Linux vs. Windows: Which Is More Secure?

By Steven Vaughan-Nichols  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

According to Forrester Research, Microsoft fixes its security problems faster than the Linux vendors. That's a good thing, since Windows tends to have more severe security problems than Linux.

In a new report, Is Linux More Secure Than Windows? from Forrester Research Inc., based in Cambridge, Mass., Computing Infrastructures Senior Analyst Laura Koetzle finds that both Windows and Linux can be deployed securely. Microsoft Corp., however, fixes security problems the quickest—which is a good thing, since it also has the most major security holes.

Forrester found that many IT professionals believe that Linux is more secure than Windows, but Koetzle found that the real-world answer is more complicated than that simplistic analysis.

Koetzle believes, based on a survey of past security vulnerabilities, that security vulnerabilities follow a timeline—in other words, that they have a lifespan.

In this lifetime, real vulnerabilities to attack are usually born with a public disclosure of the problem in a form like the Bugtraq security mailing list. Next, the ISVs or open-source developers prioritize the vulnerability and build a stable fix for it.

Lagging behind these developers, unscrupulous hackers then start exploiting the vulnerability. However, it's only after one of them builds an automated script tool for unskilled vandals (aka script kiddies) that the number of attacks really takes off.

The real period of enterprise vulnerability is after these script-kiddy tools appear and before customers apply the patch. In other words, most real-world security breaches on either operating system could be fixed with timely patch management.

Click here for the full story.

Steven J. Vaughan-Nichols is editor of eWEEK.com's Linux & Open Source Center and Ziff Davis Channel Zone. Prior to becoming a technology journalist, Vaughan-Nichols worked at NASA and the Department of Defense on numerous major technological projects. Since then, he's focused on covering the technology and business issues that make a real difference to the people in the industry.

Submit a Comment

Loading Comments...