerabilities respectively.

As for Microsoft’s operating systems, Windows 7 bore 1,283 vulnerabilities, and Windows 10 carried 1,111. If you add those together, you get a total of 2,394 for the past decade, roughly – given that Windows 7 came out in 2009, and handed the baton to Windows 10 in 2015.

Hmm...

1. The article doesn't bother to elaborate.
2. The article doesn't state.
3. The article doesn't elaborate on that, either.

So, in sum, I second every single point Pjotr made above. More-or-less, this article is basically just clickbait.

Still, this serves to underline that Windows security is perhaps not as shaky as you might believe, at least historically, and indeed that Linux and Mac users shouldn’t be complacent.

Except that, historically, GNU+Linux and none of Apple's OSs (at least for the Macintosh platform, can't speak for the Apple II platform) have ever been as "shaky" as Microsoft's security. So, while I agree that users of both Classic Mac OS and Mac OS X were and are definitely a bit too complacent and egotistical (I could make a very apt analogy here, but I don't want to get yelled at twice in a week for posting something political) at least they aren't getting taken for a ride the way Windows users have been.

[lsemmens]

The article is VERY lean on information about the points. i.e. are these vulnerabilities spread across the entire eco-system or ONLY in the OS itself. Again, speed of remediation is also decidedly light on. Click Bait at best.

[LanceM]

More in perspective I think is the following published in 2016
From AV-Test.org:
"Thus, the development and distribution of malware adheres to strict economic
principles. One of them says: "It‘s all about economies of scale." Accordingly,
the number of malware has grown steadily since the initial tests by AV-TEST in
the year 1984. Upon completion of this report, the number of known malware
for Windows PCs in the AV-TEST database was at 578,702,687, with strong signs
of growth. Currently, 12 million new Windows malware samples come "onto the
market" each month. And so it is safe to assume that the number of malware
programs targeting the Redmond operating system will break the sound barrier
of 600 million even before the end of this year."
https://www.av-test.org/fileadmin/pdf/p ... 5-2016.pdf

[ZakGordon]

Directly replying to that (frankly terrible) techradar piece:

https://www.youtube.com/watch?v=_AQ2B4LYgGg

Chris was not amused!

[darkrchaos]

As a person that just started using linux, vulnerabilities are one thing I worry about. I know linux is safe, but since I"m a noob I feel like I may be forgetting something. On windows I had norton, which kept out everything, including harmless stuff lol

[Lady Fitzgerald]

As a person that just started using linux, vulnerabilities are one thing I worry about. I know linux is safe, but since I"m a noob I feel like I may be forgetting something. On windows I had norton, which kept out everything, including harmless stuff lol

Norton (snort). That thing acted more like a virus than a virus. And it missed a lot of malware, stuff Malwarebytes would pick up (and even Malwarebytes would occasionally miss something).Then there were the false positives from all Windwoes antimalware programs . Based on personal experience, I didn't trust anything from Symantec (who makes Norton).

The biggest vulnerability in Linux is PEBKAC (Problem Exists Between Keyboard And Chair). A virus or other malware normally cannot start itself in Linux; it has to be given permission by the user, either by approving an action or by downloading software from somewhere other than an approved repository. Every once in a blue moon, a nasty might get into a repository but it gets found and corrected pretty quickly, far, far faster than ever occurred with Windoze products.

[RollyShed]

As a person that just started using linux, vulnerabilities are one thing I worry about.

Why?

During 2018, Windows was swamped with viruses written by Microsoft. They called them Updates and they broke all sorts of things and no virus checker ever stopped them. For us, the final one was in October when it totally destroyed all the data on a Windows computer and reverted it from 10 to 7.

And you are worried about Linux? That just does not happen with Linux.

[darkrchaos]

That's actually why I moved to Linux. I didn't like windows 10, but I was willing to live with it. But then I found out how they were updating windows 10 I knew I had to find something else. I had enough problems with windows 7 updates.