Print
Discuss
Send to friend
RSS feedsA Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded that Microsoft produces more secure code than its open source rivals.
In an academic study due to be released next month Dr Richard Ford, from the Florida Institute of Technology, and Dr Herbert Thompson, from application security firm Security Innovation, analysed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat Linux.
"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."
The pair examined the number of vulnerabilities reported in both systems and the actual and average time it took to issue patches. In all three cases Windows Server 2003 came out ahead, with an average of 30 "days of risk" between a vulnerability being identified and patched compared to 71 from Red Hat.
But the academics acknowledged that some intangibles, including the relative attractiveness of Windows as a target for hackers, could skew the results. Nevertheless, many attacks these days are aimed at Linux servers rather than Windows systems.
"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."
The pair said that they lacked the funding to test other operating systems, such as the Apple OSX kernel, although they thought it was "amazingly" stable.
The long term aim is to set up a website so that system administrators could assess security vulnerabilities before investing in computer platforms.
"You would be a fool to make platform decisions without thinking about security," said Dr Ford. "When you choose a platform you have to factor in the costs of intrusion. It is not just the costs of a break in; it is the time spent running around making sure no one gets in."
See also:
Steve Ballmer demos Microsoft Virtual Server running Red Hat Linux 21 Apr 2005
Focus on network-delivered client computing on open source OS 18 Feb 2005
Tempers fray at RSA Conference as experts discuss government role in security 17 Feb 2005
All the news, reviews and developments from this year's open source extravaganza in Boston 14 Feb 2005
Open source OS 'not ready for mission-critical computing' 28 Jan 2005
Millions at risk from 'silent and remote' attacks, claims security firm 11 Nov 2004
Security group warns users to patch against buffer overflow vulnerability 05 Nov 2004The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Hacking
del.icio.us
Digg this
reddit!
