In a new report, Is Linux More Secure Than Windows? from Forrester Research Inc., based in Cambridge, Mass., Computing Infrastructures Senior Analyst Laura Koetzle finds that both Windows and Linux can be deployed securely. Microsoft Corp., however, fixes security problems the quickestwhich is a good thing, since it also has the most major security holes.
Forrester found that many IT professionals believe that Linux is more secure than Windows, but Koetzle found that the real-world answer is more complicated than that simplistic analysis.
Koetzle believes, based on a survey of past security vulnerabilities, that security vulnerabilities follow a timelinein other words, that they have a lifespan.
In this lifetime, real vulnerabilities to attack are usually born with a public disclosure of the problem in a form like the Bugtraq security mailing list. Next, the ISVs or open-source developers prioritize the vulnerability and build a stable fix for it.
Lagging behind these developers, unscrupulous hackers then start exploiting the vulnerability. However, it’s only after one of them builds an automated script tool for unskilled vandals (aka script kiddies) that the number of attacks really takes off.
The real period of enterprise vulnerability is after these script-kiddy tools appear and before customers apply the patch. In other words, most real-world security breaches on either operating system could be fixed with timely patch management.