ptlis wrote:
Thinman wrote:
Consider this:
Honeynet.org wrote:
Between April and December 2000, seven default installations of Red Hat 6.2 servers were attacked within three days of connecting to the Internet. Based on this, we estimate the life expectancy of a default installation of Red Hat 6.2 server to be less then 72 hours. The last time we attempted to confirm this, the system was compromised in less than eight hours. The fastest time ever for a system to be compromised was 15 minutes. This means the system was scanned, probed, and exploited within 15 minutes of connecting to the Internet.
Now granted, security all around has been improving since 2000, but the point is that linuxes have a better security record in part because they <i>aren't</i> used by the unwashed masses of the internet. Some people still haven't gotten the idea that you don't have to know the particulars of how your computer works in order to use it safely. So they just give up and hope for the best.
See, this kind of anecdotal evidence proves nothing; there is no background information but I would assume that this server was setup on a single static IP address in which case the script kiddie who kept attacking the box probably made a note of it while scanning that range of addresses then kept coming back to it. If it had been a fair test then it would have to have been connected to the internet on several different ip addresses is several different ranges. All this proves is that the the same vulnerable setup connected on the same ip address of the last setup that was comprimised will be attacked again. No duh.
Actually eight IPs with between one and three active at once over the nine month period. <a href="http://www.honeynet.org/papers/stats/">The report</a> isn't too clear on this detail, as the focus is more on the blackhat traffic than the particular system vulnerabilities. I'm not sure what quality you think needs to be tested more fairly, but I was attempting to illustrate that Microsoft does not have a monopoly on crappy default settings.
I'm actually not sure what we're arguing about, except that I don't see that Microsoft has any particular responsibility to fix their broken-ass OS beyond the usual market pressure to provide a working product. I'm not even sure how much obligation they have to provide update patches. The last EULA I read (Win9x, I think) was a specific non-warranty.
SegFaulty wrote:
Macs are just another kind of PC.
Quote:
Never argue with a pedant over nomenclature. It wastes your time and annoys the pedant.
Hee hee, Silly apathists and their funny little one-button mice ...