Microsoft has always been looking forward to safety researchers affirming that the Windows operating system has a low cost, and now I have finally raised this point of view, but this point of view is not a good news for security issues.
On Friday, the Immunity Vulnerability Evaluation Managed Directors David Aitel published a white paper in the United States, which indicates that if the target computer is executed, Windows is indeed relatively relatively easier "Has" - means more easily to invade hackers. Aitel said, although this is a bit ironic meaning, the white paper reveals a serious problem, that is, Windows's security is worth thinking about compared with the current popular Linux operating system.
He emphasized that "although this is a bit word game, it is true."
The white paper named "Microsoft Windows: A Lower Total Cost Of 0wnership" is ridiculed with other reports sponsored by Microsoft. For example, the previous IDC said that Windows is four or five enterprise applications. The deployment is cheaper; the report released by Forrester pointed out that Linux's vulnerability threats are much higher than Windows, but the company's research information is generally questioned.
Aitel's white paper is the first to express this by an expert with actual experience in invasion Linux and Windows systems. His conclusion is that computer security installed for Windows operating systems is easier to crack more than the computer installed Linux operating system. Although Microsoft has already spent more than two years to create trustworthy computing to ensure the security of Windows operating systems. . Microsoft refused to comment on the white paper.
However, because there is little data-class evidence support in the white paper, it is not big for Microsoft's challenge. On the contrary, it is just another voice of the two major operating systems.
From the data in the experiment, this Immunity's researcher found that the Fedora Core 2 Linux version founded by Red Hat can find a vulnerability in average 6 days, and if you want to find a vulnerability that Windows has not been discovered is only half a time. Investigators pointed out that the factors affecting this time are multifaceted, including better tools to find Windows system vulnerabilities, better defense systems in the Linux system, and the known point to initiate a Windows attack many.
Microsoft has announced the large-scale security update version of Windows XP. This is to respond to the lesson of MSBlast attack a year ago, but Aitel believes that unless the security function of the PC processor can be more popular, otherwise Microsoft is still difficult to make up for a large number of existence Vulnerability. This processor function is the so-called nonexecutable flag, or Write-Xor-Execute, which allows the processor to disable the attacker from executing source code. However, only AMD is introduced into this technology in the mainstream processor of the company, and is called strengthening viral protection (EVP).
In addition to discussing Windows security issues, he also pointed out that although the two operating system platforms require customers to install repair, the Linux patch can update many applications, not like a Windows patch, only at the core operating system Part of the correction.
Source: http://www.zdnet.com.cn/