Where is a summary of the 2003 CERT advisories?

I clicked the June 3rd summary just for fun:




Also, a list of the current advisories (http://www.cert.org/advisories/), reveals that out of a total of 13 avisories, only 4 are for Windows, whereas 7 for *nix...

All software has, and will always have, security vulnerbilities, so IMO the number of vulnerbilities for a given system is not that interesting to look at. However, what I think is important is how quickly a vulnerability is found and fixed in a proper way, and I belive that open source software is better than closed source software in this regard.

As to the number of security breaches, this has as much to do with the competence of the SysAdm as with the system that is running.

What's the diff between FreeBSD, OpenBSD, and GNU/Linux?

FreeBSD and OpenBSD are BSD distros, which is a Unix OS. GNU/Linux = GNU/Linux, which mostly refered to as Linux. As for differencies, it all lies in the kernel. GNU/Linux uses Linux, while BSD distros use their own BSD kernels.

It is not just the kernel. Some of the lowlevel userspace programs are also OS-specific.

Linux uses the set of utilities developed by the GNU project, hence some people call the total GNU/linux. When people are referring only to the linux kernel it is always called just linux.
The BSDs have their own versions of the lowlevel userspace programs, though they do borrow some from GNU, like the compiler gcc.

However, everybody uses the X11 program for graphical interface, so from there everything looks the same no matter what OS you are using.

That was my link in a previous post. It was interesting how you just ignore that. Right here on the Current Activity page:

All 4 are Windows security breaches.

I think you're confused -- do you understand the difference between advisories and activities? I ignored it because it wasn't relevant, do you realize how informal the "activities" are? Do you realize they cover desktops and servers both? Do you realize they don't necessarily cover vulnerabilities or code problems, but social engineering problems (see the fourth entry)? I ignored them because they're irrelevant to the discussion.

*nix advisories are still roughly double that of Windows in 2003, you're grasping at straws.

The reasons the first two (W32) activities are on there is from desktop machines, not servers (and therefore out of the scope of this thread), and is entirely dependent on the ignorance of the consumer since they've been patched ages ago, and patches made easily available through auto-updates.

The third one is a legit vulnerability, but also been patched for a while.

The fourth one isn't a vulnerability or a virus at all, it just takes advantage of weak passwords by inept admin.

And again, those are simply informal "activities" -- what we were discussing before was "advisories", which you said have changed this year, and they have not.

BTW, if you actually check out the latest 4 advisories from the latest CERT summary, you'll notice all 4 are for *nix, not Windows.

UNIX

Windows

Linux

By the way, Red Hat, the only company that makes any real money or supports any real applications, is very rapidly becoming the equivalent of the Sun/HP/IBM UNIX distributions that dominated 5 years ago.

You are starting to sound like a broken record

That's on the page called "Current Activity."

As I said, it's all Windows.

Why would an OS company want to support applications?

Did you intentionally ignore my post or is your browser not capable of rendering it?

Hmm... i canot say... i newer use Linux... but desinger is FACT at Swedish in Finland...
and

ottok! ottok! ottok!