I think I should point out that that link was posted to me by one of my bosses (3 notches up the hierarchy)
At the time I was dumbfounded so I posted the link to the list. Since reading some of the stuff cited I have since crafted a reply to this boss including: <snippet> This "story" is a masterpiece of obfuscation and innuendo. The headline says "LINUX HAS MORE SECURITY FLAWS" but when you go and have a look at the story it makes reference to "Open Source" software. I feel that something must be made clear that this "report" appears to be trying to obfuscate. Linux is only a subset of Open Source. The reports that are being quoted are almost certainly for all Open Source. This is a category of software that encompasses literally hundreds of programs. The headline that states that it is Linux that has the problem is misleading to say the least. When one goes to actually have a look at the CERT site to see the sort of advisories are being alluded to you see advisories for : Bind, Apache, OpenSSH, Sendmail etc. All of those programs can and are run on non-Open Source operating systems (even including MS Windows!). The fact that all of these programs only produce as many security alerts as Microsoft's stuff is actually an indictment on Microsoft security and shows how good Open Source development can be. </snippet> <snippet> This snippet removes much of it's credibility in my mind. "the incorporation of open source software...is turning most Internet-aware computing devices and applications into possible infectious carriers." This is FUD pure and simple. ( http://www.geocities.com/SiliconValley/Hills/9267/fuddef.html ) The implication being that OSS somehow has more susceptibility to security flaws which as I discussed above is certainly not demonstrated by this report. </snippet> On Mon, 2002-11-18 at 14:45, Adrian Stacey wrote: > Zane Gilmore wrote: > > REPORT SAYS LINUX HAS MORE SECURITY FLAWS THAN WINDOWS > > Well I just loved this bit: > > "Microsoft applications have made significant progress in avoiding virus > and Trojan horse problems, according to CERT. The number of such > advisories peaked in 2001 at six, but none were posted during the first > 10 months of 2002. > > "Virus and Trojan horse advisories for Unix, Linux and open source > software went from one in 2001 to two in the first 10 months of 2002." > > There you have it, Unix/Linux problems DOUBLED, while it appeard M$ > fixed ALL their problems... > > Yeah, right. (Two positives do make a negative) > > I feel, if written correctly, the first paragraph would be: > > "...problems. According to CERT, the number..." > > Adrian > -- Zane Gilmore, Analyst / Programmer Information Services Section, Information Technology Dept, University of Canterbury Private Bag 4800 Christchurch New Zealand phone +64-3-364 2987 extn 7895 Fax 3642222
