Study finds Windows more secure than Linux

The Seattle Time ^ | 2/17/05 | Brier Dudley

[Still Thinking]

Gee, Bill's tongue must be tired.

[DustyMoment]

They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

Truer words were never written. "Near-religious" is exactly right.

While I'm not the most technically computer savvy person on earth, I've never really warmed up to Linux/Unix.

I don't know what metrics were used to arrive at the conclusion that Windows was more secure than Linux, but I anticipate another round of MS bashing in the coming weeks.

[usgator]

I've never really warmed up to Linux/Unix

I know what you mean. My home PC has both Windows 2003 and Linux on it. I just don't like Linux and I really tried to see what the fuss is all about ... it's not THAT great.

[JustAnAmerican]

LOL, what a joke. The following are excerpts from the article in question.

<1>"The setups were hypothetical, however."
<2>"Authenticating the identity of computer users is a big topic at the conference, but Microsoft's Passport authentication system was missing in action."

So they Hypotheticaly put machines together and then without MS's biggest security risk and they call that a test. What a bunch of morons, bet MS had a hand in this.

[Frumious Bandersnatch]

Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers.

Well, doh. If you set up a Linux server with the same default settings as Windows, you are bound to get a system at least as insecure as Windows. In order to do this, you have to pretty much disable any security on the Linux server. This not the default on Linux (unlike Windows).

[SengirV]

BWAHAHAHAHAHAHAHAHA!!!!! HAHAHAHAHAHAHAHAHAHA!!!! Hahahahahahahahaa!!! Thanks for the laugh.

[Ex-Dem]

All the fuss is because it's something of a rite of passage for geeks to be into Linux, and even more of a rite of passage to be a shill for Linux/the open source movement. Might be why it's been so slow to become as user friendly as Windows (more user friendly equates to loss of geekyness). You have these people who think they're "1337" because they do everything with a text-based browser or the command line.

Don't get me wrong though, I have plenty of complaints about Windows and I use Linux on my servers. But the level of blind fanaticism over Linux on the part of some people is pretty unbelievable.

[KwasiOwusu]

"So they Hypotheticaly put machines together and then without MS's biggest security risk and they call that a test"

Ummm..most tests are hypothetical.
And this test had both MS and Linux's biggest security risks.
That's what the tests were about: Security.
And the Linux guy was a university professor in computer science.
I think he probably knows a fair bit about this more than you do, don't you?

[thejokker]

a lot of euro-peons frequent slashdot...

[standupfortruth]

The testers were named Gates

[usgator]

the level of blind fanaticism over Linux on the part of some people is pretty unbelievable

Blind fanaticism pretty much sums it up.

These people refuse to believe that MS has ANY redeeming qualities and everything about Linux is perfect. It's a freakin' cult. If Windows crashes it's because MS and the devil (Gates) suck. If Linux crashes ... it's MY fault because Linux NEVER crashes!!!

[taxed2death]

"a similarly set-up Linux server . . ."

Now who the hell would do that?


HAHAHAHAH.... my thoughts exactly!

[antiRepublicrat]

Confirms what I have been arguing about on this board. Microsoft wins yet again. Confirms what I have been arguing about on this board. Microsoft wins yet again.

It's an interesting study, but it had three glaring errors. One, it assumed incompetent admins. Two, it was about hypothetical systems, not real and tested (it was basically just counting exploits).

Three, well, I don't know, I'd have to see the data. It appears that they counted vulnerabilities disclosed and patched during a set period, but this wouldn't count the outstanding exploits at the start of the study (and Windows has loads of those). Plus, Red Hat is known to fix critical exploits very quickly, leaving trivial ones on the back burner for a while. This would definitely pump up the unpatched days number. Meanwhile, Microsoft has been known to leave critical exploits unpatched for months.

I hope that one of these days somebody will do an impartial real-world study. This was appears impartial, but definitely not real-world.

[zbigreddogz]

I don't know all that much about computers, but doesn't this headline fall under the 'Researchers say nude people get cold faster then their clothed counterparts' category? (i.e. isn't this a 'duh'?)

[StJacques]

"This theory will NEVER be accepted by the already-hate-spewing venemous Anti-Microsoft crowd. . . ."

The greatest myth in the IT world is that Microsoft is some anti-free trade corporate conspiracy that is out to destroy the American way of business. The opposite is in fact true. And I know this first hand, since I'm an IT guy who specializes in cross-platform interoperable web applications -- primarily XML and XML Web Services -- which I have developed for deployment on three different operating systems: IBM's OS/400 (the AS/400 machine), Sun Microsystems' Solaris, and Microsoft's Windows 2003 Server (.NET). I will be doing my first Linux job in a few weeks from now.

In spite of all the propaganda and hype the "open source" crowd will spout, Microsoft is easily the most consumer-friendly IT company on planet earth. The key is Microsoft's "Universal Data Access" strategy of providing both its PC operating systems (Windows XP, etc.) and its server operating systems (Windows 2003 Server) with full connectivity capabilities for data and information access. For you IT guys it comes down to OLE DB and full XML capability. Microsoft seems to have this idea that if you buy a license to use an operating system you should be able to use it to connect to any database on the market and your access to XML functionality (which is the real independent and non-proprietary cross-platform technology) should be unlimited. IBM, Sun, Red Hat software (they did the most to develop Linux), and most of the rest differ in that they want data and information access controlled at the server end, which means that the "consumers of data," whether they are businesses or individuals, will have to pay the toll for the capability to access data, in addition to user rights of access. And they also want to limit XML Web Service functionality, and especially IBM in this instance, to "Remote Procedure Call" (RPC) types of applications as opposed to "Document Style" -- Microsoft is real big on the latter -- so that they can concentrate activity on servers rather than web clients, which raises the development costs for companies who provide the data, since RPC style web services are much more limited in their scope than Document Style, which are virtually unlimited. To put it all in one sentence, Microsoft will let you do what you want to do, IBM and the rest want to limit your choices to make certain those who control server technology will hold the keys to information access, regardless of the increase in costs that comes with it.

To anyone and everyone in the "open source" crowd who wants to spout that party line that they represent the "economically democratic" alternative to Microsoft, I have a response and a challenge, which follows. Until consumers of data are empowered to access information using connectivity capabilities to which they own licenses and when they are further empowered to share data on their own terms with other operating systems without paying the toll for connectivity, that the "open source standard as economic democracy" is a myth. The real test is "cross-platform interoperability" and the range of choices one can make in implementing it. Microsoft is light years ahead of the rest of the field in this respect.

[Cicero]

I can well believe it. Every hacker on the planet has been attacking Windows for years. By this time, they have a lot of the holes filled.

[Sicon]

All the fuss is because it's something of a rite of passage for geeks to be into Linux

Bingo! Just think of the comic bookstore character in "The Simpsons". I work in IT, and it's full of arrogant, condescending, bloated geeks just like that guy, who are always trying to convince everyone else that they are geniuses, simply because they know some obscure stuff. They're amusing at best.

[KwasiOwusu]

"If you set up a Linux server with the same default settings as Windows, you are bound to get a system at least as insecure as Windows"

Try again.
Read it again, it says : "similarly set-up Linux server"
Similar is NOT equal to the same.
Its like formula one racing. All the cars have to obey certain rules about engine size, tyre sizes,, weight, etc etc, but Ferrari have still ended up winning most of the races in recent year,because their car is better (and they have a great driver too).
Windows simply won.

[Frank L]

"I hope that one of these days somebody will do an impartial real-world study. This was appears impartial, but definitely not real-world."

A few years ago, I read several comparisons between Visual Basic and Delphi (my favorite programming language). Of all that I read (and I know VB has had some major upgrades since then), only 1 decided in favor of VB. In only that one did the listed benchmarks for VB surpass D. There were two problems, though.

1. The testers were VB gurus who had never used Delphi before.
2. Microsoft had funded the study.

Nope, no bias there.

[usgator]

Thanks for the post. I am a software developer myself and don't deal with the OS too much.

This should give me some ammo next time we get into another "Linux vs. Microsoft" discussion.

Of course, it won't make any difference. They love and worship Linux and facts have no place in the discussion.

The thing that amazes me is that I admit MS has faults ... they adamantly refuse to acccept that Linux may have any flaw at all, no matter how minor.