 |
More of my sitesWinInfo Daily News
|
About this siteFor six years, the Internet Nexus served as my technology blog, but I've since started blogging at the SuperSite Blog instead. If you're looking for the blog, please head there. --Paul Tuesday, July 13, 2004Windows vs. Linux security: No unbiased reportsNewsForge: " Forrester Research published a report last March that came to the unlikely conclusion that Linux is no more secure than Windows. Last month, Danish security firm Secunia compared security across operating systems and concluded that Windows was more secure than many people think. Both studies are easy to counter with a little research and common sense, but that still leaves us without any meaningful third-party operating system security assessment ... A rash of articles recently claimed Linux was less secure than Windows because the total number of security alerts for Linux outnumbered those for Windows. Once again, the articles failed to address any meaningful data, such as the severity of the flaws reported, whether the flaws counted against Linux were actually flaws in applications or programming environments that run on both Linux and Windows (such as the Apache Web server or PHP programming language), and so on ... There is a fatal flaw in the Secunia data, at least as it is presented for public consumption ... Secunia tells you the percentage of vulnerabilities can be exploited by remote users, and the percentage of vulnerabilities which allow the cracker to escalate privileges possibly to administrator level, the graphs do not tell you where the data for these figures intersect. It should be self-evident that the most serious type of vulnerability is one that makes it possible for an anonymous user to gain administrator privileges and seize control of your system via the Internet. After all, which is more dangerous to your organization, a flaw that can only be exploited by someone with a valid user account and physical access to your machine, or a flaw that is exposed to every hotshot cracker in cyberspace?" [ Posted at 7:35 PM | Permalink ]
|
|
Nexus Home | Nexus Archives | Email Paul
|