Language Selection

English French German Italian Portuguese Spanish

Microsoft vs Linux Reports - Sheer Waste Of Time?

Filed under
Linux
Microsoft

The report released by Security Innovation Inc., an application security company, comparing Windows Server 2003 security with Red Hat Enterprise Linux 3 Enterprise Server (RHEL3ES) is very interesting in its own right. Just skimming through the report reveals a few discrepancies that question its credibility.

The main page briefing about the paper states:
"Results of Independent Research Project that Microsoft Windows Server 2003 has Fewer Security Flaws than Multiple Configurations of a Compatible Linux Server." While the researchers are clearly mentioning the Microsoft product the use the more generic term "Linux". Why generalize? It is hard to believe that these PhDs do not understand the relevance of this statement. Why couldn't they just be direct and mentioned "RHEL3ES?"

In the report:
"Aside from beliefs over the relative "security" of the closed versus Open Source development paradigms, another important contributing factor is that Microsoft develops and releases all the components in their Web server stack. This allows Microsoft more control over release cycles and vulnerability disclosures than the distributed development method."

This brings up a couple of interesting points. Firstly, according to them implementing multiple components (software) in an enterprise makes the overall system more vulnerable. Well, so we must expect enterprises to immediately take actions to ensure that ALL their ERP, SCM, CRM, and, of course, Web Servers are from a single vendor. Though we hate to repeat this but have they ever heard of something called "vendor lock-in".

Secondly, the report states that Microsoft has control over release cycles AND VULNERABILITY DISCLOSURES. Do they intend to say that the "days of risk" has been significantly affected by the fact that the vendor has control as to when the vulnerability will be disclosed?

A little later comes:
"Another factor which helps Microsoft in terms of average days of risk is that Microsoft strongly encourages a "responsible disclosure" policy - that is, the company attempts to carefully coordinate vulnerability announcement with fix announcement and actively build relationships with new security researchers."

It does seem that the report is trying to explain that the companies buying the Microsoft products are supposed to work closely with Microsoft to ensure that the vulnerability announcement and fix announcements are as close as possible to ensure that the "days of risk" are kept to a minimum. We sincerely hope that we got this one wrong.

Though a lot more can be analyzed in the report, it does appear that "independent" research seems to have been done (or should we say, written) by people who think that Enterprise IT Heads are a bunch of fools who have all the time on earth to read through tones of pages of deceptive analysis.

Source.

More in Tux Machines

Knoppix 7.4.1 Updated with New Linux Kernel and Multiple Fixes – Gallery

Knoppix 7.4.1, a bootable Live CD/DVD made up from the most popular and useful free and open source applications, backed up by automatic hardware detection and support for a large number of hardware devices, has been released and is now available for download. Read more

Hackable $39 Allwinner A20 SBC packs HDMI and GbE

The $39 hackable “pcDuino3Nano” SBC runs Android or Ubuntu on a dual-core Allwinner A20 SoC, and offers GbE, HDMI, and 3x USB, plus Arduino-style expansion. It appears we have a new price/performance standout in the open source single board computer game. Longmont, Colorado based LinkSprite Technologies, which hosts the open source project for Allwinner-based pcDuino SBCs, has just announced a $39 board with a set of features that would typically go for about $60. The pcDuino3Nano offers the same dual-core, 1GHz Cortex-A7 system-on-chip and all the other features of the $77 pcDuino3 SBC except for the LVDS interface, I2S stereo digital audio output, and built-in WiFi. It also adds a second USB 2.0 host port, and upgrades the LAN interface from 10/100 to 10/100/1000 Ethernet. Read more

New Video Series Teaches Kids About Linux

Growing up in rural Utah, brothers Jared and JR Neilsen spent their free time recording videos that starred a cast of homemade puppets. As adults they've reconvened to create their own web series,Hello World, which aims to teach kids about computer science. The latest segment in the series, “Superusers: The Legendary GNU/Linux Show,” is focused on teaching Linux fundamentals. Puppets Adelie the penguin and Aramis the gnu lead kids on operating system adventures to teach topics such as how to use commands, write basic shell scripts, and find a file or directory. “We wanted to do something creative and fun, merging the adventures of our youth with our current interests in computer science,” Jared Neilsen said, via email. “It's a pastiche of things we love: puppets, surreal British comedy, philosophy, music, superhero cartoons, and Linux, of course.” Read more

Google's Chrome Strategy Heads in New Directions, Draws Linux Comparisons

Google's Chrome browser and Chrome OS operating system are grabbing headlines this week for several reasons. As Susan reported here, Matt Hartley said recently, 'Anyone who believes Google isn't making a play for desktop users isn't paying attention.' Hartley favors putting Linux in front of a lot of potential Chrome OS users, and says "I consider ChromeOS to be a forked operating system that uses the Linux kernel under the hood." Read more