Inadvertently Proving the Opposite by Knocking Down a Strawman

by chromatic

In How Far Behind is Linux?, WSJ writer Lee Gomes sets up a beautiful strawman about the security of GNU/Linux versus Windows and knocks it down with its own answer. (The emphasis is mine).


Richard Chapman
2007-10-18 07:53:12
When I was a kid a cardboard box represented a rocket ship. In Windows XP the labeling of the "package manager" Add/Remove Programs is basically the same thing.
Daniel Berger
2007-10-18 11:56:20
It seems to me that getting regular security updates-as often as nightly-for all of the software installed on my machines is, indeed, one sign of better security.

As I've said in the past, a machine is only as secure as its least secure third party application. I seem to recall a nasty CVS vulnerability or three in the past.

That being said, I'm a Windows guy (who also does Solaris and Linux) and even I'm not fool enough to suggest that MS Windows is more secure than Ubuntu based on the number of security patches. It's the *severity* that matters, and MS Windows track record here is atrocious. How many "this bug could allow a remote user to take control of your system" bugs does it take to sink in? Those days *mostly* seem to be behind us thankfully.

I think some clarification is in order here, though. The Windows updates will also provide updates for the bundled software, e.g. Outlook Express and WMP. Third party applications typically notify you of updates independently. This is what Adobe Acrobat does, for example.

As for the "most secure OS", my vote is squarely in the corner of Solaris 10. :)

Simon Hibbs
2007-10-18 12:07:11
Bear with me.

Apple recently announced they are working on an SDK for the iPhone. There's been a lot of speculation that iPhone apps will be sold and distributed through iTunes.

Why not do a smiliar thing for OSX desktop apps? In fact, since iTunes runs fine on Windows, why not distribute Windows apps though iTunes? Apple could, at a single stroke, provide Linux-style distribution and automatic upgrades of software and become a leading distributor of PC software, making Microsoft look like a bunch of primeval chimps.

Ok so that last bit is a tad unlikely, but it would be so much fun to see it happen.

2007-10-19 07:31:07
Your the one setting up the strawman, chrome.

Mr Gomes never said anything about 'better security.' He said 'disabuse an actual Ubuntu user of the notion that a non-Windows operating systems is security utopia', which is frequently the argument from FOSS'ers about the superiority of open source. Ya know, the argument that with more eyes watch the code, your less prone to let security slip.

2007-10-20 02:00:07
I’m not sure who told Mr. Gomes that Ubuntu, for example, has never needed a security update. (If anyone actually did, I respectfully suggest that Mr. Gomes reconsider his use of that source.

It is an easy mistake to make given that security updates are done so frequently and seamlessly with Linux, and given the security and the extreme rarity of security issues that actually impact the end user on Linux (as opposed to those issues that actually cause actual problems and require the interaction of the user). When you compare the user experience with Windows, it does seem like Linux never needs a security update.

2007-10-20 08:49:24
Actually, I thought that review was fairly flattering. Especially considering it's from the WSJ!

He installs a 6 month old OS and gets only 50 security patches for every single piece of software on the computer. That's pretty good.

2007-10-20 17:55:28
To remove the need for updates, declare the OS defect free. The ability to remotely install software without users' permission is a feature.
2007-10-22 16:28:57
Few Windows/Linux comparisons point out the apples to oranges nature of such comparison. Windows contains only a few major programs (e.g. Internet Explorer, Windows Media Player) and some minor ones (e.g. Notepad, MSPaint). The average Linux distribution contains dozens of major programs, and hundreds of minor ones: with the potential of thousands more. Ubuntu, Gentoo, etc, can track the security updates for all the installed software in their distribution. Microsoft only tracks the updates for their own.