Windows tops Linux in security demo It might not be ready for Broadway, but the divisive question of which operating system is more secure was put to the test here yesterday in a lighthearted statistical duel between opposing advocates of the rival programs.
In a development that may surprise some, Microsoft's Windows Server 2003 emerged victorious over a rival Red Hat Linux operating system for computer servers. That was using the security-related criteria agreed upon in advance by Linux backer Richard Ford of the Florida Institute of Technology and Windows enthusiast Herbert Thompson of application-security firm Security Innovation.
Linux fans can take some solace. After all, they still have that cool mascot. As figureheads go, Bill Gates "can't compete with the penguin," Ford said.
But there was a more serious lesson underlying the session at the RSA computer security convention in San Francisco: Any assessment of a computer system's security depends to a great degree on how you look at it.http://secunia.com--------------------------------------------------------------------------
Linux fan concedes Microsoft is more secure A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded that Microsoft produces more secure code than its open source rivals.
In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.
"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."
The pair examined the number of vulnerabilities reported in both systems and the actual and average time it took to issue patches. In all three cases Windows Server 2003 came out ahead, with an average of 30 "days of risk" between a vulnerability being identified and patched compared to 71 from Red Hat.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
