Study finds Windows more secure than Linux

The Seattle Time ^ | 2/17/05 | Brier Dudley

[rit]

SAN FRANCISCO — Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers.

The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

"I actually was wrong. The results are very surprising, and there are going to be some people who are skeptical," said Richard Ford, a computer-science professor at the Florida Institute of Technology who favors Linux.

[Knitebane]

Ergo, you can lie and slander people you oppose because you somehow feel "justified" doing so...

To the contrary, Ballmer Boy, I feel an overriding need to spread the truth about Microsoft and it's management.

I'm sorry if that hurts your little feelings.

[KwasiOwusu]

quot;I'm not going into a court of law. I'm presenting evidence on a website"

Figured you'd come up with that lame, pathetic statement.
Well that is no ecuse.
Your "evidence" = ZERO.

[KwasiOwusu]

You too.

[HolgerDansk]

I remember those clowns alright. Wasn't their report thoroughly discredited after it came out they had close contacts with CCIA in preparing that report, at the time a Microsoft hating trade group?

Well, let's see here. First you decry the Linuxheads for using "guilt by association". Then you promptly use the same tactic here.

The group in question never "hid" their association with CCIA, since the report was published by the CCIA. As for the CCIA itself, it's older than Microsoft(!), and does a lot of different work in the industry. So your claim of a "Microsoft-hating" organization is farfetched.

Finally, I know a number of those individuals personally, and they're all well recognized in the Internet security community. John Quarterman in particular I've known since the Morris Worm in 1988. (If John is rabid about anything, it's about quantifying and studying Internet traffic on a macro scale.) Given that, why should anyone listen to you?

[Knitebane]

Try telling Red Hat and Novell that Linux is free.

No need, they already know it.

They don't sell Linux, they sell support packages.

Fortune 1000 companies and even small business, don't build their own PC's and download Linux on to it.

The company CEOs and CIOs don't. But they usually have a department that does just that. It's the same department that buys Dell's, strips off the install Windows and installs the company's own build.

They buy servers pre-instaled with commercial software and backed by service agreements. Sometimes. And sometimes not.

I know at the Fortune 500 company where I spend most of my time, we order servers from Dell, strip off the Windows and install what we need.

Sometimes that's Windows. Sometimes it's RedHat or SuSE. Or it can be Debian Linux, Slackware Linux, FreeBSD or OpenBSD.

I've even watched them install Gentoo Linux and let it compile for a day and a half.

Most big companies have an IT department that does what's needed.

And few of the copies of Linux that we use in our department were paid for. We just downloaded and installed.

It's the same in most large companies. If they have an IT department they get contracts to cover the hardware. They support so many different kinds of software in-house already that another Unix doesn't really matter.

Smaller companies that don't have an IT department are closer to what you are describing. They buy RedHat or SuSE for the support.

[KwasiOwusu]

"Well, let's see here. First you decry the Linuxheads for using "guilt by association". Then you promptly use the same tactic here"

That report was thoroughly trashed when the facts about the agenda driven aim of the report's authors became known.
Its nothing new.
All that has already been thoroughly dissected.
That report is of no value .



"As for the CCIA itself, it's older than Microsoft(!), and does a lot of different work in the industry"

The CCIA was the biggest Microsoft hate group during both the US anti-trust case and the EU anti-trust case and after.
They put aside everything and concentrated on destroying Microsoft.
They were nasty, vicious , rabid and as full of hate as you can ever get.
I don't care if they areas old as Methuselah.
Thy were still evil.

[HolgerDansk]

The overwhelming majority of grants are targeted at specific research projects.

Depends on the institution and the donor. In particular, Microsoft has been a big user of block grants, though this seems to be changing.

I think I'm going to punch out here as well, 19 years of Usenet wrangling has made me way too non-dogmatic for this kind of furball...

[KwasiOwusu]

"They don't sell Linux, they sell support packages"

Yes they do..
You can use any term you want, its still selling Linux.

[jgorris]

Sure, as long as you don't forget to apply those 853 critical updates and 765 service packs every month.

[KwasiOwusu]

"The company CEOs and CIOs don't. But they usually have a department that does just that. It's the same department that buys Dell's, strips off the install Windows and installs the company's own build. "

No one has even mentioned a whole CEO going to buy a computer here.
So why drone on about it?
Bottom line, Fortune 1000 or even small businesses don't go and buy parts, so they can assemble and build their servers themselves.
That is not their business.
They are not PC makers.
Thy leave that to the Dell's and HP's t do it for them.
And they get the OS pre-installed at the factory.
Dell can even pre-configure servers to your specifications for you if you want.
What is the problem here?

[Knitebane]

You can use any term you want, its still selling Linux.

And you can download Linux here all day long for free.

So, they can sell it all they want, but it's still free.

[KwasiOwusu]

"So, they can sell it all they want, but it's still free"

Red Hat and Novell still sell Linux, and its not free when you pay the huge prices Red Hat is demanding for certain versions of their Linux servers.

Fortune 1000 companies mainly use commercial Linux, if they use Linux that is.
They are not going to trust critical businesses to an OS they downloded on the internet.

[Knitebane]

Bottom line, Fortune 1000 or even small businesses don't go and buy parts, so they can assemble and build their servers themselves.

You are half right. Most large companies do indeed build their own servers, because that way they can get exactly what they want.

Granted, all the parts come from big name suppliers and they don't tend to fiddle with lots and lots of different parts, but they do tend to buy something like this:

One mostly bare Dell Powerdedge server from Dell
4 GB RAM from Crucial
Two 120GB drives from DrivesDirect.
Two network cards from Intel.

The box arrives, the hard drive is pulled out and discarded, the new drives, RAM and NICs are installed, and an OS is installed.

Then it goes into the rack. One NIC is used for normal network communication, one NIC is used for the management network and one is kept for a hot spare.

I've built file servers, print servers, firewalls, LDAP servers, Kerberos servers and various specialty boxes in just this method while working for more than one Fortune 500 company and half a dozen Fortune 1000 companies.

Companies without an IT department generally take what Dell or HP gives them. Those companies are generally a lot smaller and buy complete support contracts for software and hardware.

[Knitebane]

Fortune 1000 companies mainly use commercial Linux, if they use Linux that is.
They are not going to trust critical businesses to an OS they downloded on the internet.

Sorry, you're wrong.

[KwasiOwusu]

"Sorry, you're wrong"


I am right
And I work for Fortune 1000 company.
All the computers have service agreements for both software and hardware.
Are they stupid enough to download some unsupported software from the Internet to run critical business and end up losing millions? No way.

Everyone knows that buying software costs make up but a very small percentage of the total costs of running computers.
Trying to save pennies by downloading free OS from the Internet would be really stupid

[KwasiOwusu]

"Most large companies do indeed build their own servers, because that way they can get exactly what they want"

Dell can get you exactly what you want, to the exact specifications.
They have wbhole department set up just for that.
Lots of firms have had Dell deliver their desktop and server computers and even had Dell finish the installation itself, on site, in record time.
I remember reading a story in either Businessweek or Fortune about Dell doing deals of that nature a few years back.

[Knitebane]

I am right

You are wrong. Where do you think that Novell and RedHat get the Linux that they sell?

Do you think that Linus Torvalds burns them a CD and has his reindeer deliver it?

Nope. Sorry. RedHat and Novell get the latest Linux by downloading it off of the Internet.

Are they stupid enough to download some unsupported software from the Internet to run critical business and end up losing millions? No way.

Why not? Considering how wonderfully secure and stable the software that they've bought from Microsoft has been, it can't be much worse.

Everyone knows that buying software costs make up but a very small percentage of the total costs of running computers.

Well, that depends. For business computers, that's somewhat correct. For home computers, software, especially Windows, is now over 25% of the cost of a system and continues to grow. It continues to grow for business computers, but since the hardware and administration are the lion's share of the expense, it's not as big of a part.

The difference in the admin costs really stand out. Linux is less expensive to run. Yeah, there are some studies that say differently, but when you read the fine print, those studies never include cleaning viruses, worms, spyware, fixing broken patches and other Microsoft-isms.

Trying to save pennies by downloading free OS from the Internet would be really stupid

It's not about saving pennies. It's about getting something that works for a change.

[Knitebane]

Dell can get you exactly what you want, to the exact specifications.

No, you can't.

Show me where you can buy a Dell Poweredge server with a 1.2 GHz processor and using the motherboard that Dell shipped last June.

And big companies like to have all of their hardware the same. So they tend to buy in lots, store them and build them later.

It's more efficient than trying to customize each box, have each one be a bit different, some older, some newer. It makes management of the devices easier because you don't have to worry about big changes in things like the BIOS or ACPI or what revision of firmware is on the remote console card. The accounting department likes it that way too.

Lots of firms have had Dell deliver their desktop and server computers and even had Dell finish the installation itself, on site, in record time.
I remember reading a story in either Businessweek or Fortune about Dell doing deals of that nature a few years back.

They sure do. But big companies don't use them for that. Big companies buy in bulk and build what they need when they need it. That's what an IT department is for, after all.

[KwasiOwusu]

"Nope. Sorry. RedHat and Novell get the latest Linux by downloading it off of the Internet"

That does that have to do with firms downloading Linux from some online site and using it to run mission critical businesses.

"Why not? Considering how wonderfully secure and stable the software that they've bought from Microsoft has been, it can't be much worse."

You gotta try harder than that.
Microsoft Windows Server runs some of the biggest businesses on the web, including Dell, the # 1 retailer on the Internet and Jetblue, which has standardized on Windows.
Both companies are kicking butt big time.
As for a Fortune 1000 company downloading unsupported Linux from the Internet for mission cortical business, if you know of one, please let me know, will you ?


"Well, that depends. For business computers, that's somewhat correct"

We have been talking business computers on this thread from the get go.BR> And it IS correct.
The cost of just one dopey Linux sys admin alone will cover a big part of the cost of buying all the software a company needs for the entire year.
Its been estimated that software costs are less than 6% of the cost of running the computers of a typical medium sized business.

[KwasiOwusu]

"No, you can't.

Show me where you can buy a Dell Poweredge server with a 1.2 GHz processor and using the motherboard that Dell shipped last June"

Have you talked to your account manager at Dell yet?
That's what they are there for.
Every reasonably big company has dedicated accounts managers, who are there to help you with stuff like that.
Its not off the peg.
Its bespoke