Language Selection

English French German Italian Portuguese Spanish

Linux lags Windows in new security report

Filed under
Linux
Microsoft
Security

A report released today indicates Windows Server 2003 may actually be more secure than its most popular Linux competitor when it comes to vulnerabilities and the time it takes to patch them.

"The fact that Security Innovations [which produced the paper] retained 'editorial control' doesn't help; if Microsoft is paying the bills, there can be all sorts of nonverbal pressure behind the scenes. It isn't like it was 'co-funded' by both Microsoft and Red Hat," said Michael D. "Mick" Bauer, senior editor of Linux Journal and director of value-subtracted services for Wiremonkeys.org.

He also questioned the narrow focus. "This study appears to be more concerned with vulnerability counts and patch-release cycles than in actual security or securability. Certainly, if Microsoft has reduced the amounts of bugs in [its] software and gotten faster at patching bugs, that's great. But the bug-patch rat race is only one part of a much more complicated security picture, and the way I see it, Linux still has compelling advantages from a security standpoint."

Such a reaction was anticipated by authors Richard Ford, Herbert H. Thompson and Fabien Casteran. They intentionally ignored threat profiles in favor of inherent vulnerabilities in Windows Server 2003 and two versions of Red Hat Enterprise Linux 3.0. The goal, they said, is to provide a security metric for IT professionals to apply to their own software shopping.

"I don't think people should make adoption decisions purely based on the results, but I think it does at the very least give decision makers and diehards on either side, or even the neutral people, a chance to look beyond hype and speculation and look at hard numbers," said Thompson, director of research at Melbourne, Fla.-based Security Innovation Inc., the application security provider that produced the report.

Thompson denies Microsoft's money influenced results but admits that's a source of contention for a lot of people. "We've gotten funding from Microsoft and as a result of that people have come back and said this automatically must not be relevant and fair and balanced. That's one reason our mission has been to be completely transparent in the methodology."

Full Story.

More in Tux Machines

Games Leftovers

OSS Leftovers

  • Julita Inca Chiroque: Parallel Computing Talk
  • Open Source Monitoring Conference: Speakers, Agendas, and Other Details
    One of today’s leading tech conferences, the Open Source Monitoring Conference (OSMC), is back to bring together some of the brightest monitoring experts from different parts of the world. The four-day event will be held at Holiday Inn Nuremberg City Conference in Germany starting today, November 21st, until November 24th.
  • Why a Dallas-area tech startup opened a KC office
  • Open education: How students save money by creating open textbooks
    Most people consider a college education the key to future success, but for many students, the cost is insurmountable. The growing open educational resource (OER) movement is attempting to address this problem by providing a high-quality, low-cost alternative to traditional textbooks, while at the same time empowering students and educators in innovative ways. One of the leaders in this movement is Robin DeRosa, a professor at Plymouth State University in New Hampshire. I have been enthusiastically following her posts on Twitter and invited her to share her passion for open education with our readers. I am delighted to share our discussion with you.

Android Leftovers

Linux 4.10 To Linux 4.15 Kernel Benchmarks

The ThinkPad X1 Carbon has been enjoying its time on Linux 4.15. In addition to the recent boot time tests and kernel power comparison, here are some raw performance benchmarks looking at the speed from Linux 4.10 through Linux 4.15 Git. With this Broadwell-era Core i7 5600U laptop with 8GB RAM, HD Graphics, and 128GB SATA 3.0 SSD with Ubuntu 17.10 x86_64, the Linux 4.10 through 4.15 Git mainline kernels were benchmarked. Each one was tested "out of the box" and the kernel builds were obtained from the Ubuntu Mainline Kernel archive. Read more