Thread: Is The Windows Server Environment More Secure Than Linux?
View Single Post
  #7 (permalink)  
Old 03-29-2005, 07:13 AM
mikmik mikmik is offline
WebProWorld 1,000+ Club
  
Join Date: Aug 2003
Location: Edmonton, AB, Canada
Posts: 1,527
mikmik RepRank 2mikmik RepRank 2
Default
Anyways, most of what I wanted to say is here:
antiOnline

I had put that it doesn't matter who funds it - that is certainly a warning flag, but all the drugs, medications, pesticides etc., etc, are studied by the companies funded reasearch.

It is then evaluated on its methodology, and recreatability of the results.

So, saying it is no good because of that is like saying you don't know because you haven't evaluated the methodolgy and/or data.

I want to show two direct quotes here that sum up my opinion to date about most of these debates:
Quote:
So do you really think that the guys doing this study had GAIM and OpenOffice installed? Mine sure as shit doesnt. It's a stripped RH box, doing basic Web/FTP services. And it has had more patches then my Win2k Box with IIS. Whats that add up to? Nadda. Why?
Different box doing different jobs with different exposure. (FYI, my RH box had 137 patches, and we ARE talking about RH, not SuSE in this study, right?)

I guess the really furstrating part of this discussion, Gore, is the fact that several of us think that you have the knowledge and skill set within Linux to strongly dispute this study, yet all you can manage to do is a "My OS is better then your OS" rant. SDK and myself to name a few a seriously interested in why you feel so strongly, and WHAT technical FACTS you have to back it up.

By this point we all know you hate Windows, but personally I think it is a bit like saying you hate Ford's. Why do I care? Until you put a technical side on your opinion, it is nothing more then bad taste, like enjoying Punk Rock.... :O read Roberta Bragg or a few of TigerShark's tutorials, and Windows CAN be secured. Even with "Tons of software on it". I dont give a crap that you think SuSE the OS to end all OS's, I care about the WHY.
Quote:
And with the industry and its appointees now turning out reports the independence of which is increasingly being questioned, even valuable information now risks getting lost amidst accusation and counter-accusation.
I am really very, very, tired of people and organizations with vested interests, especially if it is just a personal ego matter, that blanket recommend anything by saying "it is better".

The real information and rational discussion is lost among all the "I can shout louder than you" rhetoric.

The worst and dangerous thing I see is people who are so misinformed as to be out of touch. I have seen people on a forum here in Kelowna, not a computer or web forum, just town discussion, that think Windows is dangerous to use, or that it is to overwhelming to figure out what is the right way to approach security and safely interacting on the internet.

I don't even care if one is "more secure" or not, because the difference is negligeable in practice.

There are to makes of car on the road. 90% are secured with retina scanners, and 10 % are secured with dna analysis (assuming they are both reasonably similar in complexity. They both take termendous amounts of skill and learning/experimental time to break.

Don't tell me that anyone in their right mind, would spend all the effort to learn to break into one tenth of the cars when they can just as easily have access to 90%.

It is software, there are differences to be sure, but in spite of the so called cost differences ( I think windows server with SQL is about 15 or twenty thousand dollars) why do they both continue to be used, and in some areas, MS systems are used 2 to 1 or even three to 1 (I got this from netcraft on SSL use).

There is no big if even very signifigent change in the ratios of use, is there? That is something I would like to see, as well as hard figures on successful hack breakins.

User knowledge far outweighs any security advantages that may or may not exist.

In other words, I doubt, overall, there is any difference.

Don't try to tell me the dna is better security

--------------------------

I just found this: Linux Insider

Quote:
A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded that Microsoft (Nasdaq: MSFT) produces more secure code than its open source rivals.

In an academic study due to be released next month, Dr. Richard Ford, from the Florida Institute of Technology, and Dr. Herbert Thompson, from application security firm Security Innovation, analyzed vulnerabilities and patching and were forced to conclude that Windows Server 2003 is more secure than Red Hat (Nasdaq: RHAT) Linux.


Stats Don't Lie
"Vulnerability counts are much higher with Red Hat than with Microsoft," said Dr. Ford. "I am a huge Linux fan, and I have a Linux server in my basement. The first time I saw the statistics I thought someone had mucked about with my database."
PS I like sites that just deal with the matters at hand, and don't even mention any controversy or opinion on which is better. There are debates on all kind of computer forums, and computer review and repoting Magazine's forums, and most of the debates are the same - pointless and irrelevent to fact.
Reply With Quote