Language Selection

English French German Italian Portuguese Spanish

Microsoft vs Linux Reports - Sheer Waste Of Time?

Filed under
Linux
Microsoft

The report released by Security Innovation Inc., an application security company, comparing Windows Server 2003 security with Red Hat Enterprise Linux 3 Enterprise Server (RHEL3ES) is very interesting in its own right. Just skimming through the report reveals a few discrepancies that question its credibility.

The main page briefing about the paper states:
"Results of Independent Research Project that Microsoft Windows Server 2003 has Fewer Security Flaws than Multiple Configurations of a Compatible Linux Server." While the researchers are clearly mentioning the Microsoft product the use the more generic term "Linux". Why generalize? It is hard to believe that these PhDs do not understand the relevance of this statement. Why couldn't they just be direct and mentioned "RHEL3ES?"

In the report:
"Aside from beliefs over the relative "security" of the closed versus Open Source development paradigms, another important contributing factor is that Microsoft develops and releases all the components in their Web server stack. This allows Microsoft more control over release cycles and vulnerability disclosures than the distributed development method."

This brings up a couple of interesting points. Firstly, according to them implementing multiple components (software) in an enterprise makes the overall system more vulnerable. Well, so we must expect enterprises to immediately take actions to ensure that ALL their ERP, SCM, CRM, and, of course, Web Servers are from a single vendor. Though we hate to repeat this but have they ever heard of something called "vendor lock-in".

Secondly, the report states that Microsoft has control over release cycles AND VULNERABILITY DISCLOSURES. Do they intend to say that the "days of risk" has been significantly affected by the fact that the vendor has control as to when the vulnerability will be disclosed?

A little later comes:
"Another factor which helps Microsoft in terms of average days of risk is that Microsoft strongly encourages a "responsible disclosure" policy - that is, the company attempts to carefully coordinate vulnerability announcement with fix announcement and actively build relationships with new security researchers."

It does seem that the report is trying to explain that the companies buying the Microsoft products are supposed to work closely with Microsoft to ensure that the vulnerability announcement and fix announcements are as close as possible to ensure that the "days of risk" are kept to a minimum. We sincerely hope that we got this one wrong.

Though a lot more can be analyzed in the report, it does appear that "independent" research seems to have been done (or should we say, written) by people who think that Enterprise IT Heads are a bunch of fools who have all the time on earth to read through tones of pages of deceptive analysis.

Source.

More in Tux Machines

'Open' Processor

  • 25-core open source chip could pave way for monster 200,000-core PC
    PRINCETON UNIVERSITY BOFFINS have developed a 25-core open source processor that can be scaled to create a monster 200,000-core PC stuffed with 8,000 64-bit chips. The chip is called Piton after the metal spikes driven by rock climbers into mountain sides, and was presented at the Hot Chips symposium on high-performance computing in Cupertino this week.
  • New microchip demonstrates efficiency and scalable design
    Researchers at Princeton University have built a new computer chip that promises to boost performance of data centers that lie at the core of online services from email to social media. [...] Other Princeton researchers involved in the project since its 2013 inception are Yaosheng Fu, Tri Nguyen, Yanqi Zhou, Jonathan Balkind, Alexey Lavrov, Matthew Matl, Xiaohua Liang, and Samuel Payne, who is now at NVIDIA. The Princeton team designed the Piton chip, which was manufactured for the research team by IBM. Primary funding for the project has come from the National Science Foundation, the Defense Advanced Research Projects Agency, and the Air Force Office of Scientific Research.
  • Manycore ‘Piton’ Climbs Toward 200,000-Core Peak

Android Leftovers

Lubuntu 16.10 Beta Out Now with Linux Kernel 4.4 LTS and the Latest LXDE Desktop

As part of today's Ubuntu 16.10 (Yakkety Yak) Beta launch, Simon Quigley from the Lubuntu Linux team released the first Beta build of the upcoming Lubuntu 16.10 operating system. Read more Also: Ubuntu MATE 16.10 (Yakkety Yak) Beta Removes the Heads-Up Display (HUD) Feature Ubuntu GNOME 16.10 Beta 1 Released with GNOME 3.20 and GNOME 3.22 Beta Apps Ubuntu 16.10 "Yakkety Yak" Beta Released, Ubuntu GNOME Has Experimental Wayland

Facebook open sources its computer vision tools