Study finds Windows more secure than Linux

The Seattle Time ^ | 2/17/05 | Brier Dudley

[rit]

SAN FRANCISCO — Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers.

The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

"I actually was wrong. The results are very surprising, and there are going to be some people who are skeptical," said Richard Ford, a computer-science professor at the Florida Institute of Technology who favors Linux.

[KwasiOwusu]

"He's already corrected himself on this, and complained that you didn't notice his correction."

Still doesn't explain why he'll make such on obviously ridiculous claim in the first place, hoping he'd get away with it.

[ThePythonicCow]

Doesn't exactly gel with your claims of rock solid Linux with just one security problem with Linux does it?

In any debate with more than a few people, one can find enough statements from the other side, that with a little bit of careful choice of selection and interpretation be made to cast the other side as a bunch of lying fools.

That you can do so here shows me you are out to score points, not lead us to insight.

Well, I haven't had a security breach on my Linux boxes, though I apply security fixes almost daily.

Nor for that matter have I ever had a security breach on my Windows boxes, though I apply security fixes almost monthly.

Note of course that the rate of applying security fixes is mostly detemined by the different mechanisms and procedures used by the two providers, Microsoft and the Open Source community and related Linux vendors. The difference in rate, as I noted in an earlier post, tells me nothing much about which is more secure.

But I digress. Note that I made two claims above - that I have not had the security breached, and that I apply frequent updates. These are not incompatible, and that you find them so just tells me you are looking for debating points to score, not for helpful information and insight.

[N3WBI3]

And the Linux guy was a university professor in computer science.

Who intentionally used an out of the box configuration, meaning it was the same as me handing a redhat disk to someone and saying, just click default..

[ThePythonicCow]

And you still haven't explained why you kept harping on it, long after he clarified himself.

But I think we know why. See my other posts.

[N3WBI3]

Cangratulation usgate, you have just signed up for the B2k Challenge... Gee I should start keeping a list..

Find a post where someone said Linux is perfect and has not bugs, errors, or the like...

[KwasiOwusu]

"Who intentionally used an out of the box configuration, meaning it was the same as me handing a redhat disk to someone and saying, just click default"

Not a chance.
He didn't.

[N3WBI3]

hmm and who do tyou think is paid more for thier skills a professor in CS or someone who manages enterprise server farms??

[KwasiOwusu]

"And you still haven't explained why you kept harping on it, long after he clarified himself"

"Clarified himself"? is in Klinton's "I did not have sexual relations with that woman" clarified?
Clarified nothing.
This was a clear attempt to hoodwink.
I am bringing it up to show that his latest claims can't be taken seriously either, since his earlier claims were made up too.
I stand by my it.

[N3WBI3]

Due, most if not all Linux admins / advocates on this board will say MS has its place, even in the serverroom. But to assume that MS will If it's less expensive to do software applications that run across the internet that more will get done and that as more are put in place that jobs, productivity, and economic efficiency are enhanced? is as foolish as assuming Linux will do it. You are acting the exact same way as them, just for a different OS..

[KwasiOwusu]

"hmm and who do tyou think is paid more for thier skills a professor in CS or someone who manages enterprise server farms??"

Why don't you tell me?
Hint: Even that useless Ward Churchil, with a two bit degree from some two bit university and no PHD is being paid nearly $100,000 by his universty.

[N3WBI3]

Apache runs almost 70% of the websites in the world... in the web space Apache/Linux are the leader of the pack..

[Caesar Soze]

I can well believe it. Every hacker on the planet has been attacking Windows for years. By this time, they have a lot of the holes filled.

Every hacker on the planet has also been attacking Linux and BSD for years -- and they've had the source while doing it. By the "every hacker on the planet" logic, Linux and BSD should be much more secure than Windows.

[ThePythonicCow]

thunk ...

[N3WBI3]

Just want to point a couple of things out to you guys:

1) This test had nothing to do with anyone compromising the system, it was merely counting posted advisories.

2) MS makes it a policy not to post holes until they are ready to fix them, Linux post them right away. This means your data is being gathered in different ways.

3) Without seeing the warnings they were counting we have no way of knowing how severe they were. Linux could have had a minor bug, and MS could have had an ownership bug.. (or vise-versa)...

4) The admins used out of the box configs, net securing either OS. Part of being an admin is securing an OS.

From the description of this 'study' its pretty useless to make any conclusions...

[FastCoyote]

Dear Kwazi:
I am so impressed with your comments (which mainly call the rest of us liars or idiots) that I am forsaking other operating systems forever. Please send me the money to convert my two FreeBSD servers (one of which ran bare ass to the internet for two years without a hitch) to Windows 2003 server.

[KwasiOwusu]

"in the web space Apache/Linux are the leader of the pack.."

Apache runs on HP Unix, Solaris, IBM AIX, even Windows as well as Linux.
You can't claim its just Apache/Linux.
Plus of course Windows still leads by far in Fortune 1000 companies, as I have already posted on this board several times.
That is what matters.

[N3WBI3]

US,

I would be suprise if 1/50 Apache servers was running on windows. I dont even bother to put it on windows, I would rather PUT IIS on it so the lower leverl windows admins dont have to bother me every ten minutes.

[ThePythonicCow]

From the description of this 'study' its pretty useless to make any conclusions...

Agreed. I said much the same in my Post #316. You said it better. Thanks.

[KwasiOwusu]

"Please send me the money to convert my two FreeBSD servers (one of which ran bare ass to the internet for two years without a hitch) to Windows 2003 server."

Forward that request to all those Red Hat people who made millions when Red Hat had their IPO.

[N3WBI3]

We have had tons of security holes in Linux in the past 12 months alone, but we still keep seeing these boasts about "never had any security problems on my Linux box" from open source fanatics on this board all the time, something which is not backed up by the facts, as in this from your own open source loving slashdot:

Kwazy there is a difference between "never had any security problems on my Linux box", and "Linux is perfect". In general people on these threads are pretty competent admins. I take B2K at his word when he says hhis windows box has never been hacked, because thats not the same as saying windows is perfect...