The myth of the thousand updates for Linux, debunked

,----[ Quote ]
| For the last six months, I’ve been reading article after article spewing the
| same bovine manure: Look at how many updates Distribution X issued! How can
| it be more secure than Windows? Let’s bury that stupidity under a ton of
| facts:
|
| “Look at the pace of the update releases!”
|
| Microsoft shills’ latest tune goes something like this: “but Linux is so much
| more insecure than Windows — just look, every day you see security updates
| released!”.
|
| True: open up your Linux distribution’s update manager after three months of
| not upgrading, and you will see quite the list. Probably a bit more than your
| Windows or Mac OS X updates.
|
| But only a minority are security updates. From that minority, only a handful
| apply to your scenario. And even so, the number of updates is of no
| consequence. As a matter of fact, you should be happy you have all these
| updates for you to install.
|
| Don’t just take my word for it — let’s explore why.
`----

http://rudd-o.com/archives/2007/10/2...inux-debunked/

Windows zombies are meanwhile celebrating.

Storm Worm retaliates against security researchers

http://www.theregister.co.uk/2007/10...worm_backlash/

New strain of Gozi Trojan prowls the net

,----[ Quote ]
| Only 26 per cent of the major antivirus providers protect against the new
| variant, he said. It is detected under names including OrderGun, Orderjack,
| Germ, Small.BS, Pinch, Snifula, Ursnif and CWS.
`----

http://www.theregister.co.uk/2007/10...w_gozi_strain/


Related:

How secure are Linux, Window and Mac OS?

http://www.masuran.org/node/29


2006 Operating System Vulnerability Summary

http://www.omninerd.com/2007/03/26/articles/74


Linux vs. Windows: Which is Most Secure?

http://www.esecurityplanet.com/views...le.php/3665801


Linux Security: A Big Edge Over Windows

http://www.linuxinsider.com/rsstory/54742.html


The problems with Vista laid bare - What might have been

http://www.theinquirer.net/default.aspx?article=38419


Why Windows is less secure than Linux

http://blogs.zdnet.com/threatchaos/?p=311


Linux more secure than Windows, national survey shows

http://www.xomba.com/linux_more_secu...l_survey_shows


Microsoft Windows: Insecure by Design

http://www.washingtonpost.com/ac2/wp...nguage=printer


If Only We Knew Then What We Know Now About Windows XP

http://www.washingtonpost.com/wp-dyn...rss_technology


Why Windows is a security nightmare.

http://www.smh.com.au/articles/2004/...120110704.html


The Structural Failures of Windows

http://www.theinquirer.net/default.aspx?article=15305


Microsoft patches serious flaws secretly and sometimes gets caught. Here are 4
recent examples:

Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----

http://blogs.zdnet.com/security/?p=316


Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----

http://blogs.zdnet.com/microsoft/?p=527


Microsoft reacts to kernel hacks, defends Vista

,----[ Quote ]
| Microsoft wasn't much help in figuring out exactly what was beefed up by the
| PatchGuard update; the accompanying information was extremely vague. The
| MSRC's release manager, Simon Conant, was just as tight-lipped in a posting
| to the center's blog. "The update adds additional checks to Kernel Patch
| Protection for increased reliability, performance, and security," Conant
| said.
`----

http://www.infoworld.com/article/07/...l-hacks_1.html



Stealth Windows update prevents XP repair

,----[ Quote ]
| A silent update that Microsoft deployed widely in July and August is
| preventing the "repair" feature of Windows XP from completing successfully.
|
| [...]
|
| Accounts of conflicts with XP's repair option came to our attention after
| Microsoft's "silent install" of Windows Update (WU) executable files, known
| as version 7.0.600.381, was reported in the Sept. 13 and 20 issues of the
| Windows Secrets Newsletter. *
`----

http://windowssecrets.com/2007/09/27...ents-XP-repair


Windows Update's Sneaky Updates

,----[ Quote ]
| "The only altered files that have been reported to date are 18 small
| executables used by WU itself. Microsoft is patching these files silently,
| even if auto-updates have been disabled on a particular PC." *
`----

http://www.microsoft-watch.com/conte...129TX1K0000535


Also see:

Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----

http://www.microsoft-watch.com/conte...129TX1K0000535


Microsoft : Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----

http://securityblog.itproportal.com/?p=514