The myth of the thousand updates for Linux, debunked

,----[ Quote ]
| For the last six months, I’ve been reading article after article spewing the
| same bovine manure: Look at how many updates Distribution X issued! How can
| it be more secure than Windows? Let’s bury that stupidity under a ton of
| facts:
| “Look at the pace of the update releases!”
| Microsoft shills’ latest tune goes something like this: “but Linux is so much
| more insecure than Windows — just look, every day you see security updates
| released!”.
| True: open up your Linux distribution’s update manager after three months of
| not upgrading, and you will see quite the list. Probably a bit more than your
| Windows or Mac OS X updates.
| But only a minority are security updates. From that minority, only a handful
| apply to your scenario. And even so, the number of updates is of no
| consequence. As a matter of fact, you should be happy you have all these
| updates for you to install.
| Don’t just take my word for it — let’s explore why.

Windows zombies are meanwhile celebrating.

Storm Worm retaliates against security researchers

New strain of Gozi Trojan prowls the net

,----[ Quote ]
| Only 26 per cent of the major antivirus providers protect against the new
| variant, he said. It is detected under names including OrderGun, Orderjack,
| Germ, Small.BS, Pinch, Snifula, Ursnif and CWS.


How secure are Linux, Window and Mac OS?

2006 Operating System Vulnerability Summary

Linux vs. Windows: Which is Most Secure?

Linux Security: A Big Edge Over Windows

The problems with Vista laid bare - What might have been

Why Windows is less secure than Linux

Linux more secure than Windows, national survey shows

Microsoft Windows: Insecure by Design

If Only We Knew Then What We Know Now About Windows XP

Why Windows is a security nightmare.

The Structural Failures of Windows

Microsoft patches serious flaws secretly and sometimes gets caught. Here are 4
recent examples:

Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.

Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?

Microsoft reacts to kernel hacks, defends Vista

,----[ Quote ]
| Microsoft wasn't much help in figuring out exactly what was beefed up by the
| PatchGuard update; the accompanying information was extremely vague. The
| MSRC's release manager, Simon Conant, was just as tight-lipped in a posting
| to the center's blog. "The update adds additional checks to Kernel Patch
| Protection for increased reliability, performance, and security," Conant
| said.

Stealth Windows update prevents XP repair

,----[ Quote ]
| A silent update that Microsoft deployed widely in July and August is
| preventing the "repair" feature of Windows XP from completing successfully.
| [...]
| Accounts of conflicts with XP's repair option came to our attention after
| Microsoft's "silent install" of Windows Update (WU) executable files, known
| as version 7.0.600.381, was reported in the Sept. 13 and 20 issues of the
| Windows Secrets Newsletter. *

Windows Update's Sneaky Updates

,----[ Quote ]
| "The only altered files that have been reported to date are 18 small
| executables used by WU itself. Microsoft is patching these files silently,
| even if auto-updates have been disabled on a particular PC." *

Also see:

Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
| [...]
| The point: Don't count on security flaw counting. The real flaw is
| the counting.

Microsoft : Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.