mikmik
07-16-2004, 06:18 AM
15 Seconds
A year ago, if you put an unprotected machine on the Internet, it would be attacked within 15 minutes. Now it's 15 seconds.
Source: Symantec.
Is Microsoft to Blame? (http://www.pcmag.com/article2/0,1759,1618777,00.asp)
All modern software has bugs—lots of them. That goes for Windows, Linux, Mac OS, and any other operating system or application you can think of. Part of the problem is that regardless of how many developers are working on a software tool, and no matter how clever they are, they can't possibly anticipate each and every way someone could attack it.
"Just as you can't stop all bank robberies, you can't stop all software attacks," says Gary McGraw, coauthor of Building Secure Software and chief technology officer at Cigital, a firm that helps improve software security at several Fortune 500 companies. "In any field," he adds, "security is about risk management."
In the software business, however, there are two additional problems: First, modern software is often so complex that developers have trouble understanding exactly how it works, much less how someone could attack it. "Software is the most complicated artifact that we build as a species," posits McGraw. "Something like Window XP includes 40 million lines of code. How many people do you need in the room before they understand all that?"
Second, today's code is built atop yesterday's code, because everybody wants compatibility with old apps and old OSs. When those old apps were written, before the rise of the Internet, when viruses spread like molasses, on floppy disks handed from person to person, the average PC wasn't exposed to outside threats. It didn't have the same need for secure software.
Clearly, Microsoft has a difficult task on its hands. But so do its competitors, and their software isn't attacked nearly as often. Does this mean that Windows is somehow less secure? Maybe, maybe not
....
Who's right? Proponents of the different operating systems will probably never agree, but a recent Forrester Research study seems to support Gates's claims. Between June 1, 2002, and May 31, 2003, the study says, security experts found more flaws in each of the four major Linux offerings than in Windows. In that time, for example, 286 flaws were found in Debian Linux, and only 128 were found in Windows. Forrester didn't track flaws in Mac OS or other operating systems, but at least when compared with Linux, Windows seems to be more secure
...
"The fact that dedicated hackers working around the world are able to find security holes in Windows does not mean Microsoft is at fault," says Ian Ballon, cochair of the intellectual property and Internet practice group at international law firm Manatt, Phelps & Phillips and also the executive director of Stanford University's Center for E-Commerce. "It's like suing the New York City fire department for injuries arising out of 9/11."
A year ago, if you put an unprotected machine on the Internet, it would be attacked within 15 minutes. Now it's 15 seconds.
Source: Symantec.
Is Microsoft to Blame? (http://www.pcmag.com/article2/0,1759,1618777,00.asp)
All modern software has bugs—lots of them. That goes for Windows, Linux, Mac OS, and any other operating system or application you can think of. Part of the problem is that regardless of how many developers are working on a software tool, and no matter how clever they are, they can't possibly anticipate each and every way someone could attack it.
"Just as you can't stop all bank robberies, you can't stop all software attacks," says Gary McGraw, coauthor of Building Secure Software and chief technology officer at Cigital, a firm that helps improve software security at several Fortune 500 companies. "In any field," he adds, "security is about risk management."
In the software business, however, there are two additional problems: First, modern software is often so complex that developers have trouble understanding exactly how it works, much less how someone could attack it. "Software is the most complicated artifact that we build as a species," posits McGraw. "Something like Window XP includes 40 million lines of code. How many people do you need in the room before they understand all that?"
Second, today's code is built atop yesterday's code, because everybody wants compatibility with old apps and old OSs. When those old apps were written, before the rise of the Internet, when viruses spread like molasses, on floppy disks handed from person to person, the average PC wasn't exposed to outside threats. It didn't have the same need for secure software.
Clearly, Microsoft has a difficult task on its hands. But so do its competitors, and their software isn't attacked nearly as often. Does this mean that Windows is somehow less secure? Maybe, maybe not
....
Who's right? Proponents of the different operating systems will probably never agree, but a recent Forrester Research study seems to support Gates's claims. Between June 1, 2002, and May 31, 2003, the study says, security experts found more flaws in each of the four major Linux offerings than in Windows. In that time, for example, 286 flaws were found in Debian Linux, and only 128 were found in Windows. Forrester didn't track flaws in Mac OS or other operating systems, but at least when compared with Linux, Windows seems to be more secure
...
"The fact that dedicated hackers working around the world are able to find security holes in Windows does not mean Microsoft is at fault," says Ian Ballon, cochair of the intellectual property and Internet practice group at international law firm Manatt, Phelps & Phillips and also the executive director of Stanford University's Center for E-Commerce. "It's like suing the New York City fire department for injuries arising out of 9/11."