Windows proven more secure than Linux for webservers!

Ka0s

According to a study presented by two Florida researchers, Windows is more secure than Linux for web serving.

The pair of researchers, one a Linux enthusiast and the other a Windows enthusiast, recently released their findings at the RSA Conference, a gathering of computer security specialists. The two compared Windows 2003 Server and Red Hat Enterprise Server 3. Their statistics showed that critical vulnerabilities on the Windows platform tended to get patched quicker.


Once I find the link to the article again Ill put it here, but right now I'm going with whats on my clipboard

nightice

Which is because Windows generally has more things to patch.

Q

"proven" more secure in that it gets patched faster. Exactly what were the statistics though?

I'd be willing to bet that part of that delay lies in the fact that no one (Unlike MS/Windows) agency is responsible for all the components. Linux is responsible for the kernel, the driver makers for the drivers, Apache for the server itself, etc, etc.

-Q

PS. And the title is suspect aswell, one study proving all versions/flavors/vendors of Linux are known to be less secure then Windows is very unlikely.

JackTheStripper

Don't deny it. Linux is just one big hackjob swiss cheese OS.

Q

Devils advocate

Who says I'm denying it, Tom-analog?

-Q

PS. I'm not acceeding[sic] to it either.

PPS. ARGH! And I thought Conectiv was a crap pwr co!

PPPS. And it's not an OS, it's a kernel. (Wiki loss leaves me feeling pedantic)

JackTheStripper

Was talking to Niteice.

Q

Oops ::oops:

-Q

PS. Hey! http://m-w.com/firefox/

[Deleted User]

The user and all related content has been deleted.

Josh

That means that RH is used more than Server 2003.

[Deleted User]

The user and all related content has been deleted.

Josh

Tomchu wrote:

jcmoor wrote:

That means that RH is used more than Server 2003.

Please don't talk about Linux. You proved your cluelessness to me earlier today. :P

It's not my fault that there isn't a Windows version.

[Deleted User]

The user and all related content has been deleted.

Josh

That was the first time I had ever tried using patch files.

Bash

I don't personally think that RH is a good idea for a test....

I would like to know what tests they have done, if firewalls were activated, what ports and so on...

Q

Fish find the link for this yet?

-Q

PS. FWIW, I agree with TcH.

BOD

http://seattletimes.nwsource.com/html/b ... ity17.html

Bash

But that says nothing about which ports, firewalls activated, any updates, if the test was biased in some way. And for me it is kinda hard to believe that IIS is more secure (from my understanding of the text)

They compared Windows Server 2003 and Red Hat Enterprise Server 3 running databases, scripting engines and Web servers (Microsoft's on one, the open source Apache on the other).

Their criteria included the number of reported vulnerabilities and their severity, as well as the number of patches issued and days of risk

BOD

To make the test fair they should both have been using apache

Q

Their criteria included the number of reported vulnerabilities and their severity, as well as the number of patches issued and days of risk

nightice

BOD wrote:

To make the test fair they should both have been using apache

I don't think too many people buy 2003 Web to run Apache.

JackTheStripper

Actually, they DO.

Q

No, but he's just saying that when you run an trial, generally you only change one thing between two specific (What's the word...) subjects.

-Q

nightice

When you run a trial such as this, it's probably best to run in a typical configuration (IIS - 2003, Apache - Linux).

[Deleted User]

The user and all related content has been deleted.

Josh

Most, if not all of them run IIS.