Controversial Report Finds Windows More Secure than Linux

March 8, 2008 – 3:57 PM

Contrary to popular wisdom, Windows appears to be more secure than a popular version of Linux, according to an upcoming report from two security researchers. The researchers found that Windows Server 2003 actually had fewer security vulnerabilities identified last year than Linux and that the holes in Windows took less time to patch.

But the study is already attracting controversy for its methodology. Linux proponents note that the two systems have different configurations and are not easily comparable since they contain different functionality out of the box.

“A lot of people are under the impression that one platform has more advantages,” said one of the critics, Max Clark, a network consultant with Intercore, a Los Angeles-based consulting firm that provides support for both Windows and Linux systems. “The expertise of the person deploying it is what matters. The default configurations are important, but once you start consolidating software on top of the system, the system is only as secure as what’s running on it.”

The study, which compared Windows Server 2003 to Red Hat Enterprise Linux ES3, was conducted by Dr. Richard Ford, a research professor in the computer sciences department at the Florida Institute of Technology’s College of Engineering, and Dr. Herbert Thompson, director of research and training at Security Innovation, a security technology provider.

Linux advocates criticized the study over allegations that the researchers accepted funding from Microsoft, a criticism also leveled at earlier studies finding Windows security superior to Linux.

The researchers declined to comment on whether Microsoft is funding the current study, saying they will disclose funding sources when the study is published finally. They defended the study, saying they are interested in hearing feedback from others willing to test their research findings to see if they are sound.

http://www.securitypipeline.com/159402994

You must be logged in to post a comment.