First, I never said anything was perfect upon release. Software is created by humans, and as such it has flaws...even OpenBSD has "bugfixes", but only twice in ten years has a bug resulted in a remote exploit. Why? Because OpenBSD is written for *code accuracy* (not security...security just happens to be a side-effect of accurate code).iMav said:may be u could tell me an OS which was released a decade ago and has no update release and is still running strong u wont be able to come up with 1 even in the last 3 years ... the thing is an update has to be made nothing in this world was made perfect the first time not even human ... so ur point of vulnerability after vulnerability shows who is the idiot
Second, Microsoft has released how many revisions of their OS in the past 10 years? How many required Service Packs that re-wrote 1/2 the OS? Sounds to me like someone could use a lesson in *code accuracy*.
How many chances for remote exploit has Microsoft seen in 10 years? Now that we've established that, how many has OpenBSD seen? Oh, that's right...two.
10 years? That's old history, right?
Let's say six months, then...how many for Microsoft in six months? How many for OpenBSD? One.
Vulnerability after vulnerability? Indeed.
Edit - Vista wasn't released a decade ago...A decade ago Microsoft was still pushing the 9x series and we all know how THAT went for security purposes! In 1997, Windows 95 was at the helm of the Microsoft list...and security was so good in Win95 that I could hit escape at the login prompt, append a few characters to another user's password file, and then try to login as that user. Win95 was so kind that when it realized the password file was corrupted, it would ASK ME FOR A NEW PASSWORD for a user I shouldn't have had write access to! A decade ago, OpenBSD was beginning the massive code audit that is still going to this day. I guarantee you that even though bugs existed at that stage in the code, the system was intelligent enough to resist a simple attack such as the one I just described...
Have you read an OpenBSD vulnerability report? What about a Microsoft vulnerability report?
< taken from http://www.kb.cert.org/vuls/id/986425 > March, 2007
OpenBSD: Systems connected to public IPv6 networks are particularly at risk from this vulnerability. However, since link-local addresses are part of the IPv6 specification and configured by default on Ethernet interfaces, even systems that have not been explicitly configured to use public IPv6 networks are vulnerable to attack from other systems on the same physical network or multicast network.
That's right...to exploit this bug, someone needs to be on my network already (and using the next generation ipv6, which isn't in widespread use except for Japan and academic institutions). The patch to fix it was available after a few days, and in the mean time a single line modification to one config file was all that it took to nullify this exploit.
< taken from: http://www.kb.cert.org/vuls/id/511577 > Feb. 2007
Microsoft: Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability. Note that according to Microsoft the Malware Protection Engine is a coponent of the following:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateway 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint
What about a fix for this bug? Oh, an update! Yay.