[oodisc] MS distributed text
Serge Skorokhodov
suralis-s на mtu-net.ru
Ср Ноя 27 23:33:38 MSK 2002
Здравствуйте!
Попался вот такой текст:
* MOST UNSECURE OS? YEP, IT'S LINUX.
According to a new Aberdeen Group report, open-source
solution Linux has surpassed Windows as the most vulnerable OS,
contrary to the high-profile press Microsoft's security woes
receive. Furthermore, the Aberdeen Group reports that more than
50 percent of all security advisories that CERT issued in the
first 10 months of 2002 were for Linux and other open-source
software solutions. The report muddles the argument that
proprietary software such as Windows is inherently less secure
than open solutions. And here's another blow to the status quo:
Proprietary UNIX solutions were responsible for just as many
security advisories as Linux in the same time period. Could
Windows be the most secure mainstream OS available today?
"Open-source software, commonly used in many versions of Linux,
UNIX, and network routing equipment, is now the major source of
elevated security vulnerabilities for IT buyers," the report
reads. "Security advisories for open-source and Linux software
accounted for 16 out of the 29 security advisories--about one of
every two advisories--published for the first 10 months of 2002.
During this same time, vulnerabilities affecting Microsoft
products numbered seven, or about one in four of all advisories."
The stunning report makes several claims that seem to fly in the
face of widely accepted beliefs. First, the Aberdeen Group says
that Windows-based Trojan horse attacks peaked in 2001, when CERT
released six such advisories, then bottomed out this year, when
CERT didn't issue any alerts. However, Trojan horse-based attacks
on Linux, UNIX, and open-source projects jumped from one in 2001
to two in 2002. The Aberdeen Group says this information proves
that Linux and UNIX are just as prone to Trojan horse attacks as
any other OS, despite press reports to the contrary, and that Mac
OS X, which is based on UNIX, is also vulnerable to such attacks.
Even more troubling, perhaps, is the use of open-source software
in routers, Web servers, firewalls, and other Internet-connected
solutions. The Aberdeen Group says that this situation sets up
these devices and software products to be "infectious carriers"
that intruders can easily usurp.
According to the Aberdeen Group, the open-source community's
claim that it can fix security vulnerabilities more quickly than
proprietary developers can means little. The group says that the
open-source software and hardware solutions need more rigorous
security testing before they're released to customers. This
statement is particularly problematic because many Linux
distributions lack the sophisticated automatic-update
technologies modern Windows versions contain.
We can rail against Microsoft and its security policies, but far
more people and systems use Microsoft's software than the
competition's software. I believe that we'll never know how
secure Linux is, compared with Windows, until a comparable number
of people and systems use Linux. But despite the fact that Linux
isn't as prevalent as Windows, we're still seeing a dramatic
increase in Linux security advisories today. I think the
conclusion is obvious.
У меня, конечно, есть свое мнение:) Но хотелось бы услышать
квалифицированные комментари...
--
Serge Skorokhodov aka suralis
suralis-s на mtu-net.ru
Подробная информация о списке рассылки Oo-discuss