« Windows vulnerabilities fixed faster than those in Linux | Main | Customising the Alt-Tab display in Vista »
Follow up on 'Days of risk'
I thought this post might get a response (and no, that's not why I wrote it) so I'll give a response to Richard's remarks.
I was quite clear in my post this is not about the severity of the security problems but the speed with which they are fixed.
There is also a question of attitude. Windows users are now well into the habit of updating frequently and there are options to make Windows do this automatically. For me, one of the problems with telling people how secure Linux is, is that they will stop thinking about security and common sense is the most valuable tool in the fight to stay secure.
I've not come across any Linux professional who does not recognise the need for regular security updates, nor do I view the regular release of security updates as a flaw. In fact, one of the reasons I have stuck with Suse for so long is that it checks for updates automatically.
So this is a question of attitude. Regardless of the severity, Windows users are by and large now in the habit of looking for updates on a regular basis. I have a genuine worry that the claims of Linux security will make people think that they don't need to look for updates.
Let me give an example from my own experience of why I think this report is relevant. I reported on a vulnerability in Firefox a little while ago. It was possible to spoof the download dialogue box to make it look like the file was coming from a different server. When I called the Mozilla Foundation the attitude of the person I spoke to was very much one of it'll be fixed when it's fixed. He couldn't or wouldn't give me a timeframe and didn't seem to think that was a problem.
Regardless of the severity of the flaw, I find that thats a worrying attitude. Windows may have significant failings but it is hard to deny the efforts Microsoft has made, sort of writing the whole operating system from scratch. No bad thing in my opinion
Perhaps I shouldn't call myself a fan of Linux, rather a friend. A good friend who will point out mistakes in an honest fashion. That's what I do with Linux. Partly that's my job. A journalist's role is to do the digging to warn other people. The other reason is because I genuinely want to see Linux succeed but there are plenty of things that need to be sorted out. An incredible amount of work has been done and it rightly deserves praise.
So call me a lacky of Steve Ballmer if you want, I'll keep on using Linux, and Windows, and Mac, and Palm OS, and whatever else does the job that I need to do and I'll be honest about the failings in all of them.
Finally, a personal request to Richard. Would you send me some links to the experts who have reputed this report please?
TrackBacks
Listed below are links to blogs that reference this entry: Follow up on 'Days of risk'.
TrackBack URL for this entry: http://blogs-1.gos.vnu.net/mt-tb.cgi/80842
Post a comment