The TOR Project Tells Everyone To Stop Using Windows

The TOR Project Tells Everyone to Stop Using Windows

After startling news that someone — probably a government agency — was exploiting a vulnerability in Firefox to spy on its supposedly anonymous users, the TOR Project is now asking everyone to take a step back and stop using Windows. It's not just this latest episode of snooping, though. Windows just isn't a great operating system in terms of security in general, they say.

"Really, switching away from Windows is probably a good security move for many reasons," the TOR Project said in a security advisory. But for this specific exploit it was especially bad since the hackers — probably a government agency — specifically targeted Windows users. Mac and Linux users were not affected. [IT World via Slashdot]

Image via Shutterstock


    If you take a general windows pleb and put them on Linux or mac os its not going to be very secure either. Default root passwords make sure of that

      Root isn't enabled in OS X by default. A newbie user wouldn't even know how to enable root.
      OS X is a lot more secure than Windows is many aspects to the general user.

        I'd go the opposite -- OSX is less secure to the end-user, because they've been constantly told that they're safe, only Windows has issues, they don't need to worry about security at all. Which is wrong.

          OSX and Linux are more secure by good design. They have proper access control systems, etc etc...
          Doesn't have much to do with the end user, its the underlying design of the operating system.

          Difference is, on Windows, you do need to worry about it a lot more.

            Difference is, on Windows, you do need to worry about it a lot more.

            Beg to differ. It's a case by case basis based on the user. Yes OSX and Linux are more secure by design, but that argument is essentially moot considering the user is usually the culprit in the security chain. All systems have the potential to be safe for the general user, and all systems have the potential to be hacked if targeted. The difference in design makes for such little difference in the end.

              How is it moot? If an operating system is more secure you have less vulnerabilities, so less people capitalise on those vulnerabilities to create viruses/hacks. Thus the user has to worry less.

                Errup, whaa?

                Even one, just one, vulnerability is all you need. And every system has potentially thousands. We just know more about windows because...

                -It *was* horrible, back in the day
                -More people use it. Therefore it's targeted more. More issues found, exploited, and reported.

                Bank hack focused at POSIX (aka, 'more secure') systems just been found, so ahh.. yea. Don't worry guys. You is all secure yea.


            Unless, you know, less than 24 hours after you make your claim, something like this gets announced..

      Are not the exploit they're referring to based of their own software. How about uninstalling firefox/tor.

    Even if it was true that Windows is less secure than the other operating systems a mass move to other systems would just move government attention to those other systems.

    As to Mac users not being targeted by government, I call bullshit since Apple was specifically named as one of the many corporations co-operating with the NSA.

    The only truly secure operating system is one that is NEVER used. The next most secure O/S is one that is not connected to the Internet. If you want complete security you will achieve nothing.

    Are these the same people that told the Russian Federal Guard Service to switch back to typewriters because it's safer? lolz

    Of course, this totally ignores the fact that somethign like 80% of successful hacks trick the user into running the executable. But if everyone took their advice and switched to other OSes, hackers woudl stop targeting Windows and, over time, it woudl become the safest and everyone would be told to switch back to WIndows, then the cycle woudl starta ll over again.
    The best advice you can give to someone over computer security is to use common sense and think about what they are doing. The problem is that common sense is not very common, to paraphrase Voltaire.

      Do a fresh install Windows, Linux, and OS X on three separate machines and do nothing else than connect them to the Internet. Windows get hammered every time. While I agree this is due to the volume of the OS in use, this can not be excluded as a current weakness just because it might change. If in time other OSes become more popular and start to suffer, the advice from the TOR Project will be different, but right now, Windows is a poor choice for personal security.

        If that's true, then how come I've never had a problem in the 17 years or so I've been on-line, despite never having had any 3rd party security software installed? As far as I'm concerned it is all just complete bullshit designed to sell security software.

          Depends on what you mean by problem. Good security breaches don't advertise they are there, so they won't necessarily cause any visible issues.

            If that's the case, why would I care?

              You don't have to care, but that doesn't mean it's secure.

                That's like saying a screen door isn't secure because it lets air in.

      I disagree, theres a lot more Linux servers in the wild then WIndow's based servers. Why don't the Linux servers get hacked as much as the Windows servers? Linux has been around for around the same amount of time as Windows as well.

      A server is probably a higher value target as well, more processing power, more data going in and out.
      So why do Windows boxes get hacked/virused more a heck of a lot more often. Put simply, bad design. Kinda blows the whole more Windows installations then any other OS argument out of the water...

    Surely anyone who really needs to care about security is running Linux?

    Tor said on twitter, "It's Tor, NOT TOR"

    What difference does it make in the end though..? Windows is supposedly insecure because of it's popularity not because of the OS itself, hence the US Gov attack on Windows. If you're really worried about your privacy then use an encrypted VPN, simple fix.. !

    Last edited 07/08/13 10:33 am

    Would this exploit still be effective if the user had a VPN connection to somewhere else and ran Tor over the VPN?

      Would love an answer to this. I am very curious about how it all works but I can't get my head around it. I have used TOR once or twice, I run everything over a vpn.

    That's it, I'm booting up the Amiga 600 again. Workbench FTW..

    No. Just no. The vulnerability exploited in this case was cross platform. It was just that the attacked chose to only exploit Windows. If every person using TOR was on Linux or OSX you can be sure the platform targeted would be one of those instead.

    Switch from Windows to another operating system isn't any more secure. You still need to make sure your security updates are applied in a timely manner. In this case there was no vulnerability exploited in the operating system, but rather the software running on the OS. Users need to be made aware of these problem, much before changing their OS and thinking it makes them "safe".

    If you're that worried about security to use TOR, why are you using a standard install and not a throw-away install (Eg. Boot CD/Thumbdrive with hard drive disabled)?

Join the discussion!

Trending Stories Right Now