Results 1 to 5 of 5

Thread: Windows v Linux security report

  1. #1
    Senior Member
    Join Date
    Oct 2002

    Lightbulb Windows v Linux security report

    A new report has been published that aims to compare Windows V Linux security using facts rather then hype, mythology, the force, or anything else.

    So have a read and see what you think.


    based on the way these things tend to be received here let me just say that :

    1) I am not saying Linux is better then Window or vice versa, merely hoping that reading the report will help people out. I did not write the report so any bias it has is not mine.

    2) I do not wish to start yet another Windows v Linux debate, but hopefully people can argue against the points made in the report in a constructive fashion.

    3) Saying its down the admin won`t work in this case as its talking about fundamental design issues (although I agree very much that an Admins skill affects security).

    4) Personnally I use Freebsd more then anything else, which , in my own personal opinion (which I am entirely entitled to) is better then Windows or any Linux distro, but I use Windows and its fine for some stuff, and I use Linux which is fine for other stuff.

    Now I am returing to my cave.
    Quis custodiet ipsos custodes

  2. #2
    Myth: There's Safety In Small Numbers:
    Where is that link that was posted on AO that showed Linux servers being defaced more than Windows? I thought it was on zone-h, I couldn't find it.
    This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, [1] 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.
    Apache is not an operating system, and Apache can run on Windows. I don't see the relevancy of this point.

    But Apache worms rarely make headlines because they have such a limited range of effect, and are easily eradicated.

    A new report has been published that aims to compare Windows V Linux security using facts rather then hype, mythology, the force, or anything else.
    This is a biased article and Petreley knew which way this was going to go before he wrote it.

  3. #3
    Senior Member
    Join Date
    Oct 2002
    I don`t think he is saying apache is an OS, to quote "apache and the underlying OS". The point he is trying to make is to do with Apache and Linux v Windows and IIS and the prevelance of one or the other, yes, apache does run on Windows, which is more of an arguement against the point. Although I would guess that Windows and IIS is more commonly in use then Windows and Apache.

    Also, I fear that in the current climate, anything which comes down on one side or the other is going to be biased, regardless of whethers it based on facts or fiction.
    Quis custodiet ipsos custodes

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    I like the article. This is NOT a normal Windows bashing. The author take time to explain is idea and in my personal view, he has reason on a lot of point. I cannot comment on the linux but I have to comment on in Windows bashing:

    Windows has only recently evolved from a single-user design to a multi-user model
    It doesn't really matter from a security stand point in my view.

    Windows is monolithic, not modular, by design
    This is very true. Microsoft has a lot of work do here. Everything is so dependant on everything that is like huge card castle, on card fail, the castle fall.

    Windows depends too heavily on an RPC model
    This is also very true. It's impossible to shutdown the RPC service. Because of that, RPC is the biggest hole in Windows.

    Windows focuses on its familiar graphical desktop interface
    No big deal here. That has nothing to do with Security.

    With all this being said, Windows is an old OS who stuck with is legacy while Linux is technically new OS who doesn't have a legacy yet. By legacy, I mean old programs, customs or not. And we all agree that in most case, new is better.

    In another point of view, the part of the article that talks about Apache and ISS is completely biased. The author use IIS 5 for example while the latest version is 6.

    Conclusion : Still a good read.
    -Simon \"SDK\"

  5. #5
    Junior Member
    Join Date
    Oct 2002
    Hmm, always dangerous to attack Linsux. Geeks go just as mad as the Mac users :P
    \'To attain knowledge add something every day....
    ....to attain wisdom remove something every day.\'

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts