Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 42

Thread: Study finds Windows more secure than Linux

  1. #11
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Nice to see RedHat is the only Linux distro in the whole World and just because it had these flaws that all others do. I wonder...... Did they do a full install of all ... 3 GBs of software? And then count how many of those were patched?

    I've said it before:

    Trim Linux installs down to nothing but what Windows comes with too and try again. Most people fail to point out the average Linux distro comes with about 10 X the software Windows comes with. More software = more risk for patches.

  2. #12
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    God I'm sick of these windows vs linux discussions
    My intent was not another windows vs. linux discussion.

    Ford said the idea was to represent what an average system administrator may do, as opposed to a "wizard" who could take extra steps to provide plenty of security on a Linux setup, for instance.
    Taken from the original article, I just wanted to see what people thought about an average system admin. and a "wizard admin. The article does not prove anything except to have your article written.

  3. #13
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I run both web servers IIS 6 and I run Apache 1.3.3.

    I have never had a security breach nor any problems with either of these webservers other than me messing up the httpd.conf file once. lol
    =

  4. #14
    Junior Member
    Join Date
    Feb 2005
    Posts
    6

    Re: Study finds Windows more secure than Linux

    Originally posted here by devpon
    http://seattletimes.nwsource.com/htm...ecurity17.html

    So, for all you "wizard" system administrators out there, is this article even worth discussing?
    Seattle Times, im sure Microsoft's home town news paper would try and promate a Microsoft product. That city gains way too much off of Microsoft not to.

    They compared Windows Server 2003 and Red Hat Enterprise Server 3 running databases, scripting engines and Web servers
    Im wondering what packages where installed on Red Hat, its defult setup never had impressed me as far as secruity is concerned.

    These studies are pointless. I do not think one has been done yet that hasn't been slanted one way or another. If the admin keeps the system patched, there is no problem.

  5. #15
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Wrong. The FBI Email was hacked recently and they had all Windows patches in.

  6. #16
    Senior Member frpeter's Avatar
    Join Date
    Dec 2004
    Posts
    131
    Hello,

    I gennerally don't get involved in these type of discussions due to the rapid tendency of degration. However; this study becons a response. Eeye tracks MicroSoft 3 years behind on critical patches. The worst response time I have ever seen out of Apache is 2 weeks.

    I must agree that IIS 6.0 is to fresh/raw to be properly evaluated. Wait until the first vulnerability is found and factor in MicroSoft's response time to get a "properly working" patch out to the public. This I believe is were the number will seperate fact from advertising hype.

    A good example of this is the now recalled Longhorn. What was hyped as the most secure OS MicroSoft ever released turned, in my opinion, into an advertising embarassment that MicroSoft will never live down. Apache 2.x have a working history, IIS 6.0 has nothing to back any creditable resultsd on.

    An aside to this. lets have an evaluation of Linux vs MicroSoft done be a hard-core back-breaking blinder ridden MAC user, perhaps Steve Jobs. Then and only then will we settle this rhetotical os war. Those result WOULD be very interesting considering Steve Jobs' partiality to MAC. How about Larry Elliot (Oracle), the man that believes the PC is the parasitic plague of the universe, another very interesting result.

  7. #17
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Firstly, let me categorically state that I am no expert in this area, so I will wear my Finance Director/CFO hat (you know, the miserable little £$%^%^& you have to get to sign the purchase authority )

    I question the validity of these "researches" as I wonder how easy it is to get a "level playing field" when doing virtually "out of the box" comparisons between professional products.

    I would want to see a comparison between Product A + Wizard and Product B + Wizard

    I am also sceptical about vulnerability and patch statistics. How many are just proof of concept? how many have actually been exploited? what was the cost to the organisations concerned?

    I think that the whole subject is rather more complex than these two dimensional analyses suggest, particularly if you view security as a layered rather than a single product concept.

    Just my £0.02

  8. #18
    Senior Member
    Join Date
    Aug 2001
    Posts
    117
    Duck has a good point to. But the case is that anyone can start IIS or a Linux web server and without knowing the risks associated with doing so.

    Personally, for enterprise applicaations I use enterprise OS's Windows is not my first choice for anything.
    Luck--TSM
    Atlanta, GA


  9. #19
    Junior Member
    Join Date
    May 2004
    Posts
    1
    hmmm according to Zone-h.org analysis, i see that windows in secure than linux.

    check itout : http://www.zone-h.org/en/winvslinux2
    If you didnt hack your system,Who will do it !!!
    Dr.Death
    THE MAN OF THE DARK SIDE
    R.I.P

  10. #20
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Until any distro of Linux comes out with a widely accepted TFM, these studies are worthless.

    Until these studies consider real world risks (inside attacks, odds of misconfiguration, audit trail accountability) they will be worthless.

    Until then, we are merely left with DOD-5200.28-STD and ISO 15408, which state thus far: Windows has better security with regard to confidentiality and integrity and equal security (when compared to specific vendors, better than others) for availability and assurances. These statements are very incomplete however because the Linux community cannot bond together enough to come up with a single specification, instead they want to compare all the best attributes of many different kernel mods as well as exotic and research variations/ configuration. This makes Linux impossible to quantify and we are left with this nebulous blob that no one can agree upon. This may be its greatest strength as far as home users in the know goes, it is it's biggest weakness as far as the corporate world and perhaps more importantly high assurance environments goes. A few vendors have tried to correct this by defining their own specific flavor, but this runs into further problems with a large percentage of the Linux core user base... *sigh*

    Linux aside...
    Although IIS6 is the better product, I still prefer IIS5 for security reasons due to my possession of a DBAC kernel module. (and as much as I love me some Windows, porting such things from one rev to the next can be a MAJOR headache.)

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •