(2010-08-26, 01:57 PM)Uncontrol Wrote: [ -> ]Of course internet-based applications are more vulnerable. This is pretty obvious.
Uhh why? A simple command line program which makes use of scanf() and makes use of pointers can be easily exploitable if data is not validated. It really depends on how things are programmed.
I believe the explanation for what IBM has said is that more and more users are creating more web applications and lot of these users are new to programming. It's not a matter of being more vulnerable imo.
Fair enough. I likely misunderstood. Thanks for the insight Pirata
(2010-08-26, 04:54 PM)Pirata Nervo Wrote: [ -> ]Uhh why? A simple command line program which makes use of scanf() and makes use of pointers can be easily exploitable if data is not validated. It really depends on how things are programmed.
I believe the explanation for what IBM has said is that more and more users are creating more web applications and lot of these users are new to programming. It's not a matter of being more vulnerable imo.
You are exactly right. So many free to use applications are made in a server sided web-based language such as PHP or ASP.NET (C#.NET, VB.NET, etc) and can be easily studied and compiled on the fly using Notepad. People new to programming are less likely to download runtime environements and an IDE just to learn how to code in a specific language and then figure out how to compile it, so people stick with easy to use web languages and don't realise the consequences for not using correct data validation or encryption.
Now you see why I don't code, instead opting for front-end administration. I really can't be arsed to learn all that and am much better at general site maintenance anyway. If you really want security, don't use poorly-coded software like phpBB or vBulletin.
(2010-08-26, 11:21 PM)StingReay Wrote: [ -> ]Now you see why I don't code, instead opting for front-end administration. I really can't be arsed to learn all that and am much better at general site maintenance anyway. If you really want security, don't use poorly-coded software like phpBB or vBulletin.
They were secure at one point.. everything is until a vulnerability is found. MyBB is secure right now, but someone may find a vulnerability. Will you call MyBB poorly coded then? I think not. Phpbb nor vBulletin is poorly coded.
That and most people haven't taken the time to go through the MyBB code and find vulnerabilities. People say the same thing about operating systems. Everyone hangs crap on Microsoft saying Windows is so insecure and has bad security. I can almost gaurantee that MacOS and 90% of Linux Distros are just as, if not more, insecure it is just that people haven't spent as much time checking for functions without data integrity validation.
Sure Linux is vulnerable. You can gain access to any Windows PC providing the owner of it isn't so smart. That wont work for Linux users due to the incompatibility of malware.
(2010-08-26, 11:59 PM)iBf Wrote: [ -> ]Sure Linux is vulnerable. You can gain access to any Windows PC providing the owner of it isn't so smart. That wont work for Linux users due to the incompatibility of malware.
Of course Malware from Windows isn't compatible with MacOS/Linux, what I am saying is that people don't dedicate time to finding insecurities in MacOS/Linux, they spend their time in Windows. If people spent the same amount of time finding the vulnerable functions in MacOS/Linux as they have in Windows, believe me that MacOS/Linux would definitely have more malware and viruses than Windows currently has.
There is malware for Windows and Linux that can "propagate" to other partitions (e.g. containing Linux or Windows) and infect both Operating Systems.
Linux is considered "secure" because the amount of people who use it (including developers) compared to the amount of people who use Windows (including developers), is very low.
Those who use Linux and do not have AV because they think they're secure, are usually the ones who get infected.