Study Finds Windows More Secure Than Linux

cfelde writes "A Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers." In addition to the Seattle Times article, there is also coverage on VNUnet. From the article: "The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, 'Security Showdown: Windows vs. Linux.' One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint."

Hardly scientific isn't it?

[gelfling]

And how many people run Win2003 server at home? People should understand that the plural of anecdote is not data.

Re:Newsflash... ONE Linux Fan..

[alienw]

Reputable my ass. The Ford guy is at a crappy school, doing what basically amounts to fluff "research" in BS areas like e-commerce or "software testing". On top of that, his PhD is in semiconductor physics, of all things. Why he is a research professor of computer science I do not know, but he does not seem to be someone who knows what he is talking about.

So biased...

[_LORAX_]

Because patches to RedHat cover the gamut of application ( X, OOo, FF, .... ) where the windows server, just the OS. That's stike one against this "study". They should ONLY count those bugs directly related to the service being studied. Many bugs and patches are against theoretical problems that have no real or even sometime possible local or remote exploit.

The other major problem is that the "days exposed" should start when an exploit is "in the wild" not when an alert is posted to the bug lists.

No study data is availible, but I can imagine that this is just like the pharmasuticals. MS doesn't have to "fake" data, they just run the study again, again, again, ... until they get the results they want. Since they are in a position to squash any negative results it guarntees them the upper hand. Once they find one study that gives them the numbers they want.... then they replicate it "independanty" to prove they are right.

Gee, big surprise

[The+Spoonman]

Nothing new to see here, folks...oh, wait, it IS new to you, isn't it, Slashdotter?

Lets compare linux and windows with openbsd...

[packetboy]

that would be laughable.

i can't believe people still think linux is secure and flawless. get over it.
linux is nothing more than the windows of the *nix world... bloated w/ too much shit added because corporations want it...it's no longer the OS of the 'hobbyist'...and if you think otherwise, you are fooling yourselves.

Two Points

[Master+of+Transhuman]

First: From the article:

"The setups were hypothetical, however. Both were in the most basic configuration, an approach that some in the audience suggested may tilt the results in favor of Windows, which comes with more features.

Ford said the idea was to represent what an average system administrator may do, as opposed to a "wizard" who could take extra steps to provide plenty of security on a Linux setup, for instance."

In other words, an MS mouse monkey is considered better than someone who knows what he's doing.

Let's try that again - namely, let's set up the Windows server with it set to max lockdown versus a Linux server set the same way. Then let the hackers at both of them and see which falls first.

Didn't try that, did they? Didn't think so...

Second: this is a WEB SERVER test - a system set up to ALLOW access. NONE of this has ANY bearing on Windows predilection for allowing spyware, viruses, trojans, worms, etc. into the operating system.

Not to mention that IIS 6 is reputedly much more secure than IIS 5. Let's try it with IIS 5 which is probably in more use than 6 worldwide.

In other words, the headline that Windows is more secure than Linux is BULLSHIT AS USUAL.