So, in summary. The NSA hordes zero day (not sure if just windows), builds some scary tools to exploit these, and of course doesn't let MS know about them, because zero days are incredibly valuable to the spooks. And because perfect security is impossible these tools get out. Perhaps this was obvious from the WannaCry episode, but this article really hammered it home for me.
Why people run any systems on windows is beyond me (not that others are more secure, but windows is a bigger target)
>Why people run any systems on windows is beyond me
Windows gets hacked because it is the most used desktop OS. If everybody started using Linux, it would get hacked as often as Windows. Quoting your comment again:
The solution is not that everyone on Windows switch to Linux, just that some of them do. You said it right there: Linux is more secure, right now, not because it has fewer holes in it but because the incentive to find those holes is much less than with Windows. Seems like a good enough reason to switch for me, just don't expect it to last forever.
Which is why everyone should still be running a firewall on their machines and stop relying completely on the router. It seems way to many people (and companies) rely on a single point of defense. This is especially true of any machines that may be connecting to public networks and home networks where you might let you're friends use wifi.
Honestly, when it comes to cyberattacks, I think the truly worst area right now is "Internet of Things" devices and similar Internet connected devices like point of sales. At least Windows (and other computer OSes) have slowly become more secure over the last 20+ years. As far as I know, all the major OS players are very good at patching discovered exploits quickly. Malware spread by social engineering (eg tricking someone to execute malicious code) is the most common way things are spread these days.
Many IoT companies, in contrast, have root-level exploits that are laughably trivial to hack, and some don't seem to care that much at all when exploits are discovered (https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocume...). Windows is imperfect I'm sure, but I'd rather connect a Windows machine to the public network than any so-called "smart" appliance at this point.
Like it or not, pretty much all enterprises run on Windows software. Not just desktop, either. Active directory and Exchange are pretty much the standard for all enterprises.
And non-techies in these places couldn't live without Office. I once got an email with an attached Word document that contained an embedded Excel spreadsheet with exactly two cells -- an IP address and a hostname -- for a DNS entry I needed to update.
I have watched very closely for 20 years now for any chatter or evidence of a FreeBSD/OpenBSD zero-day vuln that was weaponized or sold or used for state-sponsored covert action and I am not aware of any.
None of the leaked information from Snowden, et. al, gave any evidence of their existence either.
Technically speaking they should exist but I'm not seeing them ...
That's a samba vuln, not a FreeBSD vuln in particular ...
Further, if you were worried about attackers or hardening a system, etc., you wouldn't be running samba (or anything like it).
I'm talking about a remote-root vuln in the FreeBSD kernel or in any of the default system daemons that were bundled with an OS release (like openssh, crond, syslogd, etc.)
In all honesty, there are probably both zero days for both BSDs (the software was written by humans after all) and great reasons to prefer them that don't involve this argument. I'd finger the "security ethos" of OpenBSD in particular.
Because the NSA is keeping those secret so they can still use them. All these recent 'leaks' are just misdirection so when OpenBSD becomes the defacto standard PC OS they still have a way in ;)
Same here. I have a Windows PC which I use only for games and media processing. Steam for Mac isn't bad, but the vast preponderance of popular new (and old) games remain Windows exclusives.
Why people run any systems on windows is beyond me (not that others are more secure, but windows is a bigger target)