Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Gov't Experts Say Linux is Secure, Windows Not

Posted by Roblimo on from the yet-another-open-source-endorsement- dept.

Sara Chan writes "An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the GCHQ (Government Communications Headquarters), which is roughly the British equivalent of the American NSA (National Security Agency). There is also a warning against "a competing commercial product with hidden source code." For details, see the ZDNet UK story."

7 of 268 comments (clear)

  1. Mmm.. Secure. by Yakman · · Score: 4
    Windows 2000 is the most secure operating system Microsoft has ever shipped.

    Is this REALLY that difficult? :) WinNT is, how many, 4 or 5 years old and yet still there are severe security flaws coming out in the CORE operating system. Sure Linux has had a few security holes here and there but they've been patched pretty much 'instantly' and most of them weren't in the kernel (ie. the core OS) but in tools like Sendmail and whatever.

    Maybe I just don't know what I'm talking about (well, probably ;)) but I don't see how people can even consider running some of the things they run on NT.

    On an unrelated note, i'm just rambling because it's Christmas Eve (well, 3:30pm) and I want to go home but I have to wait for some lame-arse Y2K update to post on the Intranet before I go.. [sigh]

  2. Trust the Source.. by Wah · · Score: 4

    ..
    (An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available.

    .and.

    He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security.")

    vs.

    A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.

    Marketing vs. Reality isn't a fair fight...

    --
    +&x
  3. Hee Haw by Pike · · Score: 4

    A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever. "Windows 2000 is the most secure operating system Microsoft has ever shipped," she says. "Among other things, entire development teams were focused solely on searching out security issues within the beta code; Microsoft posted a public Internet beta test site for customers to test the security of the system, and new development processes were put in place to ensure that the system was built from the ground up with security as a key objective."

    Yep. Everyone remembers that public test website.

    There is no way an OS the size of W2K can not have security issues and still be hidden from peer review.

    Also, "among other things, entire development teams were focused solely on searchng out security issues..." How can you be focused "solely" on security, "among other things" ?? "Watcha up to, alan?" "Well, I am focused solely on security, among other things."

    Finally, I don't believe they built the system from the ground up, either.

  4. Sorry, but Troughton lacked credibility by Zico · · Score: 5

    First of all, this wasn't some organization promoting this view -- it was just an individual. Now, he's called an expert, but it's silly not to look at that with some perspective. Such as all the "military experts" telling us that Operation Desert Storm better bring a lot of body bags because the Iraqi Republican Guard was so brutal. We all know how this turned out. Or, the "societal experts" telling us how welfare reform in the U.S. would destroy the lower classes. Again, this didn't happen. In both cases, the experts' position was often affected by personal biases: people against the Persian Gulf war in the former case, and big-government proponents in the latter. When you look at what Mr. Troughton says, I think it's pretty clear that he's a GNU/Linux advocate through and through, and that it's likely that his Linux endorsement stems from that.

    The most blatent evidence of his bias was the quote, "Linux is as secure as you can make a computer." Honestly now, do even Linux advocates here believe that? Even if you think that Linux is the best OS out there (because of a combination of its various strengths), I don't think any rational person would even try to put forth that argument. This is the main reason why I think he's a Linux fan who's trying to promote it by saying that it's the most secure OS, as opposed to someone who became a Linux fan because he found it to be the most secure OS.

    Secondly, he made other quotes that made him sound like your good ol'-fashioned OS advocate. Namely, that Alan Cox is the best programmer on Earth, and "I've heard he writes code like Richard Stallman." I'm not saying that Mr. Cox is or isn't the best, but these statements sound less like they came from a dispassionate seeker of the most secure OS and more like your garden variety GNU/Linux-advocating name-dropper. Basically, the only thing that was missing was to hear him say, "Linus r00lz."

    In other words, I'd take Mr. Troughton's words with an extremely large grain of salt.

    Cheers,
    ZicoKnows@hotmail.com

  5. Um... by BJH · · Score: 5

    I'm glad to see the free software/open source concept being recognized like this, but I think it would have been nice if these experts had taken the time to look at other alternatives. I mean, sure Linux is probably more secure than NT, but OpenBSD is way more secure than most Linux distributions (I'm talking about DEFAULT setups here), so declaring Linux to be the most secure open system available is a bit of a crock.

  6. CORE operating system flaws by roystgnr · · Score: 4

    It's not that Linux didn't have some of the same fundamental security bugs that Windows did way back when; Linux was just better about fixing them.

    When the string of bogus IP attacks against Windows came out two years ago (teardrop & kin) Linux was vulnerable to the first of them too... but the Linux patch was out within a day or two, whereas Windows was vulnerable for months. To boot, the Linux patch fixed all the similar TCP/IP stack problems, whereas Windows ended up being vulnerable to syndrop, newtear, and a sequence of nearly identical attacks.

  7. Re:Nicely Put by thal · · Score: 4

    > read with a cup of Coke?

    How could you possibly drink a closed-source beverage! You can't trust that they haven't put insecure flavoring in it!