OS Security: Linux vs. Windows
Much has been said about the security of Linux vs. Windows. Some columnists have noted that Linux tends to have had more patches released for it in the last year than XP. I won't argue that point. But I will argue that you can judge security based simply based on the cumulative number of patches.
First, you're basing apples with oranges. The typical Linux distribution (Red Hat, Fedora, SUSE, Mandrake, etc.) contains a lot more software than does Windows. To be fair, you'd have to compare Windows XP with all the programs you get in typical Linux distro such as a CD burning program, office software, SSH server, web server, ftp server, anti-spam software, photo editor, etc.
Secondly, you need to compare the severity of Windows vulnerabilities with those of Linux. Not all vunerabilities can be treated the same - they're not. A typical Windows vulnerability tends to be much more serious than a Linux one. Don't believe me? Take a look at the recent list of patches (see the link). Here's a quick analysis:
Of the ten recent vulnerabilities, three are rated as Serious and are capable of "remote code execution". If you're running with administrator privileges (and by default, every Windows XP user is), that gives a remote attacker the ability to take over your system. Four other vulnerabilities are rated only as Important. However, they also allow for remote code execution. The last three are rated as Moderate. So of the 10 recent patches, 2/3 of them could allow an attacker to take over your system.
Several vendors have issued a common statement pointing out this very flaw in the Forester study Is Linux more secure than Windows?
Linux has vulnerabilities that are found that can execute remote code, but only with the privileges of that application with that vulnerability. Unless you're using Linspire, you don't run Linux with root privileges. So anything you execute doesn't have the authority to corrupt or infect the OS or run other processes it doesn't normally have access to (like running code to change other code).
First, you're basing apples with oranges. The typical Linux distribution (Red Hat, Fedora, SUSE, Mandrake, etc.) contains a lot more software than does Windows. To be fair, you'd have to compare Windows XP with all the programs you get in typical Linux distro such as a CD burning program, office software, SSH server, web server, ftp server, anti-spam software, photo editor, etc.
Secondly, you need to compare the severity of Windows vulnerabilities with those of Linux. Not all vunerabilities can be treated the same - they're not. A typical Windows vulnerability tends to be much more serious than a Linux one. Don't believe me? Take a look at the recent list of patches (see the link). Here's a quick analysis:
Of the ten recent vulnerabilities, three are rated as Serious and are capable of "remote code execution". If you're running with administrator privileges (and by default, every Windows XP user is), that gives a remote attacker the ability to take over your system. Four other vulnerabilities are rated only as Important. However, they also allow for remote code execution. The last three are rated as Moderate. So of the 10 recent patches, 2/3 of them could allow an attacker to take over your system.
Several vendors have issued a common statement pointing out this very flaw in the Forester study Is Linux more secure than Windows?
Linux has vulnerabilities that are found that can execute remote code, but only with the privileges of that application with that vulnerability. Unless you're using Linspire, you don't run Linux with root privileges. So anything you execute doesn't have the authority to corrupt or infect the OS or run other processes it doesn't normally have access to (like running code to change other code).
posted by Jason @ 1:52 a.m.
0 Comments:
Post a Comment
<< Home