Language Selection

English French German Italian Portuguese Spanish

Microsoft vs Linux Reports - Sheer Waste Of Time?

Filed under
Linux
Microsoft

The report released by Security Innovation Inc., an application security company, comparing Windows Server 2003 security with Red Hat Enterprise Linux 3 Enterprise Server (RHEL3ES) is very interesting in its own right. Just skimming through the report reveals a few discrepancies that question its credibility.

The main page briefing about the paper states:
"Results of Independent Research Project that Microsoft Windows Server 2003 has Fewer Security Flaws than Multiple Configurations of a Compatible Linux Server." While the researchers are clearly mentioning the Microsoft product the use the more generic term "Linux". Why generalize? It is hard to believe that these PhDs do not understand the relevance of this statement. Why couldn't they just be direct and mentioned "RHEL3ES?"

In the report:
"Aside from beliefs over the relative "security" of the closed versus Open Source development paradigms, another important contributing factor is that Microsoft develops and releases all the components in their Web server stack. This allows Microsoft more control over release cycles and vulnerability disclosures than the distributed development method."

This brings up a couple of interesting points. Firstly, according to them implementing multiple components (software) in an enterprise makes the overall system more vulnerable. Well, so we must expect enterprises to immediately take actions to ensure that ALL their ERP, SCM, CRM, and, of course, Web Servers are from a single vendor. Though we hate to repeat this but have they ever heard of something called "vendor lock-in".

Secondly, the report states that Microsoft has control over release cycles AND VULNERABILITY DISCLOSURES. Do they intend to say that the "days of risk" has been significantly affected by the fact that the vendor has control as to when the vulnerability will be disclosed?

A little later comes:
"Another factor which helps Microsoft in terms of average days of risk is that Microsoft strongly encourages a "responsible disclosure" policy - that is, the company attempts to carefully coordinate vulnerability announcement with fix announcement and actively build relationships with new security researchers."

It does seem that the report is trying to explain that the companies buying the Microsoft products are supposed to work closely with Microsoft to ensure that the vulnerability announcement and fix announcements are as close as possible to ensure that the "days of risk" are kept to a minimum. We sincerely hope that we got this one wrong.

Though a lot more can be analyzed in the report, it does appear that "independent" research seems to have been done (or should we say, written) by people who think that Enterprise IT Heads are a bunch of fools who have all the time on earth to read through tones of pages of deceptive analysis.

Source.

More in Tux Machines

Linux or GNU/Linux – Here is What Every User Should Know.

The parties who work for the project deserves credit though the task is important thing than who did it. But people fear naming it just Linux won’t give a community spirit to the distributions rather it would make it just a business perspective. The project to develop complete free version of OS was started by GNU project years before the the work of Linux initiated. The core component of the system is GNU and Free Software Foundation(FSF)’s founder Richard Stallman called it as GNU/Linux whereas the name came into rise after Yggdrasil Linux distribution adopted the complete name. Read more Also: Unixstickers Review: Pimp Out Your Laptop

The Money In Open-Source Software

It’s no secret that open-source technology — once the province of radicals, hippies and granola eaters — has gone mainstream. According to industry estimates, more than 180 young companies that give away their software raised roughly $3.2 billion in financing from 2011 to 2014. Even major enterprise-IT vendors are relying on open-source for critical business functions today. It’s a big turnaround from the days when former Microsoft CEO Steve Ballmer famously called the open-source Linux operating system “a cancer” (and obviously a threat to Windows). Read more

Analysis Of The Top 10 Linux Distributions Of 2015

For the past couple of years I have been producing analysis guides for the top 10 Linux distributions as listed on Distrowatch. Click here for the guide for 2013 Click here for the guide for 2014 The point of this article is to look at the top 10 Linux distributions as listed on Distrowatch for the year 2015 and analyse their suitability for the average Joe. The criteria for an Everyday Linux distribution is as follows: Must be relatively easy to install Must have an intuitive desktop environment Must be easy to use Must have a standard set of applications pre-installed (i.e. web browser, audio player, media player) Must have a decent package manager in order to install further software Must be ready to use from the get go The distributions are listed in the order they are in on Distrowatch. Read more

S.F. Officials Push for Adoption of Pioneering Open-Source Voting System

Just over a year ago the Board of Supervisors passed a resolution that required the city to study open-source voting. Last November, the Department of Elections approved a plan asking the mayor and the board to start and fund the work. Arntz said the agency plans to submit a budget request to Mayor Ed Lee at the end of the month, proposing spending $2.3 million toward an open-source system. Read more