Blog moved to

Sunday, February 18, 2007

Windows Vs Linux Security (A ctrl+c .. ctrl+v story)

Well, well, who is writing about windows and linux. Its Karteek, so, obvious is its pro-Linux article which I found at

They clearly listed out some myths and facts about security in both the Operating Systems. Lets go through them :)

Myth :Windows only gets attacked most because it's such a big target, and if Linux use (or indeed OS X use) grew then so would the number of attacks.
Fact :When it comes to web servers, the biggest target is Apache, the Internet's server of choice. Attacks on Apache are nevertheless far fewer in number, and cause less damage. And in some case Apache-related attacks have the most serious effect on Windows machines. Attacks are of course aimed at Windows because of the numbers of users, but its design makes it a much easier target, and much easier for an attack to wreak havoc. Windows' widespread (and often unnecessary) use of features such as RPC meanwhile adds vulnerabilities that really need not be there. Linux's design is not vulnerable in the same ways, and no matter how successful it eventually becomes it simply cannot experience attacks to similar levels, inflicting similar levels of damage, to Windows.
Well, yeah, I tried to tell this most of my friends .. especially Chintan .. and he never listened to me !!! Now, another one
Myth :Open Source Software is inherently dangerous because its source code is widely available, whereas Windows 'blueprints' are carefully guarded by Microsoft..
Fact :This 'inherent danger' clearly has not manifested itself in terms of actual attacks. Windows-specific viruses, Trojans, worms and malicious programs exist in huge numbers, so if one gives any credence at all to this claim, one would do better to phrase it 'Open Source Software ought to be more dangerous'. But the claim itself hinges on the view - rejected by reputable security professionals - that obscurity aids security. Obscurity/secrecy can also make it more difficult for the vendors themselves to identify vulnerabilities in their own products, and can lead to security issues being neglected because they are not widely-known. The Open Source model, on the other hand, facilitates widespread review and makes it easier to identify and correct flaws. Modular design principles support this, while the overall approach is far more in line with security industry thinking than is 'security through obscurity.'
Hey, I tend to work ... very carefully when everyone is watching me !!! Same is the case of opensource. If I'm an idiot, there always will be another guy to point me out. If I give you just binary, there wont be other guy to be arsed to point me. Now, to the final and important one.

Myth :Statistics 'prove' that Windows has fewer, less serious security issues than Linux, that Windows issues are always fixed, and that they are fixed faster..
Fact :Quite a broad collection of 'facts' exist in this category, but what they have in common is the (actual) fact that they are usually based on single metrics, on a single aspect of measuring security. Claims that all Windows flaws get fixed are baffling when we consider that there are Microsoft Security Bulletins saying some flaws will never be fixed, and the existence of these also makes it tricky to understand how the fix rate could ever get to be 100 per cent. In the case of Forrester, which produces the 100 per cent as the Windows result for one of several metrics, it is arrived at through tallying flaws and fixes within a specific period. In the same metric Red Hat 'comes second', on the basis that one flaw was not fixed within the period. This is a rickety base for Microsoft (not, note, Forrester) to build a security campaign on.

This aside, simply claiming that Windows is more secure than Linux because the time from discovery of vulnerability to release of patch is greater for Linux skips consideration of the importance of what gets fixed. A comparison of 40 recent security patches with reference to Windows Server 2003 and Red Hat Advanced Server AS v3 shows that Windows experienced the most severe security holes, while Red Hat had only a handful (four) which rated as critical. It is also arguable that Microsoft understates vulnerabilities in Windows Server, because some flaws are deemed not critical for Server on the basis of system defaults which are in many operational scenarios impossible to adhere to. For Red Hat, on the other hand, there is an argument that in Petrelely's analysis we have overstated the extent of critical vulnerabilities (Red Hat does not assign severity levels), and very few of them would allow a malicious hacker to perform mischief at administrator level.
Well, junta, just check the complete report card at theregister
Anyways, as usual .... Windows will live longer. But, I want to shout "Long live Linux !!!"

0 responses:


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.

I'm not a lawyer to tell this in a perfect framed sentence. Frame it by yourself if you are so concerned.
Dont think about the content of this blog. Every byte is owned by its rightful owner.
Rest © 2006-2007 Karteek