Wannacry only makes a good case for switching to Linux if people using Linux over Windows don't take their update and patch practices with them. Wannacry, as so many other Windows specific vulnerabilities only targeted flaws that had already been patched but the users didn't update their systems! The same lax practices there will carry over no matter what OS is being used, and cause similar results.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
WannaCrypt Makes an Easy Case for Linux
- Thread starter Megalith
- Start date
This isn't completely untrue. Of course you also have to look at the reasons why they are 2-3 months behind on their updates. That falls on MS. They have not made it as easy as it should be for large install base users to easily update their machines. They have made it painful and more annoying for many smaller business and personal users then it should be.
If MS spent some actual time correcting their update process the more people would be up to date at all times. We all know the multiple issues with the MS update process I won't go over them for the 50th time. As I see it with issues like Wcry the responsibility is 50/50... sure MS released a fix for this 2 months previous, although the earlier CryptoCurrency Eblue/DPulsar exploits where circulating right around the time MS was pushing this update to some machines. Some end users are to blame no doubt... organisations like the NHS that are still running multiple windows xp machines is all on them, still MS is responsible for creating a sub standard update system that is far from blameless.
Master_shake_
Fully [H]
- Joined
- Apr 9, 2012
- Messages
- 17,794
blame microsoft then.
if they hadn't shoved GWX up everyones ass via update people would have kept updating.
not to mention the PLETHORA of other telemetry updates in the pipeline.
also when they broke windows update and it wouldn't work at all.
and the awesome (read: shit) new monthly rollout updates.
i love having an omnibus updating system.
oh, you mean i can't choose the ones i don't like? thanks... i guess.
Linux most definitely would not fare any better than windows if it was the preferred desktop. If you have been operating in a *NIX environment for long enough, you have witnessed PLENTY of issues with defualt services being security nightmares. Which gets to why linux and other unixes SEEM more secure. They are primarily deployed in a business setting, or by fairly savvy users. So they are almost always on a network configured to be frikin locked down anywhere not needed. Most windows installs however are by joe idiot, and if we are lucky, hanging off the ass end of a $30 router with questionable security long term.
velusip
[H]ard|Gawd
- Joined
- Jan 24, 2005
- Messages
- 1,579
It always amazed me how enterprise file services "products" fail to catch use-cases. I mean, there are small utilities which can handle each edge case, and some decent software suites do a fair bit, but none of the software suites can do it all (e.g. for all proprietary devices). This forces the need of a custom set of file services and a decent engineer to build it. It's just not feasible for many companies when the alternative is as simple as, "hey, let's just get everyone iPhones". There's been a lack of incentive for developing file services under Linux, even with the rise of cloud usage. Having a talented admin (and their personal ring of peers and consultants) involved in your company can outperform any level of proprietary tech, but there isn't enough interest to get it done where it's needed most.
There was a small initiative in Canada to get Linux and GNU into goverment, medical records, infrastructure, emergency services, and other mission critical applications (where there is really no excuse NOT to use the power and security of Linux). It has mostly failed because (surprisingly) there are so few people concerned with extended security in these fields. I find it baffling that unconcerned and unqualified people are making security-related decisions frivolously or purely out of convenience.
Lunas
[H]F Junkie
- Joined
- Jul 22, 2001
- Messages
- 10,047
tis a shame they are trying to make money ehh that they have seen the writing on the wall and delivering a good os that people want to use is not going to make them MORE money that they get normally and they cant be bothered to realize what they are doing by turning the os into a advertisement platform and information farm is only going to backfire.
And yes I do believe the future is either windows getting cut down and modulated and each module will cost a subscription. And Linux will rise to replace in the form of chrome os.
D
Deleted member 245375
Guest
The moment that Linux actually matter to the masses (and no the fact that Android is based on Linux isn't relevant) that's when it'll become a target for those malicious types that create the malware that affect Windows - you can read this and disagree till you pass out and shit your pants and piss yourself silly but it's absolutely true. Anything can be compromised and exploited if someone has the patience and talent and focus to make it happen: when Linux gets enough interest (which could be another decade whether Linux lovers like it or not) that's when it gets a target painted on it.
/me dons the flame-retardant suit and walks outta this thread 'cause fuck if I care...
/me dons the flame-retardant suit and walks outta this thread 'cause fuck if I care...
Wolf_Tech
Limp Gawd
- Joined
- Sep 19, 2010
- Messages
- 231
In a perfect world yes linux or unix would be great. But Since we live in a world with software companies that use Windows based systems to run there software for Health, Dental, Fire, Police, etc systems it falls pretty hard to switch to unix or linux systems. Most dental systems today use Abeldent which is a special kind of software for dental offices. There is no plans to make a linux version. Plus most users and doctors etc find windows easier to learn then linux or other systems. The SMB flaw was caused by the NSA which then leaked it to the internet if the NSA was tight on security that wannacry would have never seen the light of day. Same with rootkits if Sony would have kept there mouths shut those would have never happened either. Ransomware only happens because users are stupid period. They see a email and all they can see is the pictures like netflix or amazon and they think its legit email never looking at where the email came from in message source. Technology I think today is making people dumber by the minute. People are forgeting basic common sense to check things investgate and check if things are legit. Cell phones are the biggest blame for that. No one ever talks anymore all text text text.
I would say it stems more from laziness than any difficulties introduced on Microsoft's part. I never saw very many complaints on tech forums about the MS update process until Windows 10, and unpatched, non-updated systems have been something I've had to deal with since the beginning. Just a few years ago even, it was not uncommon for me to work on people's computers running Windows XP, no service pack.
Unless updates are automatic, turned on by default, and difficult to turn off, the average computer user will not update their computer. Doesn't matter what OS they are running.
I saw this post, but I wasn't too sure if anyone replied to you (didn't feel like combing through 2 more pages to check). First allow me to somewhat introduce myself to you. I work at a networking company that manages VOIP deployments as well as network backbones for several telecommunication companies such as Time Warner Cable (Now called Spectrum), Verizon, Comcast and etc. I work as a Linux Computer Systems Engineer, and my job is to deploy, monitor, and maintain Linux/Unix mainframes. So, I do everything from installing Linux distributions on NAS boxes to bash scripting or setting up cron jobs. I also monitor whole data centers and console into machines if need be. Of course it's not just limited to that, but you have a basic idea of what I do on a daily basis.
So, with that said, and from the looks of it, it doesn't appear you are that versed in Linux file sharing. Please allow for me to section off your reply into chunks so I can respond to specific things you said...
This is inaccurate. Linux does have directory level rights. Meaning, you can assign permissions on individual directories to groups, owners and other users. Not too sure what you mean by nothing "inherits".
Were you aware that Time Warner (Spectrum) runs a Linux fileserver called a VOD (Video on Demand) server which does nothing but provides cable boxes access to movies? That server runs Linux, and it uses NFS, but it handles literally hundreds of thousands of people during any given day. Spectrum has multiple of these VOD servers and they run very very well.
Well, this is simply not true. A typical Linux NAS can provide a multitude of file sharing protocols. Many offer SSHFS (SFTP), CIFS, NFS and FTP. CIFS is just an open standard based from Microsoft's own SMB protocol. You talk about NTFS security, and I know that you must be joking, because the NTFS security is based from the same security fundamentals POSIX and SELinux is based from - albeit Unix/Linux had been doing it long before Microsoft's NTFS has.
Now, you start to go into drive configuration flexibility and storage space.... So, here is what you said:
You're talking about Logical Volume Management - something Linux has had for decades. There's not much to say here since your opinion is unfortunately based on ignorance.
This whole response is false. Linux has had user security _natively_ since its inception. Samba cannot provide access to a folder in which was not given viewable access to. As for NFS, this is also not true. You can set your NFS mount to "all_squash", and simply lock the "nobody" user out using the local FS permissions.
So, my assumption, after reading your response, is that since you don't understand Linux very well, you feel you should just claim it can't do what you want it to, even though it's quite proficient at it. You're doing your company a great disservice.
So, with that said, and from the looks of it, it doesn't appear you are that versed in Linux file sharing. Please allow for me to section off your reply into chunks so I can respond to specific things you said...
This is inaccurate. Linux does have directory level rights. Meaning, you can assign permissions on individual directories to groups, owners and other users. Not too sure what you mean by nothing "inherits".
Were you aware that Time Warner (Spectrum) runs a Linux fileserver called a VOD (Video on Demand) server which does nothing but provides cable boxes access to movies? That server runs Linux, and it uses NFS, but it handles literally hundreds of thousands of people during any given day. Spectrum has multiple of these VOD servers and they run very very well.
Well, this is simply not true. A typical Linux NAS can provide a multitude of file sharing protocols. Many offer SSHFS (SFTP), CIFS, NFS and FTP. CIFS is just an open standard based from Microsoft's own SMB protocol. You talk about NTFS security, and I know that you must be joking, because the NTFS security is based from the same security fundamentals POSIX and SELinux is based from - albeit Unix/Linux had been doing it long before Microsoft's NTFS has.
Now, you start to go into drive configuration flexibility and storage space.... So, here is what you said:
You're talking about Logical Volume Management - something Linux has had for decades. There's not much to say here since your opinion is unfortunately based on ignorance.
This whole response is false. Linux has had user security _natively_ since its inception. Samba cannot provide access to a folder in which was not given viewable access to. As for NFS, this is also not true. You can set your NFS mount to "all_squash", and simply lock the "nobody" user out using the local FS permissions.
So, my assumption, after reading your response, is that since you don't understand Linux very well, you feel you should just claim it can't do what you want it to, even though it's quite proficient at it. You're doing your company a great disservice.
The purpose of Linux's design is to litigate damage. Not stop it. Everything and it's mother can be susceptible to some sort of malware or virus. However, it's how far reaching can that particular piece of malware go? In Linux, if a user gets a virus, that virus only gets access to what that user has access to. So, if its in a corporate environment, then that virus only screws up that user's stuff. It doesn't affect the entire system, and thus, all the other users.
Windows is a bit different. Because it's monolithic in nature, if a virus activates on a user's desktop, it has access to kernel level stuff. Now, some people may say, "Well, Windows 7 and up mitigate that sort of damage now with UAC". However, a lot of key Microsoft processes have direct kernel access (which shouldn't have direct kernel access). For example: video drivers. This opens up Pandora's box to a whole host of security vulnerabilities ripe for the picking.
Discouraging Admin as the default login is probably the fundamental Linux security measure that could be be implemented in Windows. You can escalate admin in Linux the most common requires a password but Windows' most common escalation takes a mouse click.
Or, ya know, everyone could fucking patch when there are updates, instead of pretending they don't need to patch.. I've been out of the loop for the last couple of weeks, but as I recall, this issue was patched prior to the release of this issue. So AFAIK, anyone who was affected either didn't patch or was running an unsupported OS....and I bet if you were running a 2001 version of Linux, support ran out long before XP support ended.
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
Effective malware doesn't have to touch the kernel. WannaCry, like much bad Windows malware, simply attacks an exposed process via an remote execution flaw. Any process running in the security context of the user or an account with sufficient privileges on any OS that had a flaw that allowed for remote arbitrary code execution could do exactly the same thing, there's nothing inherent in the architecture of Linux that would stop such an attack using such a flaw and would have nothing to do with the kernel.
No it doesn't. Not at all.
First off, when it comes to desktops, this is the marketshare picture;
https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Win7 makes up almost half of the desktop market at over 48%.
WinXP is 7%
Linux is 2% of the desktop market.
Wanacry hit Desktops hard because half the desktop machines in the US are running it, so that's who is clicking on things and getting jammed up for it. Wanacry makes a case for keeping machines patched and that's the only thing it's making a case for.
Look, we has linux servers and linux works great for many server applications. My NetApp filers have a linux kernal and the OS is a tailored version of linux at it's core and I love it.
But while it doesn't bother me that you hold Linux in high regard, come on, 2%, a dead Windows OS, XP, has three times the market share on desktops.
You are wasting your time arguing for linux over Windows desktop operating systems. You want to promote your favorite OS, promote it over Win2012. I don't think you are going to get very far but at least target something you have a chance of achieving.
2% for the only OS on the list that doesn't come preinstalled on peoples machines.
Phone OS market share 2007-2011
Android went from 2% in 2009 to 53% of the market 3 years later. Its amazing what happens when an OS ships on hardware.
For Linux to ever get a high % of the market it will have to ship on hardware. OEMs and their MS deals is what holds Linux back. Its only a matter of time before one of the commerical linux houses breaks in and within a few years the numbers could look very different. Ubuntu has gotten close... but I'm sure it will be google who will make the kill MS push, sadly what they push won't be open like a standard Linux distro. It will however update smoothly and be much more secure then MS offering. Google could kill Windows off in less then 3 years easily at this point with a chormeos pro.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
An old article that still holds a lot of merit.
https://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/#singleuser
https://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/#singleuser
ChadD, the idea that you can't even buy a desktop with Linux pre-installed is not supporting your argument.
(tongue in cheek
)Comparing phones which are shipped pre-installed with proprietary software is also not so relevant to the conversation. Yes you can go from a vendor's version of Android to Vanilla, but it's still Android so.
You think Google could kill Windows off in 3 years time?
We order new equipment to replace old shit and sometimes we don't see it until the shit is almost end of life. Look, you can switch to a new system in a day and most other individuals can as well. But not big businesses, not large enterprises, and certainly not the government who is probably the largest single customer MS has. That customer won't go away and his needs won't change just because Google comes out with an awseome alternative to MS because it is not only about the desktop software.
I just "triggered" a new pixi install on a desktop in the other room, we have NetBackUp running, the guy on my right is setting up a new DC and the guy on my left is building a VCenter server. When they finish I'll present new storage volumes for them to connect as datastores for more machines. Then I'll build a VM that's a fileserver and we'll set up a directory strructure and assign AD groups permissions by stakeholder team. Our entire Enterprise is built with or around MS constructs even when they are not actually MS systems. Too many moving parts, too much going on, too much that must be managed to think that an alternative desktop OS is going to kill off Windows in 3 years with a customer that has a two year forecast lead for tech refresh. Yes, if I want something, I have to ask for it two years before I need it.
And we are just running a software development lab. What if there was real work going on?
You know, when the government and business, when they buy software, they also buy support agreements. Man that's some money my friend. The Army has a 1 Billion dollar support agreement with CISCO that pretty much just let's the Army buy and do what they want CISCO Software and License wise, CISCO just doesn't even bother counting anymore.
See, you could count all the software installs for private individuals and then count all the government and business and education system installs and if they came up to the same exact number, 50/50 split, the Enterprise customers will have paid over twice as much more to MS for it.
This is part of the picture some people are not seeing,
Last edited:
It's not that simple. For the home user, yes, patch immediately. And Windows also tends to download patches automatically. For businesses though? You might need offline, or you might need stability, and can't take time to test a patch. If you're doing mission critical work, every patch requires a ton of time to retest. Ask yourself, how often have you downloaded a patch, be it Windows, NVidia, Symantec, etc., and all of the sudden something doesn't work right? The same with Linux. Nothing is perfect.
This is a bit different than what I was arguing, but lets touch on that subject.
There's several things in a Linux system that mitigates this sort of damage that would prevent it spreading as fast and as far as Windows has - or even having an effect at all:
1) If any virus/worm takes advantage of the SMB process (for example) and forces it to run arbitrary code, that exploit would ONLY run as the SMB user. The SMB user wouldn't have access to the user's data anyway, thus making this sort of exploit null and void.
2) Not all Linux systems run the SMB process or even has permission to do so. For SMB to run, an administrator would have to install and execute it. Ports below 1024 require root anyway, and if the user doesn't have the ability to install or run such a process (let alone run a process listening on anything below port 1024), then its impossible for such an exploit to spread among other systems.
3) Each distribution handles differently. So, just because one system is compromised, it doesn't mean it shares the same setup or configuration as the next one. How would a worm know if a user's home directory is located in /home, or in /usr/home, or /usr/local/home? It doesn't. How would a worm even know the same executables that govern a Ubuntu box would be present in a Redhat box? Because of these differences, it's nearly impossible for such a worm to spread.
Last edited:
This was a good article.
A lot of critics of Linux fail to quite understand how Linux functions. They believe that if Linux were to become as popular as Windows in the desktop market, that it would somehow see as many viruses as Windows. This couldn't be further from the truth. Linux was designed from the ground up to be an utter pain in the ass for malware. Even tricking the user into running arbitrary code is very difficult, because you'd have to coach the user into first downloading the software and then giving the software executable permissions. Even after doing that, for it to do any real damage, it'll need to run as root, which would require a password. So many steps to get a user to hang him or herself is so ridiculously difficult to do that it's not even worth it.
Any remote exploit needing to execute would be difficult too as Linux separates its processes according to the user. So, for any worm to be effective, it would have to take advantage of two exploits, and there's no guarantee any of the exploits would work since each Linux system is set up differently from one another. There's several other things in Linux that makes it very very difficult for malware to flourish, but I won't get into them here. The fact is, many naysayers simply do not understand Linux and they approach Linux using a Windows mindset, which is totally wrong.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
This isn't completely true at all.
Considering OSX as a Unix derivative and Linux as a Unix clone, there's very good reasons why malware under OSX doesn't do even half the damage resulting from malware under Windows.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
The excuse (and that's all it is) that Windows suffers from a literal cesspool of infections as a result of popularity alone, is no more than a cop out.
Dell offered Linux preinstalled on desktops several years ago and it was an abysmal failure. As I recall, not only were sales slow, they had lots of returns from unhappy customers.
As I recall, the patches were released in March. Even if they were released in April, that's enough time to test. IF it's not, you need more testers, better testers and/or better automated testing suites. Taking a month to test patches is not acceptable.
I'll add that companies that wrote s/w for XP that haven't updated it for newer/supported OSs should just go out of business. They've had since 2007 to become compatible with the Vista model (which would almost certainly work on 10). In fact, most s/w that didn't work with Vista, failed because they were still coding to 9x or 2000 standards. It's ridiculous that this is still an issue 15+ years after the standards changed and 10 years after Vista was released.
Experiments 10 years ago don't count... their was a time a few oems shipped Corel Linux as well. The world isn't the same anymore, 90% of what people do is online including big business which is moving to the cloud. The idea of having to support 10,000 individual local files systems running machines is stupid... which is where ChromeOS comes in. Expect ChromeOS to catch on like wild fire in the Corporate world in the next few years.
As for Dell ... don't talk about the past and an attempt to push Linux on people who where mostly still offline windows users. Look instead at their present and future. Dell developer machines have been selling very well, an Dell continues to expand the line up as sales increase.
Sorry Chad, but I've heard the argument that mass Linux adoption is just around the corner for 20 years (literally). Having worked in environments where Linux (and unix) dominated the server infrastructure, I can promise you that the only *nix desktop users were those working on the back end and a few developers (because why not use a *nix desktop if you're programming for a *nix backend), but it wasn't even close to majority of IT. The number of *nix users outside of IT was 0.
Go Linux Desktop Go. Wait till next year.
I think I have always been clear. I don't believe GNU Linux will ever take over the desktop for the masses. I do doubt highly MS remains 90% of the market. ChromeOS has invaded education, and the next few years will see them invade the corporate space. IN 3-4 years GNU Linux will be the go to for power users, for many of us our work machines will more and more not be windows. For a great many they will find themselves working on Chrome boxes. Google is going to go after windows at some point, and when they convince the major OEMs to support them I wouldn't expect windows to remain in the majority for very long at all. The more MS ties advertising into the DNA of windows. The more tempting and perhaps necessary for google to replace them. MS can't hijack Googles ad dollars if they don't control the system.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
Pigs arse it was. It was far from an abysmal failure.
http://www.omgubuntu.co.uk/2017/01/dell-talk-linux-laptops-distros-sales
http://www.zdnet.com/article/dell-doubles-down-on-high-end-ubuntu-linux-laptops/
As always, a whole lot of misinformed FUD from Windows users and some spectacular assumptions!
Last edited:
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
Meh, so you never worked in the animation/CGI industry then....
sudo apt-get update
sudo apt-get upgrade
sudo apt-get autoremove
MAYBE A REBOOT
---DONE---
Make WIndows that easy and updates will come like rain to the Sahara. Right now, patching Windows is a nightmare compared to Linux or MacOS.
can it be so hard ?
----on the other hand, that's how I make my living........DONT PATCH, let me fix your stuff when you are down, HEHE
like 1/3 of my time I bill is patching Windows and the apps running on it. No need to tell anyone about ninite...hehe
sudo apt-get upgrade
sudo apt-get autoremove
MAYBE A REBOOT
---DONE---
Make WIndows that easy and updates will come like rain to the Sahara. Right now, patching Windows is a nightmare compared to Linux or MacOS.
can it be so hard ?
----on the other hand, that's how I make my living........DONT PATCH, let me fix your stuff when you are down, HEHE
like 1/3 of my time I bill is patching Windows and the apps running on it. No need to tell anyone about ninite...hehe
ChadD, you know that the Military uses Windows exclusively for it's desktops right?
Each of the branches has their own custom build. I am familiar with the Army's AGM, Army Gold Master build. There is one for desktops and one for servers, maybe even another I am unaware of cause I've never needed it. The current builds are Win10 for desktops and Server 2012 for servers. They just remaster the OS build, cut out what they don't like or don't need, and add in their own driver set and security options. It's not just the military that does this and it isn't a huge problem that will have an effect on purchasing. See, Windows is what they already know, it's what they are built around, and it's going to take a lot more then what you are focused on to make them change because if they switch, then now they have to learn how to do these things with a new OS, they have to train people who know how, and they have to establish a new relationship with a different company who may not realize just how demanding this customer can be.
Dell sells the Army their desktop computers. Dell delivers them with the AGM build pre-installed. Yes, the Army NETCOM AGM build modifies Windows and sends Dell the current version so Dell can do a factory install on the Army's desktops and laptops.
https://blogs.windows.com/windowsex...lion-seats-to-windows-10/#Wf3DldkKg5Q6XO7s.97
Go figure right
ChadD, you know that the Military uses Windows exclusively for it's desktops right?
Each of the branches has their own custom build. I am familiar with the Army's AGM, Army Gold Master build. There is one for desktops and one for servers, maybe even another I am unaware of cause I've never needed it. The current builds are Win10 for desktops and Server 2012 for servers. They just remaster the OS build, cut out what they don't like or don't need, and add in their own driver set and security options. It's not just the military that does this and it isn't a huge problem that will have an effect on purchasing. See, Windows is what they already know, it's what they are built around, and it's going to take a lot more then what you are focused on to make them change because if they switch, then now they have to learn how to do these things with a new OS, they have to train people who know how, and they have to establish a new relationship with a different company who may not realize just how demanding this customer can be.
Dell sells the Army their desktop computers. Dell delivers them with the AGM build pre-installed. Yes, the Army NETCOM AGM build modifies Windows and sends Dell the current version so Dell can do a factory install on the Army's desktops and laptops.
https://blogs.windows.com/windowsex...lion-seats-to-windows-10/#Wf3DldkKg5Q6XO7s.97
Go figure right
That explains why their systems are constantly hacked by the Chinese and Russians.
Sure, the unclassified ones with nothing on them, you tool.
If you want to be obtuse I can too. No classified US military network has ever been hacked and the only time anything has ever been stollen from them is by insiders like Snowden and Manning who were allowed access as users or administrators.
You want to keep trying?
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
We probably get as many or more attempted attacks than the Pentagon and constant internal penetration of our systems would pretty much put us out of business. Whatever one thinks of Windows security, installing an OS and forgetting it is NOTHING CLOSE to running a secure environment.
I think ChadD here is taking my comments about how difficult it would be to unseat MS, as my being negative about, or attacking linux.
ChadD, I am not saying linux is a bad OS, that it isn't capable, etc. I am just pointing out that there is much more that goes into it then just having a good product.
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
These conversations often tread into absolutes and oversimplifications. Both Windows and Linux have their strengths and weaknesses and it's not they are unknown to enterprises that are generally running both, at least on the server level. As a desktop Windows is simply far better supported, organizations have been running it securely for years because they have the tools and process in place. Desktop Linux would fundamentally the process and tools for deployment and updating might be different and maybe some thing easier but some things harder.
I think idea "Let's run Linux because we can't keep Windows patched." is silly. "We can't manage Windows systems so hey lets go with Linux because that's much easier." That's headed for all kinds of disaster.
Uh huh... If that's the case, then how did the CIA lose over a dozen spies in the matter of 2 years by the Chinese?
Source: https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html?_r=0
Everybody and their mothers know that the US government is terrible when it comes to cyber security. This goes as deep as the US Army, since they like to use Windows machines that are very very easily hacked. There's a reason why, during the annual Hackathon, Windows is never ever used in the competitions there.
What you seem to forget is that, it's not how tight you screw on the nut, but the strength of the nut itself.
What am I saying? I'm saying, no matter how hard you lock down a Windows system, if the system itself is inherently flawed, then anyone who hacks those flaws still gains access to the system itself. It's like stuffing your money into a wet paper bag, but then putting a padlock on the bag itself. Bypass the lock and tear the bag and you gain access to the money.
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
With the amount of patching we do for both Linux and Windows they both always have a few screws loose.