All the latest UK technology news, reviews and analysis
|
|
|
17 Feb 2005
A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded that Microsoft produces more secure code than its open source rivals.
In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.
Further reading
"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."
The pair examined the number of vulnerabilities reported in both systems and the actual and average time it took to issue patches. In all three cases Windows Server 2003 came out ahead, with an average of 30 "days of risk" between a vulnerability being identified and patched compared to 71 from Red Hat.
But the academics acknowledged that some intangibles, including the relative attractiveness of Windows as a target for hackers, could skew the results. Nevertheless, many attacks these days are aimed at Linux servers rather than Windows systems.
"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."
The pair said that they lacked the funding to test other operating systems, such as the Apple OSX kernel, although they thought it was "amazingly" stable.
The long term aim is to set up a website so that system administrators could assess security vulnerabilities before investing in computer platforms.
"You would be a fool to make platform decisions without thinking about security," said Dr Ford. "When you choose a platform you have to factor in the costs of intrusion. It is not just the costs of a break in; it is the time spent running around making sure no one gets in."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Salesforce.com Consultants, both Functional or Technical...
Enterprise Data Architect required by reputable Banking...
SSIS, SSAS, MDX, OLAP, OLTP, Data Warehousing, Data Modelling...
Specialist IT service provider is looking to recruit...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?