Jump to content

Recommended Posts

Posted

Em 2005, foram detectadas 5.198 vulnerabilidades nos sistemas operativos, sendo que 812 encontradas exclusivamente no Windows, 2.328 nos sistemas Unix/Linux e 2.058 que afectaram vários sistemas operativos, inclusive os citados anteriormente.

A informação foi divulgada no anuário do US-CERT, órgão responsável pela segurança da internet nos EUA, que reuniu informações de fontes independentes no período entre Janeiro e Dezembro de 2005.

Na lista, falta a recém-descoberta vulnerabilidade do Windows, relacionada com os ficheiros WMF (Windows Metafile). Nenhuma vulnerabilidade foi listada especificamente para o Mac OS X, mas como ele é desenvolvido na plataforma Unix, está vulnerável a algumas falhas associadas a este sistema operativo.

Fonte: Infortech United

Nem são assim tantas. Apesar dos sistemas Unix serem os que mais falhas apresentam, são as falhas mais rapidamente corrigidas e as menos perigosas em termos de ataques (já se sabe porque...)!

Cumps

Posted

Sim, e além disso no Unix são descobertas porque há pessoal sempre a mecher no codigo e a topar essas coisas... e no windows são descobertas apenas por ataques!

O q faz toda a diferença!

Posted

Sim, e além disso no Unix são descobertas porque há pessoal sempre a mecher no codigo e a topar essas coisas... e no windows são descobertas apenas por ataques!

O q faz toda a diferença!

Ora nem mais. Enquanto que no e-mail recebo notificações da própria comunidade hacker de Debian relativamente a Linux, com o Windows recebo notificações de ataques ou de falhas exploradas por mentes mál intencionadas...

cumps

Posted

Mais lenha para a fogueira em mais um artigo da NewsForge. É uma crítica á Microsoft por querer fazer com que os leitores interpretem mal a notícia e uma crítica tambem á US-CERT pelo facto de não apresentar todos os dados organizados e permitir que a Microsoft faça isso.

Everywhere you look in the trade press today, you'll find glowing misrepresentations of US-CERT's latest annual summary of vulnerabilities discovered in 2005. If you take the summary findings at face value, you would likely conclude that Windows -- with 812 reported vulnerabilities -- is a much safer operating system than something called "Unix/Linux," which totaled 2,328. The US-CERT summaries have become the fodder for a FUD festival, and many scribes sympathetic to the Microsoft cause go out of their way to make sure the real picture never emerges.

Microsoft wants you to read the headlines as "Windows 3X safer than Linux." (If Microsoft is being quiet about the US-CERT numbers, it's because the company is too busy trying to come up with a fix for the Windows Meta File (WMF) vulnerability.) But even the most cursory examination shows that the two figures are not representative of today's two major operating system platforms.

One figure represents the vulnerabilities found in Windows operating systems: XP, NT, 98, and so on. The other represents a total figure not just for Solaris, AIX, HP-UX, the BSDs, and Linux, but for a hundred different versions of Linux. The sum of all the unique vulnerabilities from all the Linux distros does not equate to the sum of vulnerabilities in any single Linux distro, and one could say the same about the various versions of Windows.

That's why it is a completely meaningless exercise to discuss those totals as if they present an accurate picture of the relative security of Windows and Linux.

Numbers don't mean everything

After all this time, you'd think that the mainstream tech press could get it right when reporting on security. The sheer number of vulnerabilities means little when compared with other factors, such as the severity of the vulnerability, how easy it is to exploit the vulnerability, and how long it takes a vendor to respond to the vulnerability.

This is not to say that the data from US-CERT is a meaningless aggregation. You can easily spot the most vulnerable operating system in wide use today by taking a look at the Technical Cyber Security Alerts issued by US-CERT last year. Here's the bottom line:

    * 22 Technical Cyber Security Alerts were issued in 2005

    * 11 of those alerts were for Windows platforms

    * 3 were for Oracle products

    * 2 were for Cisco products

    * 1 was for Mac OS X

    * None were for Linux

That's quite a different picture than the one the Microsoft press machine wants you to see. Here's more of the same. US-CERT's list of current vulnerabilities contains a total of 11 vulnerabilities, six of which mention Windows by name, and none of which mentions Linux.

Still, scribes in the trade press are once again playing the US-CERT FUD game by trumpeting the misleading totals noted at the top of the story as being significant in weighing the relative security of Windows and Linux.

Shame on them for purposely -- or ignorantly, as the case may be -- misleading their readers. And shame on US-CERT for presenting its summary in a way that allows such easy misrepresentation.

Basta uma pesquisa no Google para ver a campanha de promoção que a Microsoft andou todo este tempo a fazer: http://www.google.com/search?hl=pt-BR&q=current+vulnerabilities+2005&btnG=Pesquisar&lr=

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.