Study finds Windows more secure than Linux

The Seattle Time ^ | 2/17/05 | Brier Dudley

[rit]

SAN FRANCISCO — Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers.

The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

"I actually was wrong. The results are very surprising, and there are going to be some people who are skeptical," said Richard Ford, a computer-science professor at the Florida Institute of Technology who favors Linux.

[antiRepublicrat]

It is light years beyond Java.

In some ways it's better. In others I miss Java. But in general, I do like programming in .NET with C# -- that's what I do for a living.

[dartuser]

No sense arguing over which OS is better, they each have their place.

If you want to listen to music while surfing, pop a CD in your Windows machine, if you want to edit a document that you know your neighbor can receive, you use Word ... if you want to do your taxes use Excel ... If you want to develop the 80,000 lines of code necessary to control the attitude of an F-18, Windows is the last OS that a programmer would use ...

That's where Unix comes in ... if I am doing large scale SW development, you will be in the Unix environment. Large scale engineering studies, Unix ... Image processing research, Unix. ... etc.

There are plenty of people that will try to shoehorn their favorite OS into trying to make it do something it is not efficient at just to say "My favorite OS can do that." I happen to think alot of SuSE 9.2, but I wouldn't even bother wasting the time trying to get my TV card running under SuSE when Win2000 configured it for me when I plugged it in! ... and in 2 minutes I was watching Sports Center on my PC.

These OS'es are tools to get the job done ... pick the right tool for the job and you cant loose.

[usgator]

Thats not alot to hang your hat on that Windows is more secure

I never said anything about it being more secure because they were pirated. We were discussing distribution and how many copies are in use but not accounted for in stats.

And I never said I agree with the usage, I only said I have seen it happen.

[Ernest_at_the_Beach]

So you like the spyware treats?

[usgator]

Thanks for the info ... I will definately try these products out! The only real problem I had with mySQL is the fact I couldn't use views or sprocs.

[usgator]

My home PC has Win 2003 (legal copy) and Linux Madrake 10 (free distribution). I have McAfree firewall/virus scan. I also have applications I made myself to kill spyware and pop-up ads ... I am a software developer.

Luckily, I don't get "spyware treats".

[dalight]

mySQL is SQL light and non-standard. Try PostgreSQL its at version 8.0 now and it has lots of features. If you are on windows, you must.. must.. get pgAdmin III a GUI interface for managing PostgreSQL.

[KwasiOwusu]

"Vint Cerf was an admin, then a programmer when he started working on the ARPANET host protocols, although he did finish up with TCP/IP while he was an assistant professor at Stanford."

I'd say Vint Cerf was a university professor.
Its like saying a doctor who used to work at Burger King while at medical school, them invented some new kind of surgery after becoming a doctor, had that invention done by a Burger King attendant.

Vint Cerf was able to do sys admin, but he sure was not a sys admin when he was inventing TCP/IP.
Your example just won't wash.

[KwasiOwusu]

"Personally, I want the formula to Coke, but those anti open-source capitalist pigs won't give it to me for free so I can reproduce it and compete with them"

LOL!

[SengirV]

And yet a new Microsoft ONLY problem rears it's ugly head today - http://sanjose.bizjournals.com/sanjose/stories/2005/02/14/daily42.html

But as long as these morons say M$ is safer. What a friggen joke.

[KwasiOwusu]

"Ah, sales figures. You mean the millions of copies of Windows sold to upgrade from older versions, not increasing marketshare?"

Nope.
I mean the figures for operating systems installed on the actual physical servers at the factory, before they ship.
Both IDC and Gartner use actual servers sold, and the operating systems installed on them before they ship.
Noboby will pay for Windows Server to be installed on their server, then delete it and install Linux on it.

"You mean all the copies of Linux running that aren't part of any sales figures?"

I mean actual servers and the operating systems installed on them at the factory.
Since neither Dell nor HP nor nor Hitachi, not Fujistu-Siemens, nor even IBM sell many "naked"(no operating systems installed) servers to businesses, your point about "uncounted copies of Linux" installed on servers from Mars just doesn't hold much water.

[rit]

I read the news story and it is a bit misleading. For years now, spammers have combed the likes of google and others for email addresses. In 2001-2002, a princeton based company had posted reports showing the email Ids that they had found from various web sites and when challenged, showed the same info was available from Google.

Anyhow, the point is that the worm is an old worm and the only new twists is that it gets an initial email address from a search engine. It sends the worm as an undelivered email message and the user has to open up the attachment in order to infect the machine.

BTW, I saw the Richard Clark comment on how insecure Microsoft Windows products are. Interesting that he made the quote at the same conf as the researchers saying MS operating systems are more secure then Linux.

[KwasiOwusu]

"Okay, prove me wrong"

Nice try.
I don't have to prove anything.
The results of the test between the 2 operating systems by highly competent individuals is there for anyone to see.
If you want to challenge their findings, its up to you to come up with proof, that their tests were not valid.
So afar all I am getting from you is speculation, bluster and innuendo, backed up by plenty of hot air.
Nothing new there.

[KwasiOwusu]

"Uh ... couldn't Mirosoft say the same thing? I personally worked at companies that buy one copy of Windows server and distribute it to as many servers as they have. And the desktop versions? I've seen 20 or 30 people share one licensed copy"

I have seen the same thing happen over and over again, especially when I was in Europe, and especially amongst smaller businesses.

[StJacques]

"In some ways it's better. In others I miss Java. . . ."

And I do quite a bit of Java with IBM WebSphere.

You can "pop up" and view two PowerPoint presentations of talks I gave to a Houston IBM AS/400 User's Group introducing them to XML and XML Web Services development with Java and WebSphere at the following link:

HASG Presentation on XML Web Services & WebSphere

I don't knock Java, because I think it is a fine server-side language, and I do like some things about IBM's capabilities.

[ImaGraftedBranch]

I agree with your post completely. Our company has a business process monitoring product that runs on Windows 2K/2003 servers. The reason? We need to access data from ANYWHERE -- mainframes, servers, networks, 3rd-party products, web, XML, etc. We have over 70 TYPES of datasources, and it is a breeze. Couldn't even fathom trying to get the same level of functionality under Unix, and I've got 20+ years in the arena.

Since Win2K, the servers don't crash. Period. It's a lot of old baggage from the NT days.

[Bush2000]

Here's a novel suggestion: Try reading the damned research paper rather than sticking your head in the sand.

[KwasiOwusu]

"The only University professor that I know who wrote a major operating system that enjoys any market share today is Linus Torvalds"

Linus Torvalds was a university profesor huh?
Pray tell me, where was that at?


Umm about you not knowing any university professor who has developed an operating system... Off the top of my head I can think of a guy called Rick Rashid, who was actually a REAL university professor, unlike your Linus Torvalds who definitely wasn't.
I'll let Rick Rahid's resume speak for itself:

"Before joining Microsoft in September 1991, Rashid was professor of computer science at Carnegie Mellon University (CMU). After becoming a CMU faculty member in September 1979, he directed the design and implementation of several influential network operating systems, and published dozens of papers about computer vision, operating systems, programming languages for distributed processing, network protocols and communications security. During his tenure at CMU, Rashid developed the Mach multiprocessor operating system, which has been influential in the design of many modern operating systems and remains at the core of a number of commercial systems."

http://www.microsoft.com/presspass/exec/rick/default.asp

That is just ONE professor, designing SEVERAL network operating systems. Plus the Mach opearting system, upon which many modern operating systems and which remains at the core of a number of commercial systems
Remember, we are still talking about just ONE professor here.
Show me any sys admin who even comes close.
That is just off the top of my head, without even trying.

[dalight]

This is called an eliptical point. You have to go the long way around to get it.. so it could have been said better. I was getting at all of those illegal copies are soon to be frozen out of updates thus making the security situation worse.

Microsoft knows this.. and have thus avoided really cracking down on this practice except to push a point. But now that revenues are flat, Longhorn has been indefinitely postponed and things are not looking as rosy as they once did, M$ is having to do something, anything for revenue growth.

Frankly, Microsoft seems to be suffering the fate of companies that win or get soft treatment in Anti-Trust actions. One could argue that if Microsoft had been broken up.. the shareholders probably would have twice the value in their shares as they do now.. because the current situation with Microsoft actually is suppressing sales and blocking innovation and thus new products and profits. Its called inertia.

Microsoft has moved from rapidly growing marketing company to a monopolistic overreaching cash cow. This is the nature of the beast once you own 95% of the market. You can't grow it another 20% next year. They have tried desperately to find other new technologies and rides.. but Microsoft has had remarkably bad luck in almost all of these adventures.

A broken Microsoft would have delivered the shareholders stock in multiple competing companies each facing each other .. but also would have potentially expanded Office into Linux, and perhaps they would be in better shape then they find themselves now in the context of the new Cell processor.

BTW - the referenceed article above on the Cell processor is enough to make anyone who is in love with Wintel sick.

[KwasiOwusu]

"Was this sponsored research?"

That's the beauty of it.
It wasn't sponsored by anybody.