Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Finds Windows More Secure Than Linux

Posted by Zonk on from the an-interesting-definition-of-secure dept.

cfelde writes "A Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers." In addition to the Seattle Times article, there is also coverage on VNUnet. From the article: "The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, 'Security Showdown: Windows vs. Linux.' One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint."

2 of 796 comments (clear)

  1. Integrity? by samtihen · · Score: 5, Informative

    Well, apparently this is the second time Microsoft has come out on top of a research project by Mr. Richard Ford.

    http://www.virusbtn.com/magazine/articles/letters/ 2004/01_01.xml

    Apparently there was some question to the validity of an earlier project because it was sponsored by Microsoft.

    However, I would like to note that both researchers seem very well educated, especially in computer security. And, additionally, they both note that a lot more could be done to lock down the Linux server.

  2. Bruce Schneier on Linux security by frozenray · · Score: 5, Informative
    Which is more secure, Windows or Linux? It depends on whom you ask. Here's what Bruce Schneier, a reputable security researcher and author of "Applied Cryptography" and other computer-security related books has to say on the matter:

    Linux Security

    I'm a big fan of the Honeynet Project (and a member of their board of directors). They don't have a security product; they do security research. Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them.

    They just released a report about the security of Linux:

    Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2) have an online mean life expectancy of 3 months before being successfully compromised.

    This is much greater than that of Windows systems, which have average life expectancies on the order of a few minutes.

    It's also important to remember that this paper focuses on vulnerable systems. The Honeynet researchers deployed almost 20 vulnerable systems to monitor hacker tactics, and found that no one was hacking the systems. That's the real story: the hackers aren't bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months.

    Why? My guess is a combination of two reasons. One, Linux is that much more secure than Windows. Two, the bad guys are focusing on Windows -- more bang for the buck.

    Bruce Schneier
    Posted on January 06, 2005 at 01:45 PM
    ------------
    Different methodology, different results. My money's on Schneier.
    --
    "There are already a million monkeys on a million typewriters, and Usenet is NOTHING like Shakespeare." - Blair Houghton