Thread: Shellshock: Bash software bug leaves up to 500 million computers at risk of hacking
View Single Post
Old 09-28-2014, 11:50 PM   #19
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,421
Karma: 85400180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
Quote:
Originally Posted by ShellShock View Post
Quote:
Originally Posted by Sregener View Post
Compare this to Windows/OS X which believe obscurity equals protection; they are counting on the fact that because you can't see the code, it will be harder to find the flaws that are there.
Who do you mean by "they"? Microsoft and Apple? Where is your evidence for this statement? With Windows 7 I get regular security patches automatically downloaded. My experience is that Microsoft is extremely security aware, and do their utmost to quickly fix any security holes that are found. This is in their own commercial interest--they have to protect their reputation at all costs.
I don't think anyone is arguing that MS doesn't try to fix security holes -- just that their patches tend to happen on a slower schedule than when the people affected can join the patching process and supply a patch first.

Quote:
Originally Posted by ShellShock View Post
Quote:
Originally Posted by Sregener View Post
Compare the response time of the Linux patch to a typical Windows response of "we'll have a patch ready in a week or two to fix this issue."
Again, do you have any evidence for this statement? Who are you quoting? My personal experience with Microsoft and Windows 7 is that I get a lot of security patches for things that I didn't even know were vulnerable, which seems to match what happens in the Linux world.

I don't see why you feel you have to bash Microsoft with a lot of unsubstantiated claims, in a thread about a Linux security flaw.
And because you get patches without knowing you needed them, that magically equates to an evaluation of how long MS was working on providing a patch vs linux distros???

By your own admission, you have no idea whether MS was timely or not. In fact, by nature you cannot know, it is a trade secret.
linux patches on the other hand, are all in the public eye (to those who care) and we can track their history and compare them to the in-the-public-eye reports of the problem they are fixing -- we know exactly how long it takes to fix the problem. And if someone needs it fixed and feels it is taking too long, they can write the fix themselves and be safe (and email the fix upstream for the glory).

Which is the only point Sregener was trying to make.
eschwartz is offline   Reply With Quote