It wouldn’t be the first time corporations lie. You still have to trust Microsoft, regardless of what they say.
3 Likes
Then just recently OpenSSH Vulnerability: CVE-2024-6387 FAQs and Resources | Qualys
In Qualys TRU’s analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).
Why isn’t everyone looking at the source code!
3 Likes
Might that be simply because Windows and macOS are proprietary, so security analysis that can be done on Ubuntu cannot be done on Windows or macOS? FOSS allows the study of exploits via source code analysis.
I never said Windows doesn’t have security features, that Linux is secure, or that FOSS implies secure. What good are Windows’ security features if Microsoft can remove/disable them or insert backdoors at their own whim, and the operating system in general is spyware? That seems to be lost on people who have been sucked up into the Microsoft corporate vortex. I don’t believe my Linux operating system is really secure, but I would never ever ever trust Windows with my data or activities.
But yes, the article is obviously biased as evident in its exclusive criticism of Windows. Unless the Linux user is willing to go to extreme lengths to harden their operating system and vet the software that is installed, which is unreasonable to expect users to have to do, Linux is nowhere near as secure as it should be.
1 Like
Yes. For reference, for those starting this journey and looking for some reading on this topic, one can find some information on these sources: Privesec and Madaidan.
Nevertheless, adopt a certain level of criticism when reading because of two reasons: it was created some time ago, and certain deficiencies could have already been fixed or improvements made since Linux is evolving quickly nowadays; second, certain things are exaggerated.
In the Fedora community there are plans or discussions trying to captivate improvements in the security front.
I feel that Linux, in general, is kind of like democracy or capitalism - it has problems, but it’s probably the best system that mankind has available today if you’re looking for a decent balance of security and privacy. Of course, each case is different, and at least for my threat scenario, Linux offers this aforementioned balance.
Try not drinking the FSF/Stallman koolaid and be realistic 
2 Likes
I have to say I was never into Stallman, so you’re way off there. Next time, say something constructive. Rather than accusing me of being indoctrinated by someone, why don’t you explain what is off about my argument?
I apologise for assuming that someone making the exact same flawed argument as a particular ideologue was, in fact, following said ideologue. My bad.
And it is a flawed argument because you’re just asserting that a piece of software that is proprietary[1] has or could have backdoors with zero evidence. One could more defensibly argue that any sufficiently large piece of software could sneak in a backdoor at the whim of the main developers, but alas, you did not make such an argument.
which, to be clear, is not an instant “must be malicious!!”, because you can reverse engineer any software to try and figure out what it does. Conversely, you can sneak in a backdoor into open source software – there’s at least 1 known example. ↩︎
I was inclined to go with benefit of doubt at first, but your wording strongly suggests sarcasm and insincerity. Seems like you rather make ad hominem attacks than counter people’s arguments.
FWIW, I believe FOSS / free software / open source software is a good thing, but I’m not convinced of the “GNU/Linux” label of Linux operating systems, opposed to Copyleft which FSF promotes via it’s flagship GPL, and I don’t like Stallman’s mannerisms and aggressive ideological stance. I got into FOSS because: I’ve been concerned about digital security and believe proprietary software is the wrong choice; I don’t want my computing to be restricted or controlled by corporations; and I had no choice but to switch to a Linux-based distro after the proprietary OS that I had installed got corrupted.
I think the “could have” part is true, it looks like you also agree, and I don’t think such a basic claim that anyone can arrive at by deduction requires me to present evidence.
I’ll repeat what I previously said about FOSS vs non-FOSS and security.
You still haven’t made a case as to why my argument is flawed, you’re just using “flawed” in an attempt to equate me with Stallman. Given your ad hominem attacks and sarcastic/insincere comments, I won’t waste any more time with you… unless you contribute with something new and constructive.
You quoted the part where I explain why it’s flawed to argue what you’re arguing, but because I’m nice I will spell it out again: you cannot defensibly argue that the security features of windows are useless (“what good are [they] if… backdoors”) purely because windows is closed source/proprietary as that fact only makes it easier to hide malicious code in software you let people have access to, it does not make it impossible to find any malicious code you may put into said piece of proprietary software. I further made the point that open source is not a guarantee of no backdoors despite being readable, as there is at least 1 known case of it being done (outside of university researchers also doing that).
As for your “buh buh it’s deduction!!”. No. Put up or shut up, you can’t just be like “it could have backdoors!!!” due to faulty reasoning, I’m not really a subscriber of the “if you can conceive of something, it must necessarily exist” – just because something is a logical possibility, doesn’t mean that it is the world we’re in.
also.
is such weasel words when you said
which I hope you can appreciate is not, realistically, that different given the response I provided. You not liking the answer that addresses your fallacious rhetorical question does not make it not an answer. I provided reasons (really, the technologies and features) myself and people far smarter than me who I have the privilege of working with think make windows secure. Don’t try to outpedant me after I’ve clocked out for the day, I am bored and I do not have anything better to do.
Hmm…
I didn’t know everyone has to work on your schedule, and it sounds like you need to get a life.
Can anyone else see anything constructive in this person’s comments that I might have missed, or should we just call this thread done?
okay so no, no evidence just speculation.
I can’t see anything constructive either. Could the mods @dngray close the thread ? I think there has been enough post hidden here for the thread.
Me not providing evidence doesn’t mean speculation. Do I have to provide evidence if I say that objects fall to the Earth?
Hang on, do you have some kind of affiliation to or financial interest in Microsoft? If so, you should have disclosed it.
I agree, this thread is going nowhere. @dngray please close the thread.
This may be shocking, but I do not work for MS and would rather be unemployed than work for them. I just happen to live in the real world where we use evidence for our decision making, rather than “nah bro it’s obvious that windows is backdoored and insecure, trust me bro”. This thread stopped being productive as soon as people started ignoring the fact of the matter, which is that Windows, when configured in a particular way, can be quite secure albeit not super private by most people’s measure.
1 Like
No, it stopped being productive when you started attacking people and not their arguments.
Hey, perhaps, maybe you both can stop replying. I promise that we won’t consider one of you a winner if we don’t see a response.
I don’t think anyone here is enjoying this. This is not a show or contest, we are not judging your comments to find a winner and give you reactions.
No one wants to take sides, specially in a civilized place like the PG forum. Let’s just stop and move on.
Nobody is actually talking about Windows security 