Something to note: there are still thousands of viruses that can infect a Windows machines. Millions of Windows installations are infected every month. Now how many Linux and BSD viruses are out there, spreading in the wild? Can you say *NONE*? (well, ok, there are a handful of such viruses in the labs, but they arent out there infecting thousands -- much less millions -- of machines).

Even if you assume that Windows installations outnumber Linux and BSD installations 100 to one, the ratio of viruses and infections is still way disproportionate.

Windows security is a joke, a contradiction in terms! It is nowhere near as good as that found in popular competing operating systems (like Linux, BSD, Unix, and OS X).

Maddog. You have to remember the motivation behind writing malware is to make money. Believe me when I say that if Linux, BSD, Unix or OSX had the same global footprint as windows you would see just as many exploits as you do with windows.

Maddog, you have to normalize the data before you say more windows machines are infected then linux.

You need to take into account how many viruses are written for windows than for linux, as well as how many users are running each os.

If there are 100 times more windows users than linux users, then the potential to infect a windows machine is 100 times more assuming everything else is equal (same number of viruses written). But more viruses are written targeting windows, so it's not a real comparison you're making until you normalize everything.

IBM may have a new thing going

IBM'a effort to patent a "business method" appears to be similar to VCSY's effort to patent a "business method":

The first paragraph in this article explains the traditional software approach perfectly and why "living software" is such a significant shift in the software industry and the industry of business more pointedly. The "software business" will be absorbed into the "business business".

more at url
http://messages.finance.yahoo.com/Stocks_%28A_to_Z%29/Stocks_V/threadview?m=tm&bn=33693&tid=763&mid=763&tof=1&frt=1

I doubt it, William. The disproportion is just too wide. The virus count on those OSes is not just a hundred times less, it's over a thousand times less.

I think this indicates that viruses just don't spread as easily on Linux, etc. as they do on Windows (which is a proven fact anyway).

I agree, though, that the motivation to write viruses will increase if those OSes had the same market share, but it is highly unlikely that there will be as many viruses because those systems just make it harder for viruses to infect and spread. The design is simply different. They are *not* perfect, of course, but they don't have to be. They are just harder targets in general.

Now if the developers of the various Linux and BSD distributions make big design mistakes in the future -- pandering mainly to the desires of the big bosses instead of adhering to good programming principles -- *then* the vulnerabilities will probably increase. But that's not likely either since development in Linux and BSD are community-driven, not dictated upon by some Gates or Ballmer types.

Posts on Raging Bull go missing.

(went to Raging Bull VCSY board where it was immediately deleted)

Morrie,

The time for talk is over. There are people who talk and there are people who do and there are people who do nothing but talk and laugh.

As was noted on the RB VCSY board this morning, there are a whole lot of people posting on RB VCSY who have no financial stake in the stock. They spend an awful lot of time talking and laughing about something they don't know anything about. That alone should be a signal to others, but, others are easily lead and they end up laughing when others laugh.

I offere the following Yahoo VCSY board posts to demonstrate what I think is going to be the least understood jolt to the software world. I want the world to be able to see why they were not allowed in on the secret. That's why I'm posting here those posts and this one blurb from those posts I think will mean the most to folks who were prevented from learning about VCSY by those who did the most to lead the laughing.

"We (VCSY longs) have a list of people who laughed loudest. When the noobies get here and wonder out loud why nobody told them VCSY had what it has, we VCSY longs are going to simply post the list of usernames... usernames of the people who laughed loudest and longest; those people who did everything they possibly could to drown out the conversation about what was a very simple and transforming idea."

more at url
http://messages.finance.yahoo.com/Stocks_%28A_to_Z%29/Stocks_V/threadview?m=tm&bn=33693&tid=778&mid=778&tof=1&frt=2

Maddog

Then the concept is that MS has or is working with a bad design. Could you elaborate on what that bad design is? In contract to the good design used with *nux?

Does this report suggest that maybe the massive throw everything away halfway thru the Vista build and start over with security as the focus worked? Or do you think MS can't design a secure system period. Regardless of how many times they throw it away and start over. Based on these numbers it looks as if what they did with Vista helps may not stop the problem but makes it better?

I also believe popularity will win over complexity. Make the *nux system as complex to crack but if someone wants to they will. Think of those who hacked the PS2 or the XBOX. Now that required hardware and soldiering. So I don't think any system (soft or hard) is safe against a throng of people who want to hack it. Think of the iPod as well. If they want to hack it no matter how secure one thinks it is it is not.

I-Man :

And there are people like you posting on this site that don't stick to the subject.

Can you connect the dots with you last two posts and how they relate to Joe Wilcox's article?

If you want I can get you some links to your post and show you that they have nothing to do with what Joe is talking about.

Take your canned spam and go elsewhere.

Practice what you preach and go somewhere else to make your posts.

Maddog,

If you're going to compare platforms, you can't just factor in market share and/or user base.

You also need to factor in the type of usage that is typical for the platform. Most security risks are not exposures on the server side, where Linux is typically used. The exposure is on the desktop, where the users are running interactively. This affects both the actual volume of exploits and the motivation to write them.

There are many other factors involved as well, such as user experience levels. Grandma's don't run Linux. That has huge ramifications, no matter how secure you are technically.

In terms of proven facts, the only meaningful hard numbers I've seen that could be used to infer what the world would be like if Linux were dominant is that Linux variants have far more security vulnerabilities than Windows, regardless of the number of exploits that are in the wild.

Is Microsoft pushing Windows Desktop Search via Windows Update?
http://blogs.zdnet.com/hardware/?p=877
Quote:"I’m getting reports of another potential breach of trust on the Windows Update front. This time users are complaining that a Windows Update (WSUS) installed Windows Desktop Search onto systems, which, after being installed, started indexing systems and slowing PCs down."
“I’m slighly pissed of [sic] at M$ right now,” an admin in charge of 3,000 PCs wrote in a comment to the first aforementioned link. “All the clients have slowed to a crawl, and the file servers are having problems with the load.”
--------
It's typical of MS.

@Sambo :

To use your logic, if more Grandmas drive Volvo(s), that will make Volvo a less safer car?

Sorry, it don't compute. You can't put a spin on security and safety.

So here's a product from Microsoft, comparing attempts to hack an old Microsoft operating system, and attempts to hack a new microsoft operating system. Surpringly, the new operating system comes out better.

Before we get onto the definition of 'shill', can I just point out that i windows security had been taken seriously - as it was claimed on XP - then we wouldnt all be up to our knecks in malware and viruses?

And remind me why i should pay the same company who provided an insecure operating system for software to plug the holes in that operating system ?

---* Bill

Maddog, this bit of news might be of interest to you.

Botnets are Linux-happy

"More interesting is that most of the compromised machines were not Windows machines. 'The vast majority of [the phishing sites] we saw were on rootkit-ed Linux boxes, which was rather startling. We expected a predominance of Microsoft boxes and that wasn't the case.'"

Startling, indeed.

n0neXn0ne,

The problem is not with the logic, but with your analogy which is irrelevant to the topic.

The average Linux user/administrator is going to be far more experienced and knowledgeable about computers and computer security than the average Windows user, because (1) the user demographic is much broader for Windows than Linux and (2) because Linux requires that the user be more technically inclined to begin with.

This has direct correlation on how well configured the platform in question will be on average.

Sambo,
But, shouldn't Windows Server 2003 users be far more experienced and knowledgeable about computers and computer security than the average Windows user? Ouch! 34 percent of Server 2003 are infected (compared to 48 percent of XP SP2).

While Microsoft would prefer one to conclude that Vista is more secure than XP SP2 (18 percent infected versus 48 percent), there are other variables to consider. Because XP has been available longer, more exploits for it are available. From Microsoft's Key Findings,
In a product-by-product comparison, new products appear to be at less risk to publicly available exploit code than products that have been in the market longer. On average, exploitability is shown to decrease across product lifetimes, meaning that exploitability decreases in later versions of the majority of products. This fact is most readily visible for Microsoft Windows? and the Microsoft Office? system product lines. Overall, Windows XP and Microsoft Office XP rank equally in the number of exploitable vulnerabilities discovered between 2006 and 2007. In later versions of these products, Windows Server? 2003, Windows Vista?, Microsoft Office 2003, and the 2007 Microsoft Office system, a distinct decrease is seen in the number of vulnerabilities down the product lifetime.

"The problem is not with the logic, but with your analogy which is irrelevant to the topic."
[...]
(2) because Linux requires that the user be more technically inclined to begin with.

@sambo:
This is where your argument falls apart.
Put grandma in front of both, Linux and Windows with not instructions. Tell them to go to any site, open any emails, and download anything. What would be the results? Windows infected, Linux NOT. Your number 2 doesn't apply.

"Put grandma in front of both, Linux and Windows"

And for a real-world example?

@Jennifer8:

"Put grandma in front of both, Linux and Windows .... And for a real-world example?
or Mac?

...for a real-world example...?
That would tell us a lot wouldn't it?

Maddog
"Now how many Linux and BSD viruses are out there, spreading in the wild? Can you say *NONE*? (well, ok, there are a handful of such viruses in the labs, but they arent out there infecting thousands -- much less millions -- of machines)."
If they are in labs now they WILL be in the wild sooner or later.
And this from Wes
"Botnets are Linux-happy

"More interesting is that most of the compromised machines were not Windows machines. 'The vast majority of [the phishing sites] we saw were on rootkit-ed Linux boxes, which was rather startling. We expected a predominance of Microsoft boxes and that wasn't the case.'"

As I have said previously Linux Zealots like Maddog, Chips and Marco have been going on about how safe Linux is compared to Windows, and I have always maintained that sooner or later there will be viruses made for Linux....Now there is !!!

I always "Spybot Search & Destroy" and "Adaware", both of which are free downloads for personal use (as well as Norton Internet Security ... paid for) Windows defender has never been up to the task !

As I have said in the past Maddog your name suits you !

@Wes :

"Linux phishing botnet statistics can be deceptive"

There are some problems with such assumptions based on that statement, however:

1. Each phishing site does not necessarily imply an individual machine. In fact, the use of the term phishing site implies Web servers which, in turn, implies that the majority of phishing sites are on shared hosting systems, where there may be hundreds of individual Web sites per box. Among other things, this means that a single compromised box may account for hundreds of individual phishing sites and Linux-based systems are the most commonly employed platforms for shared hosting.

2. A phishing site does not imply the box was rootkitted. Not only may a phishing site merely mean that a vulnerability in a given piece of software (such as one of the hundreds of notoriously unsecured PHP content management systems) running on that server has been exploited, but if Cullinane is actually talking about phishing sites per se, he's excluding desktop systems employed as nodes in a botnet in favor of server systems.

[...]

4. Phishing sites are not the same as botnet nodes. No, really this is the biggest problem with the obvious assumptions here. Typically, phishing botnets send out e- mails to entice users to a given Web site made to look like some other, legitimate Web site. The intent is to trick users into entering important data into the site so that whoever's running the site can then engage in some identity theft. While it makes sense that the Web sites would be run on shared hosting servers, most of the e-mails are probably being sent out by compromised home systems that are part of a phishing botnet which are undoubtedly primarily Windows systems.

http://blogs.techrepublic.com.com/security/?p=296

Windows is the Typhoid Mary of Operating Systems. Enough said, except that Micro$oft would rather sell you OneCare at $50 a year than fix the problems they created with insecure operating systems in the first place. Its all about greed with M$ folks.

n0neXn0ne and Jennifer8,

Hey! Hey! I've got a real world example! My daughter has XP on her desktop. She needed something for school so I got a freight salvage Thinkpad on eBay, repaired it, put Linux on it, and gave it to her for a laptop. Her desktop didn't have any anti-virus on it for over a year. Yet, when I finally got around to taking care of that, it came up completely clean! Likewise, her Linux lappy has never had a problem.
According to my router logs, she hangs out on strange sites, things in .edu domains, marine biology sites, science sites, and other weird sh*t like that. This leads me to a theory. According to Loverock's posts over at ZDNet, Linux users need to compile their kernels everyday to forestall kernel panics. This leads me to think that the average Windows user has more time to surf p0rn sites than the average Linux user. That's why more Windows boxes are infected.
Am I right?
>:-

Chips
Joe did mention "One Care" he said "Windows Defender" !
The two are not the same !!

Typo error
That should read ....
Joe did NOT mention "One Care".

I use(for ALL my stuff) the less secure linux os (SuSE) from release 9.1 to now (I think 9.1 is about 2/3/4 years ago) without ANY antivirus and for now, I miss to understand a thing:
If windows is so intrinsically secure, why I've to buy an AV software?
What happen to me if I use windows without AV?
I think nothing because I've worked whit a less secure os without AV for years.
No?

Last but dont' least all finding from MS and others security experts shows without any doubts that windows family are by far the more secure oses.

Because I'm a bit nonconformist I start to plan my os-migration toward a MS os. My only doubt is Xp or Vista.

Greetings from Italy.
(off course, sorry for my poor English)

Neil said: If they are in labs now they WILL be in the wild sooner or later.

Really now? Are you a virus writer or just clairvoyant? They've been in the labs for years and they have NOT gottren intot he wild. In those years, viruses have infected millions of Windows machines.

As for botnets being Linux-happy, well, viruses are Windows-happy. These are different forms of malware. Oh and let's not forget the Storm bot, which only affects Windows machines.

Look at the proprtions and normalize the data (which I did earlier). How many Linux desktops are there compared to Windows? There are 6 million claimed Ubuntu users (a primariloy desktop Linux distribution). There are also probably several million RedHat/Fedora, PC BSD, etc. desktops. So let's be very conservative and assume that there are only 5 million Linux/BSD desktops in the entire world (a ridiculously low number). Are there 1000 Windows desktops for every Linux/BSD desktop?

Certainly not (you would need at least 5 billion Windows desktops to reach that ratio). But Windows virus infections are at least 1000 times as many (more actually, since there are ZERO Linux infections in the wild, but I'll stick to thay low number for the sake of keeping Windows fans from going apoplectic). Windows virus infections are therefore over-represented compared to their actual numbers on the desktop vis-as-vis Linux/BSD desktops.

So at least as far as vulnerability to viruses is concerned, Windows is the hands-down loser.

Can M$ design a secure OS? Sure. Have they? No. Will they? Ah... that is the rub.

Maddog?

Are viruses harder to write on Linux? Or are the best virus and exploit writers writing them for Windows boxes because that is where the money is?

Again, they would do just the same for Linux or Unix if that was where the money was. What do you think, that they would just "give up"? Of course not.

The reason that Windows has more exploits is because there is so many people trying to exploit it. No digital lock is safe, and no system is secure.

If Linux or Unix had the same manpower working on finding its exploits then rest assured exploits would be found.

William Says:

1) "Are viruses harder to write for Linux?" ... 2) "What do you think, that they would just give up?"
[...]
3) "If Linux or Unix had the same manpower working on finding its exploits then rest assured exploits would be found."

@William
1. Yes, virus is harder to write for *nix. Youtube how to write a virus in 5 minutes or less. You will find Windows only how-tos.

2. We wouldn't know would we, as long as Windows exists. 'Windows is a Virus'

3. If? Linux AND Unix have the same manpower working on finding its exploits then rest assured exploits would be found AND FIXED. case in point.

nOneXnOne
I like your point "If? Linux AND Unix have the same manpower working on finding its exploits then rest assured exploits would be found AND FIXED. case in point."
Therefore there will be viruses for Unix and Linux and that will wipe the smiles off the faces of Chips, Marco, Maddog, etc.
You see that now Chips (a Linux Zealot ... in the extreme) is advocating to people to Leopard ! Why ...simple ... He doesn't want them to use Windows so if they don't like Linux ...use Leopard instead !
I of course advocate to people not to believe all lies spread by people like chips and give Windows a go !!

Neil wrote: Therefore there will be viruses for Unix and Linux and that will wipe the smiles off the faces of Chips, Marco, Maddog, etc.

Non sequitur. That does not follow. You seem to have a striking inability to follow a logical argument. Where did you learn logic, Neil? In Disneyland?

Quote from William :

"The reason that Windows has more exploits is because there is so many people trying to exploit it."
----------------------------------------------------
Totally wrong William. Know the difference between an "exploit" and a program (virus, trojan, malware, etc) written to take advantage of an "exploit."

Exploits are flaws in the OS or browsers,that enable the viri type programs to take advantage of them. The whole Windows OS is just one big exploit, when you really get down to it, as users accounts are not setup properly out of the box, and just left to the users to do whatever they want. Also activeX is one of the worst security exploits ever thought up. One wonders what the folks at MS were smoking when they dreamed that one up.

And then theres Internet Exploder, which should never be allowed to run on a Windows computer. Its the number one virus magnet with Outlook Express a close second, of any type of program on a windows machine. Just switching over to Opera or Firefox improves your windows odds of not problems. And then, Windows will let any program replace system files during an installation, how completely insane is that????

Lastly, there has to be a motive for these virus writters. I suspect that its easier to get mad at a company that charges up to $400 for its operating system, with all the bugs included, than to get mad at a FREE GNU/Linux community operating system that just works. Most likely, there are MS employees or former ones, that know the code, and have a grudge against their former employers. They probably write the most damaging type of viri.

To Maddog:
What do you expect from Neil? As a dedicated M$ shill with an army of sock puppets, he dosen't care about the truth, only to create FUD about other products, so people will buy MS. Its all about the bottom line with him and his employers.

Like the XBox360, we will do our best to point out the flaws and problems with Micro$oft products, including Vi$ta. Maybe, in this way, at least, MS will end up being forced to at least partially improve it. Or just move on to Windows Seven, or whatever the new name will be.

"Microsoft confirms PDF attacks, urges caution"

"In the wake of this weeks malware attacks using rigged PDF files, Microsoft has updated its security advisory to stress that the underlying flaw in the Windows operating system is still not fixed."

Chips
"What do you expect from Neil? As a dedicated M$ shill with an army of sock puppets, he dosen't care about the truth, only to create FUD about other products"
Now Chips you seem to have the fact that when Joe did an article on the "Skype Outage" who was it that lied about his experience ? IT WAS YOU !!!
As well as that the definition of a shill is a person that gets paid ... I do not get paid !
Do you ??? Because you are a Linux shill !!

Also this from chips "And then theres Internet Exploder, which should never be allowed to run on a Windows computer. Its the number one virus magnet with Outlook Express a close second, of any type of program on a windows machine. Just switching over to Opera or Firefox improves your windows odds of not problems."
It seems that Chips has not heard of all the security problems that firefox had in the past (and like any other software, will probably have in the future. Talk about a simplicistic and narrow minded attitude

And William is totally correct it is because Windows is popular that you have more people trying to hack it, and "if" Linux becomes more popular it will suffer the same fate.

Maddog
If you choose not to believe ...fine that's up to you, but for all other people ...beware. Take precautions, it is better to be safe than sorry !!

If there is a plague infested area would you go into without a decontamination suit, 99.9% of all viruses are roaming around on the internet, do you like playing Russian Roulet with your computer ???

Neil Says:
"And William is totally correct it is because Windows is popular that you have more people trying to hack it..."

@Neil:
I notice that you didn't use the word hackers. You used the word people. That is so correct, it doesn't take a skilled hacker to write a virus for Windows, it takes regular people. You have somewhat of a clue. Here is a how-to, have fun:-)

FYI: "...the underlying flaw in the Windows operating system is still not fixed."