Language Selection

English French German Italian Portuguese Spanish

Linux lags Windows in new security report

Filed under
Linux
Microsoft
Security

A report released today indicates Windows Server 2003 may actually be more secure than its most popular Linux competitor when it comes to vulnerabilities and the time it takes to patch them.

"The fact that Security Innovations [which produced the paper] retained 'editorial control' doesn't help; if Microsoft is paying the bills, there can be all sorts of nonverbal pressure behind the scenes. It isn't like it was 'co-funded' by both Microsoft and Red Hat," said Michael D. "Mick" Bauer, senior editor of Linux Journal and director of value-subtracted services for Wiremonkeys.org.

He also questioned the narrow focus. "This study appears to be more concerned with vulnerability counts and patch-release cycles than in actual security or securability. Certainly, if Microsoft has reduced the amounts of bugs in [its] software and gotten faster at patching bugs, that's great. But the bug-patch rat race is only one part of a much more complicated security picture, and the way I see it, Linux still has compelling advantages from a security standpoint."

Such a reaction was anticipated by authors Richard Ford, Herbert H. Thompson and Fabien Casteran. They intentionally ignored threat profiles in favor of inherent vulnerabilities in Windows Server 2003 and two versions of Red Hat Enterprise Linux 3.0. The goal, they said, is to provide a security metric for IT professionals to apply to their own software shopping.

"I don't think people should make adoption decisions purely based on the results, but I think it does at the very least give decision makers and diehards on either side, or even the neutral people, a chance to look beyond hype and speculation and look at hard numbers," said Thompson, director of research at Melbourne, Fla.-based Security Innovation Inc., the application security provider that produced the report.

Thompson denies Microsoft's money influenced results but admits that's a source of contention for a lot of people. "We've gotten funding from Microsoft and as a result of that people have come back and said this automatically must not be relevant and fair and balanced. That's one reason our mission has been to be completely transparent in the methodology."

Full Story.

More in Tux Machines

today's howtos

Leftovers: Gaming

Red Hat and Fedora

Canonical and Ubuntu

  • OpenStack Solution Provider Awnix Joins Canonical's Cloud Partner Programme
    Canonical has been excited to announce that Awnix, an OpenStack solution provider with over 25 years of experience designing systems for enterprise data center environments, has joined its Partner Reseller Programme for cloud solutions.
  • Docker Has No Plans to Ditch Ubuntu in Favor of Alpine Linux - Report
    If you've been reading the news lately, you may have heard rumors that Docker founders hired the developer of Alpine Linux, a small, text-based distribution, to move the official Docker images away from the Ubuntu infrastructure.
  • More Android Vendors Said To Be Eyeing Ubuntu Phones This Year
    A greater number of Android smartphone/tablet vendors are said to be eyeing Ubuntu Phone for new devices later this year. In an interview published this morning by The Register, Canonical CEO Jane Silber talked about their communications with more (unnamed) Android vendors and supposedly seeing some other vendors offering Ubuntu Phone products later in 2016.