Hacker News new | ask | show | jobs
by smt88 4231 days ago
While I agree in general, security holes can be (and often are) introduced at the interpreter level. PHP even has a project that attempts to patch these with an independent module[1].

A good security practice is to stand on the shoulders of giants. Just as Windows is highly secure because it's widely used and incessantly attacked, so are the major web software stacks.

1. http://www.suhosin.org/stories/index.html
1 comments
mod 4231 days ago
>> Just as Windows is highly secure

That's a bold statement.

I don't presume to know more than you, but I don't hear that sentiment echoed very often.

link
smt88 4230 days ago
This depends on your definition of secure. The way I use it, "security" is the lowest level of vulnerability to the highest level of attack.

Some OS's (notably OS X a few years ago) are thought to be secure because their installed base is low, so they're low-value targets for attackers. Apple, in general, has a terrible track record with security, and OS X's lack of malware was just security by obscurity -- the vulnerabilities hadn't been discovered because no one was looking for them.

Windows, on the other hand, has been incredibly high-value target for decades. It has a huge installed base, and it's used by many governments, militaries, banks, and corporations.

For that reason, Microsoft has been forced to become a leading security organization. You can't keep selling massive contracts to governments and large corporations if you're vulnerable to malware.

There are obviously ways to misuse any tool, including an operating system. Many operating systems are insecure if you configure them incorrectly. My statement was just about the incredible volume of attacks that Windows is resistant to, simply because it's been attacked so heavily for so long.

link
sarciszewski 4229 days ago
When something becomes more resilient the more it is damaged, it can be said to be antifragile.

However, a closed source product that is engineered centrally still has elements of fragility contained within it that you will not find in decentralized approaches. In the very long-run, antifragility wins over robust yet fragile systems.

That is one reason why I will consider GNU/Linux and BSD to be more secure than Windows. In the long run.

link
sarciszewski 4230 days ago
GCHQ recently came out with a statement that Ubuntu is the most secure-by-default consumer grade OS out there.

http://insights.ubuntu.com/wp-content/uploads/UK-Gov-Report-...

link