Say it aint so: Linux found to be less secure than Windows
March 31, 2004 5:58 PM
Linux geeks all over the world must be coughing up their Mountain Dew when they saw this latest report from Forrester.*
According to their report, from between June 1, 2002 and Mary 31, 2003:
- Red Hat Linux had 229 vulnerabilities
- MandrakeSoft ... 199
- SuSE ... 176
- Windows ... 128 (classified as "severe")
- Debian ... Fixed 96.2% of the vulnerabilities
- Red Hat ... 99.6%
- MandrakeSoft ... 99%
- Microsoft ... 100%
- MandrakeSoft... average of 82 days between disclosure and a fix release
- Red Hat... 57 days
- Debian.. 57 days
- Microsoft... 25 days
From the report: “The answers were a bit surprising. Microsoft gets a fundamentally worse rap than it deserves.”
The report cost $900, so I got this data from two articles about the report. The two articles did not mention if Forrester summed the numbers for Windows 9x, 2000, XP, and 2003, or just used one of those.
It also says that just because patches are released doesn't mean firms are automatically secure: "For example, for the nine highest-profile Windows malicious code incidents as of March 2003, Microsoft's patches predated major outbreaks by an average of 305 days, yet most firms hadn't applied the patches."
For Windows IT people, that means using Windows Update, SUS, or SMS, and maybe even attending the free Microsoft Security Summit, which MS is holding at major cities all over the US. For Linux IT people... well you have FreshMeat and IRC (chat rooms).
Also in the news, yet another report that says Linux is more expensive than Windows. According to the report, while Linux may be "free", the software and man-power you need to run your business is going to be more expensive. Of course they don't factor in the cost of selling your soul to Microsoft.
* Just a joke. Linux geeks would never trust a report from Forrester or any other research firm unless it was publicly approved by RMS, Linus, and CmdrTaco.
Comments
Related Posts
Category: Linux
Category: Microsoft
- Hardware manufactures - stop overstuffing the Start Menu! March 23, 2006 5:16:00 PM
- Mix 06 - Watch it now for free March 20, 2006 2:07:00 PM
- Microsoft Office 2006 September 18, 2005 10:50:00 AM
- Is Firefox security more hype than truth? September 18, 2005 10:42:00 AM
- Windows Vista July 21, 2005 11:28:00 PM
- 87 more in Microsoft...
Posted March 31, 2004 11:59 PM
I completely agree that Windows IT people (anyone reading this at George Mason?) need to use, and teach people to use, Windows Update (and firewalls, and virus protection.) And I also agree that many people running Linux think it is secure by default, but that apathy will only get them in trouble. (They same can be said to a lesser degree about OS X.) I love the Linux user bragging about his uptime - especially when this information is freely available to the public. When was the last time you updated your packages? Your kernel? No matter platform, especially if you don't know what you are doing, is going to be insecure out-of-the-box.
Having said that, where does it actually say Linux is less secure?
I read:
"Rather than make a broad-stroke statement that Windows is more secure than Linux, or visa versa..."and"Based on these results, Forrester didn't come out with a single recommendation..."There's a lot of give and take on this issue and people need to decide what is more important. MS shines on many of the Forrester metrics, but they also had the highest percentage of high-severity vulnerabilities. What's more important? I don't have the answer.
http://www.timmacrina.com
Posted April 2, 2004 1:43 PM
My 2 cents on this topic is that once Microsoft really gets a good hold on security (and I believe that they are on their way) what are the Linux Penguins going to cry about. What reasons will Penguins have to stick with Linux? It seems to me that once Microsoft masters security they will truely lead the technology world!