Is Linux more secure than windows?

[blubomber]

Found this article and it was pretty interesting. Thought i would share.

http://www.snpx.com/cgi-bin/news5.cg...54783416?-2622

[willy_ph]

Quote:

The metrics measured what Forrester described as “days of risk,” the number of total days between a vulnerability made public and its first patch, the percentage of the vulnerabilities actually patched -- “There's no credit for fixing 20 percent of vulnerabilities lightning-fast and ignoring the rest,” said Koetzle -- and the percentage of the vulnerabilities rated as “high” by the U.S. government's National Institutes for Standards and Technology's (NIST) ICAT project.

Surprisingly, Microsoft did the best job at patching vulnerabilities fast, even though it ranked at the top with the largest percentage of its security holes rated as high, said Koetzle.

I'd prefer to have several small vulnerabilities than one or two significant problems with my system. MS may be able to supply a patch quickly, but that doesn't necessarily represent an effective solution to the main problem: that they're software is full of vulnerabilities.

Personally, I think it is better to deal with several small vulnerabilities that a couple of substantial problems. Also, this survey only takes into account statistics. Statistics are helpful, but don't always tell the entire tale about the issue that you're suveying.

[originel]

it does mention something worthwhile tho: a system is only as secure as you make it. Both windows and linux can be incredibly secure, and both can be incredibly insecure. In my experience Linux is much more stable out of the box (varying from distro to distro) than windows is, but even still it's not that secure.

another thing they don't take into account is the visibility of bugs. Bugs can be discovered by anyone (who knows programming anyways) in linux by reviewing the code and catching it before it becomes a problem. This happens in windows too with it's internal programmers, but the number of programmers reviewing windows code is significantly smaller than the programmers reviewing linux. also since windows is closed source there could be unpathced bugs (as mentioned about linux in the article) that no one can know about and won't be reported. So there is always that unknown factor that is much greater than it is for linux.

Another thing they didn't mention at all is frequency of attacks. Windows is attacked significantly more than linux because most computers run windows. But you still have to keep in mind that a properly secured windows box won't have any issues with that.

So in the end i say they are the same.

[SpookyEddy]

Quote:

Bugs can be discovered by anyone (who knows programming anyways) in linux by reviewing the code and catching it before it becomes a problem. This happens in windows too with it's internal programmers, but the number of programmers reviewing windows code is significantly smaller than the programmers reviewing linux.

IMO this is not really true, relatively few linux users have the required knowledge to properly audit code for security issues and an even smaller proportion could be bothered to do so even if they had the skills.

Regards

ed