Infected Windows PCs Now Source Of 80% Of Spam 778
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
Is this suprising? (Score:1, Insightful)
Obligatory (Score:3, Insightful)
Not suprised (Score:1, Insightful)
Windows users: Please learn Linux or buy a Mac. Thanks.
I think MS is not the only one to blame (Score:5, Insightful)
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Re:Will only get worse (Score:2, Insightful)
Re:Is this suprising? (Score:5, Insightful)
All the ISPs are going to start filtering outbound port 25. If you want to run your own mail server you'll have to route it through their mail server, or use non-standard port number to route thru a 3rd party mail server.
Symptom of the (near) mono-culture (Score:4, Insightful)
Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.
Re:Not suprised (Score:3, Insightful)
I run Windows and there is only a single (known) exploitable security vulnerability - and that's only because Microsoft won't release a patch for it and the workaround is too messy for me to want to bother with it as I'm not stupid enough to fall "cleverly crafted" URLs.
Windows can be almost, if not as secure as Linux or OSX if you just know what you're doing and keep up to date with the patches.
Re:Will only get worse (Score:3, Insightful)
Ah, never mind. It's just a way to complain about absolutely anything Microsoft does. If Microsoft discovered a cure for cancer and gave it away free, some /. reader would complain because all the pill bottles have the MS name on them, giving them a cure-for-cancer monopoly.
Re:Will only get worse (Score:1, Insightful)
The release of Windows XP SP2 will make illegal copies spread more spam?
Re:Will only get worse (Score:3, Insightful)
No, it'll just fail to get much better. There's no way a bug patch can make it worse...
Come on MS, prove me wrong! I dare you!
Re:I think MS is not the only one to blame (Score:5, Insightful)
Re:Will only get worse (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
Yes, but the other 20% aren't coming from compromised non-windows systems, they're being sent by spammers who know they're sending it. If the other 20% were coming from trojan'ed *nix boxes, then I'd say you're on to something.
Fact is, 4 out of 5 emails that end up in my spam bin are there because (a) some sleaseball wrote a trojan to deliver them, and (b) someone else wrote a trojan-friendly OS to enable it in the first place.
I understand that some ISPs are now cutting off infected folks until they can show they've patched. I think that we'll be seeing more of this, and I can't say I disagree (as long as they understand what a Unix, Linux, or MacOS box is).
Re:Will only get worse (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
By "spammers" I mean those people who knowingly and deliberatly distribute spam, and usually make money by doing so.
The hosts and the networks they were connected to became discovered and mail coming from those hosts and networks was treated suspicious by black-list-based filters.
So the spammers use more and more infected zombie PCs. Microsoft Windows is on 80% or more of the desktops. And now these Microsoft Windows-based infected zombie PCs are sending 80% of spam, according to the article
However, this does not mean (which would contradict your "this is obvious" logic) that the x% MacOS X-based, Linux-based and *BSD-based PCs are as easily infected and effectively sending x% of the spam.
Re:Not suprised (Score:5, Insightful)
This is always the solution that comes up. There are a couple reasons why Microsoft is always picked on for virus/worms.
1. They are the single most popular operating system to date. Therefore they have the most users and giving the spammer/cracker more chances to get personal info or crack their system.
2. Most Microsft users are users that do not always keep up with patches or updates to their system. Most really don't understand why they would have to do it. Not only that, because most new users start with Windows, it's easy for them to fall for most of the phishing attacks as well.
Now, will all of that said above if, hypothetically, everyone switched over to Linux or Mac OS I'm not sure it would change much. You can talk about how secure Linux and Mac are, but they STILL are only as secure as the user wants it to be. I could still see many new users run as root all the time, open unknown files and the rest of the tips that they teach you NOT to do on Windows. Just because you don't see any Linux viruses doesn't mean they don't exist. The fact is that most people who are USING those OSs are a bit smarter and care more about security than your average Windows user that these worms/viruses/spams are being sent to.
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
It's more than that. Why do you need a firewall? Because your computer is sitting there listening for a bunch of crap that it doesn't need to be listening for. Install Windows XP, and then run Microsoft's Baseline Security Analyzer [microsoft.com]. It will tell you that you are about to be fried. Why is that? Why should the user have to be constantly vigilant against threats?
I've yet to see what XP SP2 does, and hopefully it does more than just turn on a firewall. Hopefully, it starts to take things more seriously. Hopefully, Linux starts to as well. It's nice than it can be made to be secure, but it's not exactly simple to do so.
Quit blaming the users for the shortcomings of the developers. You're putting the burden in the wrong place.
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
Can we change (b) to 'informed' users? It is possible to be intelligent about non-computer matters and still be running a zombie. It's about ignorance, not (necessarily) stupidity.
I continue to skeptical of the apparently widely held opinion on this site that (knowledge about computers/programming/security/[insert specific topic here]) == intelligence.
Re:Will only get worse (Score:3, Insightful)
Now that a significant number of machines can't be patched you can expect the percentage of vulnerable machines to increase. This will inevitably increase the load borne by all the legitimate machines. As time goes on and more vulnerabilities are announced it will get worse, since almost all illegal PCs will be ripe for Zombie-hood.
I can see why Microsoft would want to prevent illegal machines from getting "functionality" upgrades, but it makes no sense at all to prevent them from getting security upgrades. Zombie PCs hurt Microsoft's legitimate paying customers.
Re:Will only get worse (Score:5, Insightful)
Well, I tend to agree in some ways an disagree in some. If the problems with Windows security holes and such would only affect the computer in question then I would be all for not allowing the updates to be loaded on a pirated machine but with the current system the legimate users of Windows (and other internet users as well) suffer from the neglicence of the users of pirated software. It doesn't only limit to spam, but also network worms which can be a nuisance with the amount of network traffic they create. I think Microsoft would do a favor to all of the internet with allowing patches to be applied to non-licenses (pirated) versions of Windows.
<bad-analogy> I would compare it to stolen cars. For example, if a car would have a really really serious design flaw that would make it blow up during rush hour taking along with two blocks, would you want the car manufacturer to fix the car even though it was stolen? </bad-analogy>
Re:Will only get worse (Score:3, Insightful)
Nope, the software pirates allow the machines to stay online. Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the software. Make the pirates cry in their beer over their stolen copy. If you're too fscking cheap to buy it legitimately then go use a free operating system! Microsoft has just as much right to profit as anyone else does.
Re:Yes and (Score:1, Insightful)
This should have been moderated "Funny".
Re:training (Score:3, Insightful)
Re:An Idea (Score:5, Insightful)
But you're talking about blocking _outbound_ STMP traffic. That has nothing to do with servers.
Outbound SMTP traffic can be generated by any mail server that only listens on internal interfaces, or directly by your favorite mail client.
What you're talking about is breaking the Internet even more than it already is now, turning it into a big client-server network where the servers are operated by the big media companies.
It is also, coincidentally, the lazy sysadmin approach.
Don't do it, don't go blocking big swipes of IP just because some of them do something wrong.
Be smarter, find a way to only block those that do something wrong!
- Erwin
NO... (Score:5, Insightful)
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
Re:Will only get worse (Score:2, Insightful)
Why? Did it get worse when SP1 came out? That didn't install on pirated keys either.
It's only the service packs that won't install. Users can still install individual updates, these are still presented by WindowsUpdate and they are still downloaded by the automatic update service. In fact the automatic update service will never download a service pack, just individual security patches.
Re:Will only get worse (Score:1, Insightful)
Step One: Follow the money. (Score:5, Insightful)
Step Three: Follow the money.
Step Four: Take a wild guess.
I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.
Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.
It's just not that hard.
--Dan
Re:Is this suprising? (Score:5, Insightful)
And the next generation of zombie programs will do a simple DNS lookup for the mailserver of the current domain and start sending spam through the ISP's mailserver.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
User Education (Score:2, Insightful)
The issue is user education. At least 90% of these exploits are published by Microsoft as resolutions and THEN the scum-sucking-basterds (Yes I do mean you) start using them. I am as educated as any of the linux users out there (I run red hat on a box at home), but I run majorly windows. I have never had a virus or had one of my pcs hijacked in the 24 years I have been doing computers, except for a mac on os 7.1.
The virus writers go for the economy of scale. Mac OS X would be targeted by virus writers more if it was more widely distrubuted. Many of the people I know that use it, have OS X because it is easy and they didn't have to do anything to set it up. Can we say ripe for viruses? Let us start seeing some real statistical indicators. Like Original Virii counts to OS instances ratio.
I refer to this study in spam complaints (Score:5, Insightful)
I keep a text file with this message for easy pasting into the spam complaint.
Once again, I'll have to disagree with this. (Score:5, Insightful)
Security is not the same as marketshare.
The vast majority of zombies were infected via Outlook's ability to run executables from email.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
Windows was designed with "user-friendly" being far more important than security. So important that security would be compromised in order for a feature to be "user-friendly". That is why there are so many problems on Windows machines.
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
It won't make it worse (Score:5, Insightful)
That won't make it worse - the situation for those user's who can't or won't install SP2 will stay exactly the same as before. Those who do install it will improve. So, it will make life not worse, but better.
It would be interesting if a critical vulnerability were dicscovered that pretty much stops the system from functioning (like Blaster). If only those with licensed installations can get the fix, the rest might realize that you don't get a good OS for free by pirating Windows. Something, though, tells me that Microsoft will make critical fixes available to anyone, though.
Comment removed (Score:3, Insightful)
Re:Will only get worse (Score:5, Insightful)
Latest word from Redmond is that SP2 will follow a similar rule, except that installations using one of 20 corporate keys will be blocked.
If you used a keygen, SP2 will probably install with no problem. Microsoft have spouted a lot of FUD over their anti-piracy initiatives. For instance, Windows Update shouldn't work unless you are using a legitimately issued key on the MS database, but it obviously does.
To get back vaguely on topic, what SP2 will do to prevent spam is to (a) install a better firewall and turn it on by default and (b) turn on automatic updating. This should protect the most clueless users, but I suspect most of them were using legit copies anyway.
Anyway, to get vaguely back on topic, it's the second Tuesday of the month, so let's see what the MS patch fairy brings us today. Probably another exploit for those nasty spam trojan people.
Re:Not suprised (Score:2, Insightful)
If you want to run Windows without any knowledge, fine, but its like a black box. You can run your email, browse the web, write your letters. You want to install something, etc, you hire an experienced admin, like you would get an electrician to fix your wiring or a mechanic to fix your car. You want to admin it yourself, also fine but you're actually going to have to learn something about computing and the underlying OS.
You shouldn't have it both ways, because like I said, a netowrked computer just isn't a toy anymore. Its a device capibable of causing harm to others if used wrongly - a view reflected by changes in law and enforcement attitudes. We don't let people drive cars on public routes without testing they have some knowledge of the rules, codes and dangers of the road - if you can't do that you get the bus.
So what's the point? The point is Windows wants to give everyone the best of both worlds (or should I say _has_ to). An interface your Gran can use _and_ the privelages of a super-user. I'm not really sure that Linux, etc, should be trying to follow that lead.
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
And guess what --- that's exactly what must happen. It'll serve to teach that ISP that they have to spam-scan outbound mail, too, to avoid being blacklisted by everybody else. Actually, that's the whole point of forcing all their customers' mail through the ISP's outbound mail server in the first place: to be able to scan for spam and worms before they unload them onto the general public.
Re:Not really (Score:3, Insightful)
Re:Not suprised (Score:4, Insightful)
Mac OS X is a different case, but they have secure email and browser applications. (For the most part. The issues have pretty much been fixed by now.)
Re:Will only get worse (Score:4, Insightful)
Not if they received the pirated copy on the computer they bought from Fast Eddy's Discount Computer Emporium.
Re: Add a weight for email from cable ip blocks (Score:2, Insightful)
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
No. This is not true, and a counter-example is enough to invalidate this very common theory. Actually, I have 2 here, but other
1. Web servers : Apache has twice the market share of microsoft IIS. but is far less taken as target.
2. Databases : microsoft SQL server has only around 16% of market share, less than Oracle, db2 and probably MySQL, but it is the most common target.
Targets are first chosen regarding the facility to compromise them. Popularity will come as a second point to consider. Of course this is true when the potentitial of targets is high enough, which is the case in my examples.
Yann
Re:Is this suprising? (Score:5, Insightful)
Its time the Internet stopped being a slave to the dumb users and put control back in the hands of people who know what they are doing.
That is a study? (Score:4, Insightful)
Pretty flimsy but probably true.
Re:Unprecedented rates of infection (Score:5, Insightful)
Yes, the majority of inexpert computer owners I'v run into for the last few months have been wondering why their machines are running slow, showing lots of pop-ups and dialing premium rate or international numbers on their own. Small companys as well as home users.
I'v given up trying to educate people. They won't switch from IE and outlook. I don't want to get into a discussion about who used the
family computer to look at a porn site. They lack the basic understanding of what the computer is doing required to make a decision when personal firewall software asks if a connection should be allowed.
Re:Will only get worse (Score:5, Insightful)
Which is to say, none.
Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the software.
That seems like a very unwieldy solution to me. Wouldn't it be simpler for Microsoft to fixtheir system, rather than have every other software vendor on the planet work around the problems with Microsoft software?
Re:That does it! (Score:1, Insightful)
Re:An Idea (Score:3, Insightful)
Re:Is this suprising? (Score:4, Insightful)
But the first thing that needs to be done is to prevent machines from connecting directly out to another ISP's SMTP server. Hopefully this is done by one of the proposed IETF standards and not by simply blocking port 25, but we'll see.
In Linux if you click on a "rm -rf" virus ... (Score:3, Insightful)
In windows, click-to-infect is the norm.
Re:That does it! (Score:5, Insightful)
You can register a new domain, and it will start getting spam within a week to common names such as "bob@, sally@, john@, etc.". Not all spam is because someone actually has a verified address, but because it is a common name used. We get tons of spam hit our mail server that is addressed to people that have never had an account on our domain, but is instead a common name.
Also, I just started getting spam on one biz account because I had been helping a customer, and it appears they got infected, and since I was in their address book, I got hit with them.
Yes, plenty of people are stupid enough to sign up for every newsletter on the web, but blaming someone with a common email name (or inferring that they are stupid, as you did in your post) who DIDN'T sign up for anything, isn't solving anything or adding to the conversation.
Re:Will only get worse (Score:3, Insightful)
This is a difficult choice for Microsoft. They lose either way, and can only think about minimizing the losses.
Re:That does it! (Score:4, Insightful)
Then really why do I have an email addy in the first place?
Yeah and my friends of the female persuasion can't help but put my email addy on all of those greeting card sites. I had one put my email addy to my cell phone on one of those sites once and I went nuts. 5 cents/email if I go over my limit....I was gonna have to turn my service off.
Re:Unprecedented rates of infection (Score:1, Insightful)
Go to the mozilla.org site and post a defect. I'm sure the folks there want to fix that one!
It can't be secured? (Score:3, Insightful)
Spybot result: 0 Spyware found.
The last time either of these found anything: Over 5 months ago. Give you a hint, I only switched to Moz 4 months ago.
The last time I ran an update on both: This morning.
Sounds like FUD spreading to me from both sides. Does it take effort to stop? You bet! Of course, I haven't had to put any effort into it for a long time now, but it is really simple to do as long as you use that squishy stuff between your ears.
Misleading non-normalized percentage (Score:2, Insightful)
If (for example) 80% of PCs run Windows and 80% of spam comes from PCs that run Windows, that's hardly saying anything about Windows, is it.
Tired of microsoft (Score:3, Insightful)
Yes, spam affects me personally. Money I send my ISP is going into fighting spam that should not exist instead of providing me a real service. My ISP, Cox, blocks outbound port 25, and I have to put up with their crummy SMTP server performance after two years of problem free Exim use.
There are plenty of other evil and nasty things Microsoft does, but the cost of this failure is obvious and deserve mention when the problem is stated.
Re:That does it! (Score:5, Insightful)
But this ignores the real issue. Spam is so bad and getting worse at such a fast pace, that servers are dying under the load. ISP's and businesses are installing really bad filters that do more damage than good, blocking lots of legit mail. A couple years from now and you can kiss email goodbye as it won't be functional. The current laws on the books are pathetically weak, the proposals to help (SPF, domainkeys, etc.) are insufficiant (no critical mass, basic design flaws, etc.) and quite clearly filtering can only catch so much before the false positives kick in. About the only thing that really works is challenge / response systems (and I HATE those.)
In addition, protocol enhancements (hashcash) or replacements are 5 - 10 years off due to deployment / critical mass issues.
Nope, I'll stick with my 2 year forcast of the death of email as a viable communications tool.
Re:Once again, I'll have to disagree with this. (Score:4, Insightful)
Umm same email client? Outlook doesn't let you run executables period. It doesn't even let you recieve executables(.scr .bat .vbs .exe), this has been a secuiryt feature since outlookXP(2002). New viruses zip their content and user must open the zip file and fun the executable. This is not a flaw in outlook, outlook express, eudora on any other mail program. Its a flaw of the user.
Outlook XP Default Security [winnetmag.com]
My doom email virus [symantec.com]
Re:Not suprised (Score:3, Insightful)
Oh? And which e-mail program on Linux or Mac executes embedded code without user intervention? Maybe if outlook and the crossover plugin combo take off, you'll see a problem. Also, opening unknown files under linux won't cause these files to execute (and infect your computer).
Running as root isn't a security issue, it's a sanity issue. You are no more or less exposed security wise by running as root than you are by running as a user.
I can only think of two or possibly three linux worms. Windows on the other hand provides a worm writing API.
Windows gets picked because it is insecure. It is insecure because it was designed to produce income, not security. Linux is more secure. It is more secure because the code is open and because it is not constrained by market pressures to support legacy (buggy) APIs (it is free).
Seriously. If script kiddies and spammers could root linux boxes (if the two operating systems were comparatively easy to root), they'd be doing it as often as possible.
Yet another completely biased Slashdot article (Score:3, Insightful)
Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?
I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
Re:Yet another completely biased Slashdot article (Score:2, Insightful)
I wish they had listened and taken security seriously years earlier. Those of use "in the know" have complained about poor coding in MS products for decades.
We were right. Gates admitted they had a real problem with security and promised to fix it. It's not like I'm some kind of anti-MS nut. They honestly didn't consider security very important.
That's what I want them to do. It's going to take years before it make a significant difference.
Uh, mods? Outlook completely BLOCKS .exe files (Score:2, Insightful)
The problem has absolutely jack-shit to do with Outlook. It's people not patching or just running random executables they specifically allow into their Inbox.
I know we all spurge on our screens at the chance to bash Microsoft in any way possible, but let's be rational here.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
No, Mr. Security Expert, it would not. The same e-mail client isn't necessary, all that's necessary is getting enough people to run executables or whatever that exploit something. I'm sorry, but Linux distros aren't without their weekly exploits and buffer overruns [linuxsecurity.com] either. MPlayer has had executable overflows before. A freaking media player! But you never see that reported on Slashdot, because OSDN has an agenda, and this place is completely biased (and as a result pumps out closed-minded Linux zealots by the pound).
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
Because of backwards-compatible libraries? Think a little.
Comment removed (Score:2, Insightful)
You don't have to open anythign to get a virus (Score:5, Insightful)
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
Re:That does it! (Score:3, Insightful)
Anyway the discussion drifted towards whether ISPs should be more proactive in blocking customers who are open relays (usually through viruses). Unfortunately this leads certain ISPs to decide to run a blanket block on port 25, which is a real pain in the ass for those of us who *want* to run our own mailservers, and I'm sure many of us here do.
So, why don't ISPs take a more proactive role in "helping" their customers to realise they've been hacked - I'd suggest a captive portal for hacked machines, kinda like some organizations have for Wi-Fi. i.e. you type any web address and the browser will always show the captive portal page. If ISPs were to use this for hacked/virally infected customers there could be a nice little button at the bottom to say "I've fixed it". Then their net access would be automatically re-opened.
Of course, there are few issues to work out, such as you'd probably need to allow access to a couple of online virus scanners and virus fix tools rather than block net access entirely, but it could work. The idea isn't so much about the blocking, but more a case of informing the unsuspecting victim that they are infected and they need to do something about it pronto.
Re:Yet another completely biased Slashdot article (Score:1, Insightful)
Guess what? On that page you linked to you find vulnerabilities to mainly third party applications. So how the hell does that compare to the serious vulnerabilities that come with Windows?
Oh, that's right, they don't. You don't find tons of remotely exploitable bugs even in those third party Linux apps, the way you do with Windows.
I think that you're too much of a drooling MS fanboy to realize this simple truth. So go on, keep pointing out things that aren't comparable. You've already exposed your complete lack of ability to think critically when it comes to anything regarding MS (cf. anything to do with Longhorn--"It slices! It dices! It rices! It gooshes! It the best thing for computing EVER!").
Take them now (Score:4, Insightful)
Oh dear, not again... (Score:3, Insightful)
The MS bashing in this thread is ridiculous. Even if you run Windows, you could be running Thunderbird, Eudora, Pegasus, Phoenix, M2, the list goes on, instead of Outlook/Outlook Express. It's not the OS's fault or the mail clients fault, it's the users fault and most dumb people use Windows or Macs because everything else is too difficult. Keeping Windows secure is comparatively easy compared to other Operating Systems, just let Auto-Update take care of it and you don't even notice the patches happen if you don't want to notice them.
I'm quite sure that Windows 2000/XP has become one of the easiest to patch operating systems. It is also fast on route to becoming one of the most secure operating systems for the desktop, and this is controversial, but with the number of holes that have been discovered, made massively public and fixed quickly make it likely to be more secure than other Operating Systems. If every Windows machine suddenly booted up with a different OS one morning, I'm sure that OS would have to go through the same level of patches as Windows has had to go through. Whether those patches would be released quicker or slower than with Windows is impossible to say, but I can say pretty safely that they would not be installed as soon after release on those other OSes as they would be on Windows.
Microsoft has managed to build security and a smooth simple patching system out of the fact that it is the dominant OS for desktops and gets targeted a lot by crackers. I doubt other operating systems would stand up to the same onslaught and keep up with patches (both on the developer side and the user side), especially since they tend not to even have automatic updates.
One last point: It's very easy to say that "open source is more secure", actually it's not necessarilly true. Open source projects (like the kind I work on) tend to have bugs that people searching for exploits can find, but the original programmers do not even look at. Sections of code such as a method that has always worked fine could be an exploitable flaw, but that method would never be studied by the developers until it has been exploited and had attention drawn to it, just like in closed-source. Companies that sell closed source software often also have QA teams who's JOB involves looking at those lesser used functions for security flaws, these guys get paid and their whole employment revolves around checking for holes, but even they miss them. I don't see what the argument is for Open Source software being any less full of holes than closed source software, when open source software groups usually don't even employ those kind of people. Sure with OSS, the bugs are fixed quickly by the whole community, but does that mean the users apply the patches any quicker, or that there are less bugs in the first place? I don't think so.
Different OSes developed with different aims (Score:5, Insightful)
This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over [suv.org] three times more frequently than other automobiles. Volvos, on the other hand, are built with safety [automotive...nology.com] as a primary goal.
By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS [openbsd.org]. Nowhere on the Windows 2000 product page do we see anything at all [microsoft.com] relating to security.
You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).
Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.
It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.
Re:Yet another completely biased Slashdot article (Score:4, Insightful)
Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
MS has spent a great deal of time and money making sure everyone believes that they don't have to be informed to use Windows. Apparently they were wrong.
I racall around the time MS decided to implement macros in various documents including email, MANY people stated in no uncertain terms that making email and Word documents executable was one of the dumber ideas they had ever heard.
MS could have asked itself why so much of the industry thought they'd lost their minds, but instead, they decided they were infallible and we were all too stupid to understand their brilliance.
Had they reconsidered way back then, the world could have been saved many billions of dollars in lost productivity. And they wouldn't have had to hold a gun to anyone's head to do it.
Instead they plowed ahead with their half-baked idea, and it has had exactly the result predicted by nearly everyone but MS.
I'm not saying the doubters are always right, but when they can name specific objections (documents often come from untrusted people) it is a good idea to consider carefully.