Windows vs. Linux Security, Once More

TAGmclaren writes "The Register is running a very interesting article about Microsoft and Linux security. From the article: 'until now there has been no systematic and detailed effort to address Microsoft's major security bullet points in report form. In a new analysis published here, however, Nicholas Petreley sets out to correct this deficit, considering the claims one at a time in detail, and providing assessments backed by hard data. Petreley concludes that Microsoft's efforts to dispel Linux "myths" are based largely on faulty reasoning and overly narrow statistical analysis.' The full report is available here in HTML form, and here in PDF. Although the article does make mention of OS X, it would have been nice if the 'other' OS had been included in the detailed analysis for comparison."

Re:Linux is more secure. Once more.

[Theatetus]

Crackers are an ingenious lot, and security holes are security holes are security holes. They WILL be exploited in linux sooner or later.

Will be exploited? Download the metasploit framework sometime; there are more exploits for Linux than for Solaris or Windows. But this is where the guy's point becomes important: because of how Windows deals with security tokens (here is a good place to start if you're curious), any exploit that gains access can probably execute code in the SYSTEM context.

So, of the Linux exploits that are trivially available to exploit, none can reliably execute arbitrary system code, while all of the Windows exploits can. That's not this one guy's opinion, that's just how the operating systems work.

Or a better alternative

RSBAC should perhaps be considered. It is far more modular, been in production use a lot longer, has none of the disadvantages of selinux(eg works with any filesystem, needs no patches to filesystems, doesnt break other kernels on the same machone). It has a list of protections, has official PaX and virus(malware) scanner support, and the developer is always willing to take ideas from people and quickly fix issues. I would be interested for a detailed comparison of the two between slashdotters, thoughts and experiences etc.. But from everything I can see, RSBAC seems far superior. RSBAC.org

This isn't about "hardship". It's about numbers.

[khasim]

According to my calculations, this still meets the 99.9999% reliability that MS claims the server to be able to provide, on enterprise-grade hardware (and what I am running on is decidedly not enterprise-grade, unless eMachines has recently broken into the enterprise market and I forgot to read the press release.)

Nope.

Reboots take about 4 minutes to shut down, restart, wait for the services to resolve themselves, and try again.

4 minutes/month == 48 minutes/year.

99.999 availablility means 5.26 minutes of downtime per year.

At best, you've got around 99.99% availability.

However, 4 minutes a month isn't a hardship, and anyone who says it is needs to either look into something transparently redundant, fault-tolerant, or reevaulate why they are so dependant on that one system in the first place.

It isn't about "hardship". It's about reliability. Getting that last .009% is very difficult and really doesn't give you much in terms of real world reliability for MOST business needs.

But for those that require it, it is available. And because it is available to those, it is available to everyone. Even those who do not need it.

Sure, my print server probably doesn't need 99.999% reliability. But because it has it, I don't have to worry about it.

In my experience, it's the reboot that causes the hardware failures. The fewer reboots, the fewer chances for hardware failure.