[Dark Helmet]

"Security researchers uncovered nearly 5,200 software vulnerabilities in 2005, almost 40 percent more than the number discovered in 2004, according to Washingtonpost.com. From the article: 'According to US-CERT...researchers found 812 flaws in the Windows operating system, 2,328 problems in various versions of the Unix/Linux operating systems (Mac included). An additional 2,058 flaws affected multiple operating systems.'

http://it.slashdot.org/article.pl?sid=05/12/31/0812210

[TETENAL]

The article you quoted doesn't support your statement in the thread title.

[Dark Helmet]

Originally Posted by TETENAL

The article you quoted doesn't support your statement in the thread title.

812 flaws in the Windows operating system,

2,328 problems in various versions of the Unix/Linux operating systems (Mac included)

[IFLY2HIGH]

Originally Posted by TETENAL

The article you quoted doesn't support your statement in the thread title.

I agree, he needs to break down the unix, linix and mac flaws, cause I know windows has more updates than ever this year than OSX. My XP box is riducuallous in updates to do. Just cause Mac uses a flavor or unix doesn't mean "IT" has more flaws than windows.

[Dark Helmet]

Originally Posted by IFLY2HIGH

I agree, he needs to break down the unix, linix and mac flaws, cause I know windows has more updates than ever this year than OSX. My XP box is riducuallous in updates to do. Just cause Mac uses a flavor or unix doesn't mean "IT" has more flaws than windows.

If it effects Unix than doesn't it effect MacOSX?

[mindwaves]

Edited thread title to clarify.

[turtle777]

Originally Posted by mindwaves

Edited thread title to clarify.

Thank you.

Dark Helmet, darn troll posting. WTF ?

-t

[Dark Helmet]

Originally Posted by Dark Helmet

If it effects Unix than doesn't it effect MacOSX?

Anyone?

[mindwaves]

Not necessarily because their are different "flavors" of *nix hence the asterisk in front. And it is "affect."

[turtle777]

Originally Posted by Dark Helmet

Anyone?

Ok, to break it down for you, in other words:
"2,328 problems in various versions of the cars (Ford included)."

You're statement was along the line of: "Ford had 2,328 problems".

The statement said that ALL *nix system in TOTAL had 2,328. Mac OS X would have been a SUBSET of that !

Do you get it ?

-t

[TETENAL]

Originally Posted by Dark Helmet

812 flaws in the Windows operating system,

2,328 problems in various versions of the Unix/Linux operating systems (Mac included)

That means that there are more flaws discovered in all Unices combined than in Windows. It doesn't say how many flaws were discovered in Mac OS. Could be 2,300, could be 2. Or anything inbetween.

[turtle777]

Originally Posted by TETENAL

Could be 2,300, could be 2. Or anything inbetween.

Could be 2318 or 2327 as well. Or 1. Or 0.

*duck*

-t

[TETENAL]

Originally Posted by turtle777

Could be 2318 or 2327 as well. Or 1. Or 0.

I'll sue my elementary school teacher for not teaching me set theory properly.

[Dark Helmet]

Originally Posted by turtle777

Ok, to break it down for you, in other words:
"2,328 problems in various versions of the cars (Ford included)."

You're statement was along the line of: "Ford had 2,328 problems".

The statement said that ALL *nix system in TOTAL had 2,328. Mac OS X would have been a SUBSET of that !

Do you get it ?

-t

Yup, got that. But it isn't what I was asking now was it.

[turtle777]

Originally Posted by Dark Helmet

Yup, got that. But it isn't what I was asking now was it.

He didn't get it.

-t

[mduell]

The count hardly matters when so few people run something other than Windows (i.e. the flaws aren't attractive targets for exploits).

Also, there's no indication of the severity of each flaw.

[Dark Helmet]

Originally Posted by turtle777

He didn't get it.

-t

You're still clueless? Ok, don't bother

[Chuckit]

Originally Posted by Dark Helmet

Yup, got that. But it isn't what I was asking now was it.

You asked, "If it affects Unix, doesn't it affect OS X?"

He answered, "No, because 'Unix' covers a wide assortment of operating systems. Just because something affects some *nix flavor doesn't, that meant it affects OS X. It's like how, just because something affects some type of car, that doesn't necessarily mean it affects a Ford Explorer."

[Kevin]

Oh jeesh, just toss this.

[ink]

Originally Posted by Dark Helmet

If it effects Unix than doesn't it effect MacOSX?

Depends on what's included. Fedora Core 4/Linux has more than 3000 packages, only a small number of which ship with OSX (FC4 also includes a complete office suite, a couple DBM systems, 4 or 5 email clients, 2 web browsers, etc. etc. etc.). Additionally, that's only one of many UNIX systems, including AIX, Solaris and others, many of which aren't closely related.

The original article is meaningless. It's like saying "Cars had 100 faults, but Honda motorcycles only had 30".

[Ratm]

Originally Posted by turtle777

He didn't get it.

-t

[far200]

Originally Posted by Dark Helmet

Anyone?

Unix can run on x86 so would it be mac osx....... not all of it...say maybe 1% if that.
Yes there might be some flaws on osx but not like windows.......which is the reason I switched...

[ghporter]

One, the article is more editorial than news. Two, even the comments on the Washington Post site discount the article as ambiguous and unhelpful. Three, I cannot get the CERT 2005 summary to open anything but the header of the file-is this a problem for anyone else?

Without a really well defined breakdown of the flaws being reported (note that the article talks about "software flaws" not specifically OS flaws) specifically by OS and platform, this is just hot air.

[Kevin]

Now we will get to see this thread bumped for the next year whenever someone even remotely writes another column saying something similar.

Great.

[besson3c]

I think there will always be more exploits found in OSS, because it is carefully scrutinized and opened up so that people *can* find these exploits.

The overall number also doesn't indicate the severity of the exploit. Since many Linux/Unix operating systems include many different packages and services (many which may not even be enabled), the number of exploits found can increase exponentially for the reasons described above.

The point: the number alone is pretty meaningless. The real questions should be: how easy is it to severely exploit a machine, how quickly are problems corrected, how difficult is it to do so, and is the problem apparent in the default base install, or with some other included component?

I know I'm preaching to the choir here....

[analogika]

Shouldn't that be:

"More flaws discovered in open code by the public (and resolved) this year than discovered by the public in completely veiled code (and likely unresolved)?"

Also, a "flaw" could mean anything from a little bug to potential catastrophic failure to immediate 0wn3er1sm of your machine.

I'd venture that thousands of "flaws" go unnoticed or unpublicized in Windows simply because there aren't several hundred thousand programmers and hackers publicly scrutinizing the code at any given time. In addition, a lot of the open-source "flaws" are first publicized right along with the patch to fix them, a few days after discovery.

[Millennium]

Originally Posted by Dark Helmet

If it effects Unix than doesn't it effect MacOSX?

Maybe, maybe not. It depends on exactly where the bug is found.

The thing is, there is no "UNIX operating system", per se. Actually, there technicaly is an operating system called UNIX -it's made by AT&T- but that's not what the article is talking about. The article uses the term "UNIX" to refer to any of a group of operating systems, including UNIX and several other operating systems which work in a similar manner. Linux, Solaris, the BSDs, OSX, AIX, and other operating systems fall under this category.

Many of these operating systems share some code, typically deep in the kernel layer, but most of the code is different between them. It's also worth noting here that the Linux kernel doesn't share its code with any of the other UNIX-like operating systems, due to licensing concerns. Flaws in any one of the operating systems can only affect the others when the flaw is in code that they share.

The end result of this is that although some of these 2000-odd bugs will affect OSX, not all of them will, and the same is true for any other UNIX-like operating system. Essentially, the article is comparing one operating system (Windows) with a group of operating systems (the UNIX variants). This isn't a fair comparison: the UNIX variants should have been broken down into per-system results. Then there could have been a fair, apples-to-apples comparison of one OS with one other OS.

[olePigeon]

Originally Posted by mindwaves

Not necessarily because their are different "flavors" of *nix hence the asterisk in front. And it is "affect."

Haha. You had a 2 out of 3 chance of getting at least one of those words right, and you picked the wrong one.

[olePigeon]

Originally Posted by Dark Helmet

Yup, got that. But it isn't what I was asking now was it.

The UNIX/Linux number is infalted. There are over 100 distros of Linux alone, and I don't know how many UNIXes. Just to make it simple, let's say 50. That'd mean that for every 1 flaw, it'd get multiplied 150 times. So suddently you have "150" flaws in UNIX/Linux, when it should be 1.

Not to mention that they're including flaws from 3rd party applications that aren't apart of the OS. That's like including flaws from Netscape and AOL and claiming they're Windows flaws. Just because it's bundled software, doesn't mean it's a flaw of the OS.

You also have to consider (when taking out the inflation,) how many of those flaws allow root access in the *nixes, and how many of those flaws allow Administrative access on the Windows machines?


And to answer the question of whether or not a vulnerability would work accross various versions of UNIX (including OS X), that would be a maybe. As with any OS or software, different versions of UNIX have different flaws. If OS X isn't using the same version of BSD as whatever the current release is, then a vulnerability present in OS X may not work in another version of BSD, and vice versa.

You also have to consider that there are some very proprietary implementations of Linux and UNIX with custom file systems kernels where traditional attacks wouldn't ever work accross versions.

[Millennium]

Originally Posted by Dark Helmet

Yup, got that. But it isn't what I was asking now was it.

Actually, it was what you were asking.

[turtle777]

Originally Posted by Millennium

Actually, it was what you were asking.

See. I told ya'll he didn't get it.

-t

[TETENAL]

Originally Posted by mindwaves

Not necessarily because their are different "flavors" of *nix hence the asterisk in front. And it is "affect."

And it is "there".

[turtle777]

Hello turtle777. Nice to meet you.

Awesome

Wanna chat ?

-t