Linux and Windows security neck and neck
/v3-uk/news/1978026/linux-windows-security-neck-neck
14 Jul 2005, Iain Thomson , V3
There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms.
Graham Titterington, principal analyst at Ovum, told vnunet.com that, while in security terms the gap between Linux and Microsoft had shortened, Linux had the edge.
However, he suggested that the mass of statistics put out by both sides was obfuscating the issue.
"A couple of years ago Linux was without doubt more secure than Windows, but things have changed a lot," said Titterington.
"My hunch would be that Linux still has the edge but it's difficult to tell with all this misleading information being pumped out.
"Just doing a head count of vulnerabilities is useless, for example, if you're not grading the seriousness of the vulnerabilities."
He added that Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run.
John Engates, chief technology officer at managed hosting company Rackspace, which offers both Linux and Windows hosted servers, said: "If you think about where you get Linux talent it's in the younger generation.
"Linux has a slight advantage in that computer science students are learning it, but Microsoft has made life easier for non-techies, particularly with its improved patches."
Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
slashdot
here comes slashdot
Posted by kp, 14 Jul 2005
a slashdot post that seems obvious to me
it reads:
They are taking security vuln?s for redhat EL 3, or suse 9.1, and comparing them to MS Windows.
That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
Posted by Anon, 14 Jul 2005
Either these egg heads do not know what is OS security is all about, OR they are muddying the water for their own vested interests
You dont need to be an OS Security expert or as such, but a mere student of software engineering to know, why the WINDOWS security can never, let alone match, but even compared with *nix security.
You should discard such opinions that speak in general terms with out technical specifics
Posted by pilakkat, 14 Jul 2005
more information
How were the tests conducted? Which distros? Which Linux daemons were considered? As a server or as a workstation?
There really is no information here besides the opinion of some organization that I have never heard of.
daniel
Posted by Daniel Wharton, 14 Jul 2005
Security Metrics
I'm willing to bet that the metrics used in this arguement.
1. Every study I have seen comparing linux and windows security simply counts the number of vulnerabilities in microsoft windows and possibly the associated products. The linux vulnerabilities are typically pooled from a linux vendor's list of known vulnerabilities that not only include the linux OS, but every package associated with it. Basically, you are not comparing points of reference with equal functionality when doing this type of comparison. They shoudl use CVE to compare this as it is vendor neutral.
Compare IIS to apache for instance to draw a reasonable metric of open source platforms to commercial platforms to get an accurate representation of security
Posted by Mark Maxey, 14 Jul 2005
Linux coders and testers misleading thing?
So far as i can see , there are no people that i know off, who deliberately mislead and fiddle with test results when concerning Linux.
If you have found some real FUD meisters inside the Linux camp, i surely would want to know who they are.
Thanks,
Robert
Posted by Robert M. Stockmann, 14 Jul 2005
Real World Cracks vs. Possible Vunerabilities
Forget the theory, give us the facts. Per 1000 servers (I am assuming that this article is just about servers, not desktop PC's) how many successful cracks are there. And don't forget to provide accurate, real-world, this-year numbers for other common platforms like the propietory linux systems.
Posted by Alan Pater, 15 Jul 2005
Yes, sure... close?? sure...
yes, that's how you dot it! Everyone knows that Linux is far more secure & stable than M$, you'd look like a fool trying to deny it, so what you have to do is to try to make it look like M$ & Linux are about the same.
When will you give up?? No matter how much $$$ M$ pays for media & these so called reporters, the truth cannnnot be hidden.
Linux has always been far more stable & secure than M$, by a mile!! Windows was designed with no security in mind purely for the purpose of selling as many licences as posible, by a well paid marketing department.
Linux is a derivative of unix, it's based on networking & security, no comparison.
Just cause the Microsoft Marketing department has decided to sell on the security hipe, it does not change the inherent $$$ cheap nature of Windows.
Posted by ricardo, 15 Jul 2005
Linux still has it.
Question will long horn kick Linux I don't think so.
Advantage fo linux its setup on the box. Most moden Linux run selinux setup protecting the deamons from being able to attack the system.
Hmm where does linux go from selinux a complete update system. Maybe user compad.
Basicly Linux has protection and Windows is still playing catch. Please note the root account is not all powerful any more selinux is. Ie login as root and selinux tells you what you can and cannot do.
Hmm I think windows still has some major catching up.
Posted by Never you mind, 15 Jul 2005
Yeah Right! Ever seen a virus or malware on a Mac or Linux box?
I have to disagree.
I have been using computers since 1979. I am a network/ system administrator for a medium sized education network responsible for about 500 clients. Mostly Windows and about 10% Mac OS X.
I have NEVER seen a virus or malware active on a Macintosh or Linux computer. I ALWAYS see them on Windows PCs. Does this sound like they are equally secure?
I don't believe so. The number of viruses and adware/trojans on Windows is astonishing. What is really astonishing however is that the kludge that is Windows seems to be so tortuous in its design that it is seemingly impossible to fix this. Longhorn won't fix it if past efforts are any guide.
Until Microsoft fundamentally rewrites the OS from the ground up in s shell-like manner (like Unix) will they be able to secure their OS. SECURITY HAS TO BE BUILT IN TO THE DESIGN OF THE OS. At present any bit of code can address hardware directly - you can even write directly to the disk from the command line using machine code. This isn't pretty and it won't be easily fixed.
Linux and Windows security ARE NOT neck and neck. Linux IS SECURE for most users and Windows ISN'T SECURE for most users. That is the reality and no amount of spin will make it any different.
Peter Spicer-Wensley
System Administrator
Swan View SHS
Swan View
Western Australia
Posted by Peter Spicer-Wensley, 15 Jul 2005
Blind leading the ignorant
QUOTE: "Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform."
I Know the name of a good optometrist
Posted by rick, 15 Jul 2005
hopefully this will help unmuddy things a bit
I'm a home user with a multiboot system, Windows XP, Debian Linux, FreeBSD.
Only on Windows am I bombarded with pop-ups, and this is after setting up a firewall and Norton antivirus program and applying security updates.
I just bought a router for the first time. Now imagine being on the phone with tech support trying to get the thing set up, to find you can only enter setup through Internet Explorer (it won't work with Mozilla Firefox).
Popups shut the browser down on at least five occasions during the call, resulting in the problem not being fixed.
Nothing remotely like this experience has ever happened to us while using Linux or FreeBSD.
Posted by joe user, 15 Jul 2005
Neck and neck?
Have you heard of any Linux virus?
Posted by Rodrigo, 15 Jul 2005
Re: have you seen linux viruses?
first off, the plurar of virus is virii if my Latin isn't too bad. Second, yes! Linux virii do exist. However...
Most of the few hundreds of them are proof of concept code with no real bad impact on the system, except when it escapes its creator and has unforeseen effects on some machines (complete resources hogging for example) - as such, they usually come with a patch, making old virii unable to act on a modern system.
Others just run on subsystems and are, in essence, cross-platform - even then, patches making the system impervious to such misbehaviours are usually not long in coming.
GNU/Linux and xBSD make antivirus software almost redundant; it is a necessity on Win32 platforms. When one knows how resource-hogging an antivirus is...
Posted by Mitch 74, 16 Jul 2005
linux is more secure
hacking linux systems is very difficult when compared to windows systems, and any way we can't a more secure system other than linux.
Posted by michael, 16 Jul 2005
dod selinux and updates galore
umm he said, have you heard of any linux virus? as in any one linux virus. he did not intend it to be plural. and even if a virus makes it into the "wild" the differences between two different systems even using the same distrobutions make it difficult for for them to spread as they would in say a windows enviroment. and if your not running as root or in some cases your running as fake root or sudo then you will at the very least get some damage control. and most linux users on a desktop level dont even bother with apps such as tripwire or firestarter or selinux (wich i dont beleive theres anything that the dod made for microsoft) etc etc etc. i mean really guys if your a windows user then i could see getting confused by the muddy waters but if your a linux user, then you know.
Posted by kenneth coble, 19 Jul 2005
linux vs microsoft
both systems have their advantages, but most windows software comes complete with an easy to use spell-checker - something the linux users (and other comment makers) obviously do not have :o)
Posted by bogsy, 19 Jul 2005
Servers do no Surfing
John Engates of Rackspace "claims to see little difference between the security on either platform".
However, I don't suppose he uses his servers to read e-Mail or to surf. It is then that the real difference emerges. As someone else said here, a Linux distro is more than the OS.
Posted by Nukenerd, 19 Jul 2005
_Server_ security does not mean virii
In the server world, virii aren't the main concern. The main concerns are related root-access vulnerabilities. Linux is famous for buffer-overflow related root access vulnerabilities.
Based on my 10 years of rather limited experience running small linux server installations, I got to say that linux server security is quite lame. Constant updates, new vulnerabilities all the time, cryptic update paths. Its a disaster. But its getting better and still costs less than equivalent msft server packages.
Posted by Mike Jones, 20 Jul 2005