Quite a supprising story here.....

http://www.theinquirer.net/?article=13420

The ammount of securitty vuneribilties in Linux is supprising to me, being over 100 in RH 9 and the same in Mandrake and RH8.

I was always told a standard Linux install is more secure than windows but this doesnt seem to be the case does it?

Maybe we should all be using IBM OS/2 4.xx.....LOL

I think we need to start referring to Linux as more SECURABLE . If you leave your ports hanging in the wind and your passwords are plainly written (i.e, apple1 as an example) you have a risk, a big risk if your credit card, banking, and, in the USA, your social security numbers are stored on your computer.
Linux Hacking Exposed (http://www.hackinglinuxexposed.com/about/linux_is_securable.html)
The other day Bon Bon found out someone had tapped into our secret recipes files, so he replaced them with a recipe for homemade nitroglycerin. Two nights ago the holy roller church deacon's house had an explosion in the den. We saw him yesterday and said, "How ya doing, BoomBoom?". He said something 'bout the devil showed up the other night.
After that, we tweaked our guarddog firewall utility and updated our software.
Guarddog (http://www.gnu.org/directory/security/firewall/guarddog.html)

A Good Short Lecture On Security (http://www.simonzone.com/software/guarddog/manual2/introduction-silverbullet.html)

honestly, those distributions include more than 2500 applications, each of them with there own vunerablities, while windows is bundled with a few tools.

The recent release of Linux 2.6 has also introduced some security enhancements,

yes, although the 2.4.x kernel series, which lives quite long, only had 10. Didn't the author realize, with the statistics he gave, that this won't improve distribution's security by itself at all?

the author makes comments on "linux" being insecure. "linux" is the kernel. end. "distributions" are something he should spend more of the article talking about.


The number of vulnerabilities in Linux ... should be ringing alarm bells for anyone considering using it.

number of vulnerabilities in linux: 10, no. in windows xp, 35.

he never even mention un-patched security holes in windows products, something that doesn't exist in linux.

The Aberdeen Group has estimated that Linux open source accounted for about half of all security vulnerabilities identified in 2003

linux? or the 10000+ opensource products in the world?

[QUOTE]Windows ... more secure than Linux [/QUOTE

though linux has less vunerablities? if he's talking about distros, than no one asked the end-user to enable all of the tons of services that comes with them. all holes are patched, but not all holes in microsoft's products are patched.

a well-patched windows product with open-source replacement applications isn't going to be too bad as the author makes it sound.

put up a cracking challenge with IBM OS/400 on the net, and it shouldn't be long before something is found.

the very idea of open-source is creating something that sucks, and continuously adding improvements and fixes until the devs consider the project as satisfactory. the very idea of propritery software is spending years creating something thats perfect, and fixes later. even with that in mind, if 600 separate open-source projects in a standard distibution managed, without pay, to have only 72 vunerabilities compared to a single company with about 70 tools bundled with it's OS, than I don't see why open-source should be stopped.
]

Just curious, but do they still try and install everything under the sun by default on RedHat and Mandrake? I'm kinda suprised anybody still runs Mandrake.

That author has the typical 2 bit thinking, on or off, good or bad, blahh blahh. Too bad he doens't even know what he is talking about in this blurb:


The recent release of Linux 2.6 has also introduced some security enhancements, again rather overdue if Linux ever hopes to be a serious alternative. In particular the new release includes the ability to define privileges in finer detail rather than the simple grouping of "user" and "root", but this is something that most proprietary forms of Unix have had for many years.


gee could have fooled me, I seem to remember that 2.2 (http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt) introduced the POSIX capabilities API, 2.4 extended it and 2.6 entended it further. So linux has had that capacity to some degree for 5 years, does that qualify as "many years"?