To: rit
"Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers
"I actually was wrong. The results are very surprising, and there are going to be some people who are skeptical," said Richard Ford, a computer-science professor at the Florida Institute of Technology who favors Linux."
Why am I not surprised?
Confirms what I have been arguing about on this board.
Microsoft wins yet again.
To: KwasiOwusu
Windows Web server is more secure than a similarly set-up Linux server Blasphemy! How dare you? May God (a linux user) have mercy upon your wretched soul!
- Sarcasm
13 posted on
02/17/2005 9:55:32 AM PST by
usgator
To: KwasiOwusu
Microsoft wins again From the same article The future of ID: Authenticating the identity of computer users is a big topic at the conference, but Microsoft's Passport authentication system was missing in action.
I do believe it safe to say Microsoft lost that one.
14 posted on
02/17/2005 9:57:20 AM PST by
rit
To: KwasiOwusu
Confirms what I have been arguing about on this board. Microsoft wins yet again. Confirms what I have been arguing about on this board. Microsoft wins yet again. It's an interesting study, but it had three glaring errors. One, it assumed incompetent admins. Two, it was about hypothetical systems, not real and tested (it was basically just counting exploits).
Three, well, I don't know, I'd have to see the data. It appears that they counted vulnerabilities disclosed and patched during a set period, but this wouldn't count the outstanding exploits at the start of the study (and Windows has loads of those). Plus, Red Hat is known to fix critical exploits very quickly, leaving trivial ones on the back burner for a while. This would definitely pump up the unpatched days number. Meanwhile, Microsoft has been known to leave critical exploits unpatched for months.
I hope that one of these days somebody will do an impartial real-world study. This was appears impartial, but definitely not real-world.
To: KwasiOwusu
Uhhhh...no. There were no real computers harmed in the making of this FUD.
They just counted the vulnerabilities that turned up times the days until a patch was released and added those up. Since MS tries hard to keep security holes secret until patches are available (and Open Source mostly doesn't) this is not a meaningful metric.
And since the Windows security holes tend to be "allows black hat to remotely own your pc, steal your passwords and identity and transfer all your money to liberia" and Linux holes tend to be, "promote local user to the permissions of the user that this application runs on" it is like saying that catching ebola twice is better than catching a cold five times.
If they had set up a Linux and a Windows 2003 server (patch 'em all you want, or even patch the Windows machine and not the Linux) then connected them to the net outside the firewall and tested for "time 'till security is breached" this might mean something.
50 posted on
02/17/2005 10:46:21 AM PST by
Rifleman
To: KwasiOwusu
Why does this remind me of the much-publicized spanking that MiG-flying Indian pilots administered to American pilots in war games about two years ago? It turns out that the rules of the game required the Americans to dumb-down their weapons systems until they were "equal" to the MiG weapon systems.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson