I would love to see non-partisan studies which compared security failures in open-source and closed-source. The only studies I have seen were deeply partisan (one way or another).
It is my suspicion, not borne out by hard data, that Microsoft's security holes are more serious and the security model they choose for ActiveX and assorted web prototocols (in part to make it easier for naive users?) makes it easier for exploits to result in serious harm.
I'm mostly concerned about the number of successful exploits made on machines run by security-concious admins. That is a better test of whether the operating system is insecure, as far as I'd think.
I'm on security mailing lists that cover Windows and Unix; and the size of the holes in windows (anacdotally, as I remember) are greater; things like "if you don't disable activex now, you're machine's wide open." As opposed to local exploits, which seem more prevalant on Unix.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
On Security, Microsoft and Open Source
Date: Friday, 14 January 2005 02:31 am (UTC)It is my suspicion, not borne out by hard data, that Microsoft's security holes are more serious and the security model they choose for ActiveX and assorted web prototocols (in part to make it easier for naive users?) makes it easier for exploits to result in serious harm.
I'm mostly concerned about the number of successful exploits made on machines run by security-concious admins. That is a better test of whether the operating system is insecure, as far as I'd think.
I'm on security mailing lists that cover Windows and Unix; and the size of the holes in windows (anacdotally, as I remember) are greater; things like "if you don't disable activex now, you're machine's wide open." As opposed to local exploits, which seem more prevalant on Unix.
*shrug*