iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Is The Windows Server Environment More Secure Than Linux?
Search:
[ insider_reports_insider ]

Is The Windows Server Environment More Secure Than Linux?



Chris Richardson
Contributing Writer
2005-03-24

SecurityProNews: Insider Reports Insider Reports RSS Feed


Which server environment is more secure? Windows or Linux? This question has been debated to the nth degree at the various computer forums, blogs, and numerous other places.

Tux Or 2003
Which Server Environment Is More Secure?

A study conducted by Security Innovation may give a more definitive answer, although it will probably just re-ignite the old arguments. In an extensive white paper, the Security Innovation team compared, amongst other things, the number of vulnerabilities each server environment faced. The study also compared the amount of time a security risk remained a risk to the server setup in question.

This was done in order to determine which environment was most at risk. In order to present solid findings, the team tested their data under the different installation configurations available. The white paper offers cumulative results and they may surprise some readers.


The following table summarizes SI's findings with respect to vulnerability counts for the three configurations considered:

Severity Windows Server 2003 RHEL ES 3 Minimal RHEL ES 3 Default
High 33 48 77
Medium 17 60 69
Low 0 7 8
Unknown 2 17 20
Total 52 132 174

The table below summarizes the days of risk results for the three configurations considered:

  Windows Server 2003 RHEL ES 3 Minimal RHEL ES 3 Default
Days of Risk: High Severity 1145 2124 3893
Days of Risk: Medium Severity 426 4003 5303
Days of Risk: Low Severity 0 921 943
Days of Risks: Not Known 55 2142 2276
Cumulative Days of Risk 1626 9190 12415
Average Days of Risk Per Vulnerability 31.3 69.6 71.4


Among other things, the study concludes:

"On balance, as security practitioners, we know that both the Red Hat and Microsoft solutions can be used to provide a secure solution when deployed and administered with the right skills and under the right policy. Based upon both counts/lifecycles of bugs and the absence/presence of qualitative drivers of security, it appears that Microsoft may have an edge in many environments.

Put another way, looking at the software security factors that each vendor has the ability to directly affect - software security quality and security response - the data shows that a web server workload built using Windows Server 2003 has fewer security vulnerabilities requiring customer mitigation or patching than a similar workload built on Red Hat Enterprise Linux."

Microsoft potentially safer than Linux? The reaction should be quite interesting.

PS: Security Innovation runs IIS 5.0 and the study was paid for by Microsoft.

Read the white paper


Mozilla Issues Firefox Security Update

Mozilla has patched a Firefox vulnerability, discovered by the Internet Security Systems group. The concern has to do with the method in which Mozilla's browser resolves .gif images.

According to ISS, the security flaw was discovered in the, "GIF image processing library used in software developed by the Mozilla Foundation. This library is used by the Firefox web browser, the Mozilla browser, and Mozilla's Thunderbird Mail client. By crafting a GIF file in a malicious manner, an attacker is able to trigger a heap overflow within the application viewing the image, leading to arbitrary code execution and remote compromise."

No known attacks taking advantage of the security flaw have been reported.

The findings for the hole were published by ISS yesterday and in true Mozilla fashion, a patch and a press release were issued before the day was out.

Chris Hoffman, director of engineering for the Mozilla Foundation, says, "The Mozilla Foundation is deeply committed to providing its users with the safest Internet experience possible. To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities. For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response."

An updated version of Mozilla's popular browser is available at GetFirefox.com.


About the Author:
Chris Richardson is a search engine writer for WebProNews. Visit WebProNews for the latest search news.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds