124

What makes Linux so different than Windows in terms of anti-virus needs?

My question is not if I should get an anti-virus for my Linux. I perfectly understand why an AV is important.

I would like to understand if there are conceptual (technical) differences which make Linux less vulnerable than Windows (comparing for example Ubuntu 14 and Windows 7).

  • 42
    Why they do so has a lot to do with marketing. More Windows users => more Windows malware => more Windows AV products. – Sakamaki Izayoi Aug 05 '15 at 19:17
  • 34
    Modern Windows systems are very secure. Microsoft hat a lot of problems in the past. They changed, invented the *Security Development Lifecycle* and produce very solid software now. Almost no virus infections today target Windows. They target Acrobat,Flash,Java,MS Office,... But as a Windows user, it is normal for you to download random executables from the internet and run them. Also, there is no central update mechanism for software, so you will have old, vulnerable software. This makes Windows users insecure, but it isn't per se a Windows flaw. – Josef Aug 06 '15 at 09:54
  • 50
    My opinion is people who can operate linux can safely operate windows. – Smit Johnth Aug 06 '15 at 09:57
  • 10
    Look up my answer on the other thread, it's already entirely covered. Linux desktops are *less* secure than Windows desktops by an order of magnitude, but they are also less targeted and the app distribution model slightly less prone to having uneducated users run untrusted apps. In any case you should be more worried about browser malware than OS malware these days. – Steve Dodier-Lazaro Aug 06 '15 at 10:22
  • possible duplicate of [Should I get an antivirus for Ubuntu?](http://security.stackexchange.com/questions/63097/should-i-get-an-antivirus-for-ubuntu) – user10008 Aug 07 '15 at 10:50
  • @user10008 Even before your comment there was a clear statement saying why the questions are different. One asks for the need of an AV for Ubuntu. The other discuses architecture differences between two major operational systems and their vulnerabilities again viruses. –  Aug 07 '15 at 11:27
  • 1
    I have read the statement. The questions themselves are perhaps different in the title, but they are essentially about the same topic, and the answers in that thread already answer this question too. The accepted answer for that thread is an excellent answer for this thread too. – user10008 Aug 07 '15 at 12:35
  • For me they both use C and file systems so they are prone to memory managment errors *(typically data that become executable)* and path overrides. – user2284570 Aug 09 '15 at 01:20
  • possible duplicate of [Linux or Windows- the security issue](http://security.stackexchange.com/questions/16564/linux-or-windows-the-security-issue) – pnp Aug 10 '15 at 04:23
  • Windows comes pre installed on most computers, but people have to install Linux themselves. This takes some technical skill, so Linux users aren't the ones who "Click HERE to download FREE RAM!!". Not that everyone on Windows does this, but enough do to make anitvirus programs very important. – Lucas Aug 09 '15 at 21:09
  • 7
    "Linux desktops are less secure than Windows desktops by an order of magnitude" [citation needed] – Tom B Aug 10 '15 at 11:00
  • 1
    @Josef: No matter how secure Windows becomes against J. Random Cracker, Windows is inherently insecure *when the attacker is Microsoft*, and this will never change. It’s clear that Microsoft takes advantage of this; look at the Windows 10 upgrade-pushing updates, or the recent revelation that Windows 10 sends your disk encryption key to Microsoft. – Tom Zych Jan 03 '16 at 10:04
  • Linux is inherently insecure if the attacker is someone who wrote code you didn't check. Sure, you can check the whole kernel code. But you didn't! And even if you did, there are large parts you wouldn't understand without a lot of domain knowledge, drawing graphs on paper and stepping trough code. – Josef Jan 03 '16 at 10:59

8 Answers8

111

There are several reasons why Windows is so heavily inflated with anti-virus products. (I am pointing to out-of-the-box (OOTB) experiences).

Windows users are, by default, local administrators, so any social engineering done on Windows can usually lead to an execution of software. Modern Linux has users set-up as low-privilege local users. It requires your password to elevate privilege.

Windows tried to simplify as many things as possible including security and looking back at its history their butchering (Windows Vista anyone?) of security controls left their user-base numb to constant false positives about software. The proverbial "Do you want to install this software? Do you REALLY want to install this software?" lead to just click-throughs or disabling UAC.

Software repositories vs standalone installs:

Linux has had software repositories forever and they provide a good mechanism for installing software. These are usually signed, approved, software being protected by companies with budgets for security following standards for security. (I know about the breaches to repositories in the past, but this is generally good). Windows users are used to pulling sources from everywhere and installing on their system, unsigned or not.

Users generally have different mindsets:

Windows is an all-purpose, all-user platform. It generally tries to solve everyone's problems and in doing so, OOTB doesn't protect the user like it should. This why Microsoft pushes so hard to force every piece of software to be signed by a "trusted signer". There's plenty of debate on this, but generally from a security standpoint this is smart; Microsoft just happens to have a track record that leaves trust to be desired.

Linux users are generally technical and the systems are usually server systems. That's why software usually comes with GPG keys and/or SHA/MD5 hash for comparison, as these are from a Linux administrator perspective, de-facto processes for installing software. I know many Linux users who ignore this, but I have yet to see a Windows administrator even think about it.

So it does go beyond market share.

Expansion:

I will address a few things from the comments (which have valid points.)

Repositories:

From an OOTB experience modern Linux distributions have pre-signed packages which are more for identifying that a package works with the distribution, but also proves a secure method for verification.

Other package management system have been discussed such as pip and npm which are independent of the distributions themselves and are servers to install specific packages for their particular programming language. It can be argued that there is no inherent way for verification on these systems. This is primary because Linux has a philosophy of programs doing one specific thing and doing it well. This is typically why multiple tools are used such as using GPG or PGP for integrity.

Script Downloads

cURL | sh has been mentioned and are truly no different than clicking on a .exe after you have downloaded the file. To point out, cURL is a CLI tool for transferring data. It can do authentication, but it doesn't do verification specifically.

UAC vs sudo

Lastly, here are a few things about these two security features.

UAC is an approval process for untrusted software installation. A user which has local administrator rights simple gets a yes or no (the behavior can be changed, but it's not default). I am still looking to see if this behavior has changed on Windows 8+, but I haven't seen anything on it.

Sudo is a fine-grained permission elevation system. By default it's essentially the same thing as UAC, but it has more ability to be configured to limit accessibility.

Aaron Hall
  • 159
  • 1
  • 1
  • 9
Shane Andrie
  • 3,780
  • 1
  • 13
  • 16
  • 36
    You make some excellent points, but I'd like to expand slightly: Windows users are no longer default admins, at least not in the sense of practically being root (UAC is kinda like `wheel`/sudoers). Linux repositories are only significantly better if they are *maintained* repositories, such as those from distros -- using Launchpad PPAs, for example, has the same problems as in windows. Also, in the past few months I've seen a bunch of vulnerabilities patched on my (weekend-only) Windows machine earlier than the (mostly work and coding) Ubuntu laptop, so there have been some changes in the past. – Rens van der Heijden Aug 05 '15 at 20:24
  • 10
    hmm some of your points I'd agree with, others not so much. Linux users pull from untrusted repos all the time if they do anything like development (e.g. ruby, node, python etc). Also many install routines now follow the "curl|sh" model so many so that there's a tumblr for them http://curlpipesh.tumblr.com/ . also I agree with @RensvanderHeijden about the local admin thing, sure UAC was bad in vista but that was many years ago and current implementations aren't bad, certainly no worse than sudo. – Rory McCune Aug 05 '15 at 20:55
  • 3
    @RоryMcCune I don't think that you can just label node/ruby/python repositories as untrustworthy. You're right they are *less* trustworthy (than official distro repos), but they are more easy to verify (source always included) and better than grabbing random binaries or scripts from the web. – Rens van der Heijden Aug 05 '15 at 20:58
  • 6
    @RensvanderHeijden they do no validation they store dev. creds in the clear in dotfiles in many cases (e.g. npm) and I've personally had malware (eicar) sitting in their repos for months... not what I would call trustworthy. As to reading the source.. let's be honest, no-one reads 100KLOC of JavaScript source when they download it – Rory McCune Aug 05 '15 at 21:07
  • @RоryMcCune that's what I meant when I said that I agree they are *less* trustworthy. There is a lot of room for improvement, but it's still a lot better than copy-pasting a script from a website! – Rens van der Heijden Aug 05 '15 at 21:10
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/26742/discussion-on-answer-by-shane-andrie-are-there-technical-differences-which-make). – Rory Alsop Aug 08 '15 at 18:57
  • All that being said, Linux is an expert user platform. You don't see as many viruses because the users are generally smarter about their systems in general. A good example of an all-user system done right is the Mac OS X platform. – Engineer2021 Aug 10 '15 at 12:22
40

The reason for this tends to be historical. There is no reason why a modern desktop Linux should be particularly more resistant to malware when compared to a modern Windows desktop.

However there have been many more viruses for Windows than Linux amongst desktop users, which is down to factors such as the number of users of the respective platforms and also historical weaknesses in the Windows platform such as running as administrator all the time.

So from a market perspective, the reason is that there are more customers for Windows antivirus software than for Linux antivirus software, so as a result more vendors will go into that marketplace.

Peter Mortensen
  • 877
  • 5
  • 10
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • Am I right to conclude that (from an architectural perspective) Linux is then as vulnerable as Windows to a virus infection ? –  Aug 05 '15 at 19:17
  • 22
    well you'd need to define which linux and which version of windows, but I'd say that assuming you're talking about Windows 10 and a modern desktop linux, there's nothing to suggest that windows is more vulnerable to infection than linux. However the windows user is at more risk of infection as there is more malware which targets windows ... – Rory McCune Aug 05 '15 at 19:19
  • 4
    As long as the user is able to install and run software a system is going to be vulnerable. Unless you can find a way to reliably certify the software and only allow certified software. Android and iOS are trying to do it (and also restrict how much an App can do) but are still far from invulnerable or infallible. – Michael Aug 05 '15 at 22:41
  • @KagueiNakueka there are also differences from the architectural perspective, so it wouldn't be exactly as vulnerable; but it would be still wrong to say that the difference is caused by architectural factors simply because the social, market and historical factors have a much larger impact than the purely technical differences. – Peteris Aug 05 '15 at 23:43
  • @Michael Well, to be fair Mac OS X *does* provide an application sandbox as well, some work is being done on a Linux/Gnome version (see this blogpost from February for example: https://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/ ) and then you still have Chrome OS which as far as I know has the best sandbox by far (honestly, I would be very surprised if someone can hack a NaCl disabled chromebook seriously (doubt it even with NaCl enabled, but that *might* at least be possible)). – David Mulder Aug 06 '15 at 21:14
  • @David: well, Google's Chrome Reward Program includes ChromeOS. I don't know if they publish a record of bounties paid, though. A quick search found an article saying they paid for a critical ChromeOS vulnerability at pwn2own 2014. It's one of those things: if the person sitting next to me on the bus said they'd hacked a chromebook I'd be surprised, but if nobody on the entire planet hacked a chromebook for 12 months I'd be even more surprised ;-) – Steve Jessop Aug 08 '15 at 09:25
  • @Michael The Windows Store App model is one example at baking in Sandboxed applications into Windows. – Bernie White Aug 12 '15 at 00:46
32

I think the most crucial factor for virus infection of desktop Windows system is, definitely, the culture and discipline of software distribution and installation.

While the average Linux user opens the package manager and get the vendor-built software package (and doesn't leave the official repository to find software in 90% cases), the average (non-IT) Windows user opens the browser's tab, and Google for "install 7-zip" or even "install file archiver", and very often accidentally navigates to malware-stuffed website, that is specially crafted and SEOed to catch such kind of users.

Every beginner Windows administrator will talk you a lot of stories about "ZipViewer.exe" and "ArchiveUnpacker.exe", that was found in the infected machine and was downloaded by the user. Of course, the experienced user types "7-zip.org" in the address bar, and download the installation package from the trusted website, but this just point us to the fact: the absence of central repository for windows software and the requirement to just to remember the list of trusted websites still creates the biggest vulnerability ever known in windows history.

I know the significant amount of people, who don't install antivirus software at all just because they know where to get the original software and how to configure a regular data backup.

Nipheris
  • 421
  • 3
  • 3
  • 2
    This is basically the correct answer. I would add that the Linux security model provides no protection whatsoever against installers (such as `.deb` packages) downloaded manually from the internet and installed - these install with root privileges and can do almost anything they like to the system. Even a userspace malware could get up to significant mischief such as installing a browser plugin to steal credit card details. So these days the Linux security comes strictly from the fact that Linux users have long been conditioned to primarily install from secure sources. – Blake Walsh Aug 07 '15 at 10:44
  • 2
    @BlakeWalsh Well, not _strictly_ that. I'd argue that _most_ of it comes from the fact that the users themselves are generally more technical and there is far less malware targeting the platform (due largely to marketshare.) As far as architectural differences are concerned, though, yeah, that's probably the biggest security advantage of Linux over Windows. – reirab Aug 07 '15 at 16:44
  • 4
    @reirab Well I would argue that low market-share is a form of "security by obscurity" and my point was more at the level of the individual, who may be savvy or not savvy and this wont change with the OS they use. Ubuntu is now arguably easier to use than Windows so there is no more barrier to non-technical folk. A Windows user who transitions to (say) Ubuntu, is not safe from malware if they keep their Windows habits (sometimes you have to smack new Ubuntu users over the head with "Use the Software Center, dammit!" because the old search-download-install habit dies hard) – Blake Walsh Aug 07 '15 at 18:08
  • @BlakeWalsh I agree that it's security through obscurity, but it's still the primary reason. Also, saying that there's no more barrier for non-technical folk is **very** arguable. That might be true if someone else does all the setup and configuration of the system, but not if they're doing the install themselves, especially if they happen to be unlucky in their hardware configuration. [This](https://xkcd.com/456/) exists for a reason. – reirab Aug 07 '15 at 18:15
  • 1
    It's worth noting that the Store in Windows 10 is Microsoft's effort to provide user protection analogous to that from official Linux repositories. – Ghillie Dhu Aug 08 '15 at 21:10
15

On the Windows monoculture

Every working Windows malware can cause an epidemic infection. There are hundreds of millions of Win 8.1 boxes in the world and on many of them e.g. Acrobat Reader has been installed. It is a monoculture.

Linux on the other hand is less a monoculture. There are many different PDF viewers: Evince, Okular, mupdf, xpdf... There are many window managers: Gnome, KDE, i3, lxde... There are many different distributions.

So if you are able to infect one taste of Linux, this won't necessarily work on other installations.

Linux software usually is open source. If you'd like to become a developer of a software, you have to stick to it for a long time to get write access to git / svn / cvs of a running project. You can't offer only binaries to a distribution, you need to offer source code and if it doesn't compile from source, your software is out. So it is difficult to distribute malware.

What I wrote here are guesses, I'm not into software security.

Keks Dose
  • 522
  • 2
  • 9
  • As far as Windows itself vs. Linux itself, there's only one kernel of each. Granted, there will be a wider variety of versions of said kernel running in the wild with Linux than with Windows (which has both upsides and downsides where security is concerned.) – reirab Aug 07 '15 at 16:48
  • 3
    @reirab: Not just versions of the Linux kernel, but variants. Are you using the gentoo patchset? GRSecurity or SELinux or some other capability system? – Ben Voigt Aug 07 '15 at 21:30
  • While not into the security field, this is a pretty sound technical analysis: monocultural source of software versus diversity. And life and technic only survive with diversity! – dan Aug 08 '15 at 18:30
14

There are some good answers here. I just wanted to add a couple of points.

There is a historical component to the argument that Linux is less vulnerable than Windows. Some of the basis for this suggestion is not as valid when referring to modern Windows implementations as it previously was.

Perhaps the biggest difference was originally due to differences in architecture. The *nix based systems have traditionally had a clear separation between user and kernel space. This separation restricted what processes run by the user could access/change. Early Windows didn't have as clear a separation, which meant things like user code affecting low level code or drivers was more possible. Later versions of Windows have worked towards a similar separation of system and user space. As an example, at one time, it was possible for user space processes to adversely affect low level services, such as the video subsystem, either due to malicious code run by the user or just buggy user level code. In this respect, this separation of system and user space has the benefit of both reducing exposure to malicious code and buggy code which could make the system less stable.

As mentioned by others, Windows traditionally also allowed the user account to also be a system admin account. This would be similar to having a Linux user account run with root privileges - essentially allowing processes to bypass any protection provided by separation of users and system.

I think it is also useful to distinguish between viruses and malware. One way to look at this is think of viruses as self populating - viruses can move from system to system without user interaction/input. Malware on the other hand requires the user to perform some action e.g. open an attachment, install an update, visit a web site with a drive-by exploit etc. While viruses are still a problem, by far, the real threat these days is from malware. As malware requires user interaction, the real threat is now more about social engineering and less about technical platform. At this level, both Windows and Linux are potentially similar in that both systems are increasingly similar (at a high abstracted concept level) in architecture re: user and system space. You can develop malware for either system and the extent to which that malware will work is similar (assuming modern Windows practice of not having your user account implicitly include admin privileges).

This means that in general, the real difference is mainly due to market share. As Linux has a much smaller market share, the potential pool of victims is smaller. If you're going to develop some malware, you will go for the biggest possible market - this means Windows. However, we are beginning to see malware for Linux and it is likely that if the Linux desktop market share were to increase, we would see increased malware problems for Linux. The point is that social engineering is now the key to malware distribution and platforms are less relevant. It is even likely that we will see more malware on Linux if we also see increased malware based on technology which is cross platform (for example JavaScript).

It is actually a little concerning there is a strong belief that Linux is immune to viruses and malware. This belief tends to make people feel they do not need to worry about normal best practices for protecting yourself e.g. not clicking on dodgy emails, opening suspicious attachments, installing software from unknown or untrusted sources etc. People will suggest Linux is more secure because much of the software is open source and you can inspect the source to see if it is malicious or not. This is a little misleading. Firstly, it is actually very difficult to inspect software to ensure it is OK - this takes considerable technical skill and familiarity with the language being used. The other problem is, most will assume someone else has done this, which may not be the case. Consider the number of important libraries and applications which have had significant security holes which have not been identified for quite some time i.e. openssl, libc and ghost etc.

Linux is less vulnerable at this time primarily because it represents such a small user segment in the market. If either the market grows or competitors improve their security to the point where malware becomes difficult to implement, we could very well see an increase in threats for Linux. Threats are increasingly dependent on social engineering to deliver their payload. To some extent, we are possibly reaching the limit of technical protection possible in modern systems. The most vulnerable component these days is the user. This means the underlying technology is becoming less relevant and what we really need to focus on is user education and awareness.

Pang
  • 185
  • 6
Tim X
  • 3,242
  • 13
  • 13
  • 1
    You forgot Linux including most of the user space is open source. – user2284570 Aug 07 '15 at 19:00
  • 2
    @user2284570 - no I didn't forget it. As I said, many feel that being based on open source, it is more secure. However, I don't believe this is as true in practice. It assumes "someone" is reviewing the source and has the skills to understand it. This is not necessarily the case - examples exist of both intentional and unintentional security threats in open source. Reality is, very little open source is adequately audited/reviewed. Can be argued access to the source makes it easier to find exploits, making it less secure. Consider the openssl or libc vulnerabilities and how long they existed – Tim X Aug 08 '15 at 00:29
  • Also, linux is still an OS for classical Turing based machines *(which often means manual memory management)*. It also use classical file systems *(the hierarchy structure typically looks like those of databases of the 60's)*. By saying this I am thinking to AS/400. – user2284570 Aug 08 '15 at 09:17
  • @user2284570 I don't see how that is relevant. File hierarchies and memory management is the same in principal for both systems. At an abstract level, they are both "classical turing based machines". Each system has various schemes to help detect and protect against stack smashing or out of bounds memory access etc, but these do not change the fundamental architectures. The underlying physical architecture is the same. The OSs are converging more than diverging. Often, at conceptual level, good ideas implemented in one are copied by the other. Similar concepts, just different implementations – Tim X Aug 09 '15 at 00:54
  • The AS/400 used relational databases instead directly instead of traditionnal file system hierarchy and was entirely written in managed code with language which don't use memory management similar to java *(OK it's still an imperative language and it is IBM only)*. The interpreter is the CPU microcode. I am not currently aware of a single custom microcode on a widely used/modern obfuscated CPU design. But your're correct the question is about linux vs windows. – user2284570 Aug 09 '15 at 01:14
  • @user2284570 An electronic computer is not a classical Turing(-"based") machine. An electronic computer has bounded memory space, bounded execution time, and fallible calculation and storage. A Turing machine can't catch fire. Most mentions of the term "Turing machine" are as pointless and incorrect as mentioning "the cloud". So please don't. – Rhymoid Aug 11 '15 at 08:08
5

A fundamental problem with Windows' excuse for a security model--probably the biggest one--is that the only way a user can allow programs to do certain things that almost any installable program might need to do is to grant the program unlimited authority to do anything and everything it wants. If it were possible for Windows to say e.g. "This program would like to add a folder named 'FredMagic123' to every user's start menu and add icons to it; would you like to let it do this?", and if clicking "Yes" would grant the program the authority to do that but no other elevated privileges, then users could determine when programs were seeking permission to do things they had no legitimate reason to do be doing.

To make matters worse, Windows makes it difficult for programs to start up with normal permissions and then request elevated permissions later. Thus, if an installer will ever want to be able to install a program in such fashion as to be accessible to all users, it will often need to request elevated permissions before it can do anything else. Consequently, rather than allowing a program to be installed for a local user without needing elevated permission, and only require special permissions when installing for system-wide use, the normal behavior is for install programs to require full administrative permissions in order to do anything, even if in a typical install none of their actions would require any elevated permissions at all.

supercat
  • 2,029
  • 10
  • 10
5

Let's poke holes in some answers here.

Linux has fewer viruses because it lacks market share.

False. Although Linux has less of a market share in desktops, it has a greater share of server installs. Servers are much more likely to be sought as specific targets as opposed to targets of opportunity.

Modern operating systems are all basically equally secure if correctly configured and administered.

False. Windows carries a lot of legacy code that was written without security concerns to maintain compatibility. Linux was much more security conscious in its initial design, and has had multiple pure security projects which has only made things better. Although Windows is much better than it was, it still has more room for improvement.

And just to be fair, let's debunk another myth: 'Linux by itself is good enough for security'. The greatest weaknesses in all operating systems are

  1. Weak passwords
  2. Misconfiguration

At this time the botnet that is most alarming is composed entirely of linux powered routers that had default passwords and remote administration enabled.

Script47
  • 217
  • 1
  • 11
hildred
  • 449
  • 1
  • 4
  • 9
4

Comparing Windows and Linux is like comparing apples and oranges structurally. Configuration plays a larger role in protection than any specific OS architecture, and it goes from physical security all the way to maintenance and upkeep. All security implementations can be removed in all operating systems, and corners can be cut in terms of maintenance and security in regard to how a user handles their machine. Therefore all operating systems equally share the same level of risk in terms of malware installation, because that risk is largely impacted by the user.

Viruses, malware, trojans, etc. on most platforms can be installed by someone who has enough privileges. If that person has enough privileges to allow the application to escalate its own permissions, the application may be extremely difficult to eradicate. If a user runs as "Administrator" on either Windows or Linux for example they have the ability to allow the installation of something malicious if they aren't careful. If that user inadvertently installs something they did not intend, it can potentially take over their machine, hide itself in the operating system, and make it very difficult to remove, sometimes even requiring a firmware update in the event of something like an EFI injection on a Mac.

Antivirus is like a security system when you have a door lock. If you think of the door lock as the built-in OS security, it will prevent a few things from happening without the user doing something like leaving the door unlocked. Because it exists, it may deter a would-be attacker because of its existence. Door locks keep honest people honest. A security system, like antivirus software, alerts the user to a possible intrusion. If the user acknowledges the warning and stops an intrusion in time, then the theft or break-in can be thwarted. If the user doesn't have a security system in place, they can only look at the aftermath of a break-in if the built-in protections of the operating system (or a door lock) are overcome.

That being said, not all security systems catch all problems, and not all antivirus engines catch all viruses, but if you have anything remotely worth protecting, it's worth protecting correctly.

Linux can in some varieties require significantly more maintenance in terms of installation. It's not easy to use for everyone and is created by people who aren't working for a major corporation (excluding Red Hat). Windows, can be easier to configure and maintain out of the box, however the user in both cases can help to render an operating system useless in terms of defence.

The amount of malware in a market at any given time has no affect on the future security of any given operating system. If all software patches are applied, then the user is current with their known vulnerabilities, provided the parties responsible for maintaining the software are up-to-date. There will however always be more zero-day attacks and attacks on undisclosed vulnerabilities where no patches exist.

Peter Mortensen
  • 877
  • 5
  • 10
AbsoluteƵERØ
  • 3,104
  • 17
  • 20