[KwasiOwusu]

"Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers

"I actually was wrong. The results are very surprising, and there are going to be some people who are skeptical," said Richard Ford, a computer-science professor at the Florida Institute of Technology who favors Linux."

Why am I not surprised?
Confirms what I have been arguing about on this board.
Microsoft wins yet again.

[usgator]

Windows Web server is more secure than a similarly set-up Linux server

Blasphemy! How dare you? May God (a linux user) have mercy upon your wretched soul!
- Sarcasm

[rit]

Microsoft wins again

From the same article The future of ID: Authenticating the identity of computer users is a big topic at the conference, but Microsoft's Passport authentication system was missing in action.

I do believe it safe to say Microsoft lost that one.

[antiRepublicrat]

Confirms what I have been arguing about on this board. Microsoft wins yet again. Confirms what I have been arguing about on this board. Microsoft wins yet again.

It's an interesting study, but it had three glaring errors. One, it assumed incompetent admins. Two, it was about hypothetical systems, not real and tested (it was basically just counting exploits).

Three, well, I don't know, I'd have to see the data. It appears that they counted vulnerabilities disclosed and patched during a set period, but this wouldn't count the outstanding exploits at the start of the study (and Windows has loads of those). Plus, Red Hat is known to fix critical exploits very quickly, leaving trivial ones on the back burner for a while. This would definitely pump up the unpatched days number. Meanwhile, Microsoft has been known to leave critical exploits unpatched for months.

I hope that one of these days somebody will do an impartial real-world study. This was appears impartial, but definitely not real-world.

[Rifleman]

Uhhhh...no. There were no real computers harmed in the making of this FUD.

They just counted the vulnerabilities that turned up times the days until a patch was released and added those up. Since MS tries hard to keep security holes secret until patches are available (and Open Source mostly doesn't) this is not a meaningful metric.

And since the Windows security holes tend to be "allows black hat to remotely own your pc, steal your passwords and identity and transfer all your money to liberia" and Linux holes tend to be, "promote local user to the permissions of the user that this application runs on" it is like saying that catching ebola twice is better than catching a cold five times.

If they had set up a Linux and a Windows 2003 server (patch 'em all you want, or even patch the Windows machine and not the Linux) then connected them to the net outside the firewall and tested for "time 'till security is breached" this might mean something.

[JCEccles]

Why does this remind me of the much-publicized spanking that MiG-flying Indian pilots administered to American pilots in war games about two years ago? It turns out that the rules of the game required the Americans to dumb-down their weapons systems until they were "equal" to the MiG weapon systems.