Language Selection

English French German Italian Portuguese Spanish

Linux still seen as most secure

Filed under
Linux

The Linux-Windows 2005 TCO Comparison Survey, to be published in full in June, is based on responses from 509 companies of all sizes in markets such as healthcare, academia, financial services, legal, media, retail and government, Yankee Group said this week.

While respondents rated Windows security much higher than in last year's survey, Linux was still perceived to beat Windows in every security category, the survey found.

The survey largely reflects the attitudes of companies that are already Windows shops. The vast majority of respondents - 73 percent - used Windows 2000 Server or Windows Server 2003 as their dominant operating system, followed by Linux with 15 percent, Unix with 6 percent and Novell's NetWare with 4 percent, and "another open source distribution" at 2 percent.

The open-source operating system now used as a secondary operating system in 60 percent of the companies, compared with Windows NT at 62 percent, Unix at 35 percent, NetWare at 16 percent and Mac OS X at 14 percent.

Customers who have already deployed Windows Server 2003 are unlikely to be seduced by Linux, saying they found the Microsoft operating system's quality, performance and reliability equal to or better than Linux, Yankee Group said.
Linux continued to hold a perceived edge over Windows in all security categories, including user systems and Web, file, application and database servers. Linux scored at least 8 out of 10 in every category, compared with 6 or 7 for Windows. Windows' overall rating of 7.6 on security was nearly double last year's score. Respondents said Microsoft's changes to its patching system were working - they spent an average of 80 percent less time on patch management.

Participants' Linux servers took longer to recover from security attacks than Windows - 17 hours for Linux and 13.2 hours for Windows, respondents said. To put this in perspective, however, 92 percent of Linux developers say their systems have never been infected with a virus, and 78 percent said their systems have never been hacked, according to last summer's Linux Development Survey from Evans Data.

Respondents said their Windows downtime was three to four times more expensive than Linux downtime, reflecting the more critical data stored on their Windows systems, Yankee Group said.

The survey was curiously lacking in hard TCO (total cost of ownership) data. Most respondents lacked specific information on comparative Linux and Windows capital expenditure, even though more than half of those surveyed said they had performed a thorough TCO (total cost of ownership) analysis. Those with specific information indicated that costs affecting TCO tended to occur in applications and services rather than at the operating system level itself, Yankee Group said.

The research firm did not specify how it selected its respondents. Last year's Yankee Group TCO study attracted criticism when it became clear that that the sample group was taken from a mailing list aimed at Windows system administrators.

Last year's Web-based survey was funded and carried out by Sunbelt Software, a vendor of Windows utilities, which publicised the survey solely through a mailing list called W2Knews, billing itself as "the World's first and largest e-zine designed for NT/2000 System Admins and Power Users". In the 16 February edition of W2Knews, which launched the survey, the company said it and Yankee Group were "surveying Windows Sites" to see how they were "responding to the Linux phenomenon and the TCO question".

There is little consistent data comparing Linux and Windows TCO. A 2002 IDC study called "Windows 2000 Versus Linux in Enterprise Computing", for example, found Linux was more expensive than Windows. But this was funded by Microsoft, and more importantly, one of the report's authors later said Microsoft had chosen scenarios for analysis that would be more costly using Linux.

In December Melbourne-based IT services firm CyberSource published an updated version of what it says is one of the few fully transparent studies comparing the costs of running Linux vs. Windows, finding that Linux installations can be up to 36 percent cheaper to install and run over a period of three years than comparable Windows systems, though subscribing to enterprise technical support and buying new hardware and infrastructure can lower the savings to as little as 19 percent. The report is available here [pdf].

Another major independent study contrasting Linux and Windows is a report from Germany's Soreon Research, using data collected from interviews with 50 enterprises. The report found that Linux had up to 30 percent lower TCO than Windows.

Source.

In related news Latest Linux/Windows research reports queried.

Large questions have appeared over the accuracy of two recent reports comparing the relative costs and benefits of the Linux and Windows operating systems in which Windows was painted as being superior to its open-source rival.

The reports, Forrester's "Is Linux more Secure than Windows?" and a Yankee Group survey on the relative costs of running the two operating systems, were both issued in the past few days.
The security study - whose raw data was vetted by Linux distributors Debian, Mandrakesoft, Red Hat and Suse - found that on average, Microsoft patched flaws faster than Linux vendors. The Yankee Group survey reported that, except for small businesses with customised vertical applications, companies deploying Windows enjoyed a lower cost of ownership than those with Linux.

But the Linux distributors involved in the Forrester study today issued a joint statement calling the study's conclusions inaccurate. And the Yankee Group's methodology has been called in question, with critics arguing it could not have possibly delivered objective results.

More in Tux Machines

Android Leftovers

Leftovers: OSS

  • OpenStack Summit Tokyo 2015: Presentation
  • Common problems in open source communities (and how to solve them)
    In her Texas Linux Fest keynote, Joan Touzet talked to us about how to improve our open source communities. Joan's talk was a series of stories about communities who have faced a crisis and then rose above it.
  • OpenStack Was Key To Building Servers.Com
    When XBT Holding S.A. decided to simplify how its subsidiaries provided global hosting, network solutions, and web development they turned to the open source cloud infrastructure platform OpenStack. By consolidating the offerings under a single service provider, Servers.com, customers can more easily browse, mix, compare and choose the most suitable services.
  • ZeroStack Comes Out of Stealth, Focused on Private Clouds
    There is another OpenStack-focused startup on the scene, and you have to appreciate its creative name: ZeroStack. The cloud computing company has come out of stealth mode to introduce a private cloud solution that it claims is easier to configure, consume and manage than any other technology on the market.
  • Apache Ignite, a Big Data Tool, Graduates as a Top-Level Project
    Only a few days ago, Apache, which is the steward for and incubates more than 350 Open Source projects, announced that Apache Lens, an open source Big Data and analytics tool, has graduated from the Apache Incubator to become a Top-Level Project (TLP). Now, the ASF has announced that Apache Ignite is to become a top-level project. It's an open source effort to build an in-memory data fabric that was driven by GridGain Systems and WANdisco.
  • Funding the Cloud: Top VCs Aim for the Silver Lining
  • How Apache Spark Is Transforming Big Data Processing, Development
  • PiwigoPress release 2.31
    I just pushed a new release of PiwigoPress (main page, WordPress plugin dir) to the WordPress servers. This release incorporates new features for the sidebar widget, and better interoperability with some Piwigo galleries.
  • How to teach student sys admins
    Students spend the 16-week long course learning practical skills using real tools. To support their systems, students learn about using support tickets and documentation by using RT and MediaWiki. To deploy and maintain their systems, they learn about configuration management using Puppet, system monitoring using Nagios, and backup and recovery using Bacula. But the broad concepts are more important than the specific software packages I just mentioned. The point is to learn, for example, configuration management, not to be trained to use Puppet. The software used by Clark is used because it works for him, but the software is flexible and changeable.
  • ownCloud beefing up security with bounty program
    ownCloud Inc. have announced a partnership with HackerOne to help with the newly created Security Bug Bounty Program in an effort to find vulnerabilities and fix them before they become an issue for users.
  • National Science Foundation Commits $6 Million to Secure IoT
  • Schiphol Airport working on open innovation
    ...open data and an open programming interface...
  • How open film project Cosmos Laundromat made Blender better
    If you're not familiar with the string of open projects that the Blender Institute has kicked out over the years, you might not be familiar with the term "open movie." Simply put, not only is Cosmos Laundromat produced using free and open source tools like Blender, GIMP, Krita, and Inkscape, but the film itself, and all of its assets—models, textures, character rigs, animations, all of it—are available under a Creative Commons Attribution (CC-BY) license. Want to see what a production character rig looks like? Or know how that giant color tornado was created? How about actually using a character (or just a prop) in your own project? Maybe you even want to redo the entire film to your own tastes. It's an open movie! You can!
  • Making strides in container integration, and more OpenStack news
  • The thin line between good and bad automation
    I don't like automation -- I love it. I whisper sweet nothings, come 'round with flowers, and buy milkshakes for automation. I've even stood outside the window with a boombox for automation. I will go out of my way to automate tasks that, while they are not terribly tedious, I don't want to have to remember exactly how to do them somewhere down the road, when months have gone by since the last time I had to relearn them.
  • The new IT is all about the customer
    Open source code. GitHub and other cloud repositories enable developers to share and consume code for almost any purpose imaginable. This reflects today's practical, non-ideological open source culture: Why code it yourself if someone else is offering it free under the most liberal license imaginable?

Leftovers: BSD

  • Coming Soon to OpenBSD/amd64: A Native Hypervisor
    Earlier today, Mike Larkin (mlarkin@) published a teaser for something he's been working on for a while.
  • the peculiar libretunnel situation
    The author of stunnel has (once, twice) asserted that stunnel may not be used with LibreSSL, only with OpenSSL. This is perhaps a strange thing for free software to do, and it creates the potential for some very weird consequences. First, some background. The OpenSSL license and the GPL are both free software licenses, but they are different flavors of freedom, meaning you can’t mix them. It would be like mixing savory and sweet. Can’t do it. Alright, so maybe technically you can do it, but you’re not supposed to. The flavor, er, freedom police will come get you. One workaround is for the GPL software to say, oh, but maybe wait, here’s an exception. (Does this make the software more or less free?) Here’s a longer explanation with sample exception.
  • FreeBSD on Beagle Bone Black (with X11)
    X11 clients on the Beagle Bone Black .. that’s X11 over the network, with the X Server elsewhere. No display as yet. The FreeBSD wiki notes that there’s no (mini) HDMI driver yet. So I built some X11 programs, xauth(1) and xmessage(1), and installed them on the Bone. Since I bought a blue case for the Bone, and it is the smallest computer in the house (discounting phones .. let’s call it the smallest hackable computer in the house) the kids decided to call it smurf. Here’s a screenshot of poudriere’s text console as it builds packages.

OpenSSL Security: A Year in Review

Over the last 10 years, OpenSSL has published advisories on over 100 vulnerabilities. Many more were likely silently fixed in the early days, but in the past year our goal has been to establish a clear public record. Read more Also: Tuesday's security advisories Linux Foundation publishes best practices for secure workstations