Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."
sounds to me like they know their study was shoddy and slanted, but they don't think you'll have enough care to prove them wrong, you'll just accept what they preach like a good little [something].
I wonder if they have heard bout the Honeynet Project? Their recent findings are that a network with unpatched/unsecured Windows boxes is cracked within minutes. Whereas an unpatched/unsecured Linux box will stay safe for months.
It seems that for the tests, they used freshly installed out of the box installs of Red Hat and Server 2003. So really, we are comparing the windows kernel, and the minimal software that comes with against Redhat's what? 6GB of optional software add-ons (no doubt they did a 'full' install). So if we compare the patches against the raw size of software being patched I think we can safely conclude that Redhat's percentage of patches to MB of installed software is much lower.
Not to mention that the amount of patches you had to install is a highly dubious way of contending a systems security. The real question is how many vulns in windows remained *unpatched* (if not undescovered...).
"FL Tech will deliver services to define and document all the various aspects of testing for security vulnerabilities in Microsoft software, as directed by Microsoft"
Not that I've read the report, but given the metrics mentioned in the article, it would seem quite plausible to me that MS Server 2003 would come out on top of Red Hat. That's not to say that they are the only measures of security. Seems like all the FUD of the past month has really been centered around this, too.
I'd like to see a study comparing the security of the kernels, not the frequency or availability of pathces. There are very simple kernel modifications that neither make that can do a lot to mitigate existing vulnerabilities.
This seems like a pretty worthless "study" if all they measured were the total number of vulnerabilities and the actual and average response times to patch them. Gee guys, how about including something that matters, like say the severity of the vulnerabilities? My point is that if Linux had 10 minor vulnerabilities that could enable a malicious person to conduct low-impact mischief, but Windows had 7 critical vulnerabilities that could enable a malicious person to run arbitrary code, then the "superior" score for Windows is meaningless. -- J.W.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.