Security: Windows vs. Linux

     Koetzle, L. (2004). Is Linux More Secure Than Windows? Forrester Research, Cambridge, Mass.
     Petreley, N. (2004). Security Report: Windows vs. Linux. The Register. (Published October 22, 2004 and retrieved January 5, 2005.)

     Koetzle's paper was published in March 2004 and compares Debian, MandrakeSoft, Microsoft, Red Hat and SuSE. Each platform was evaluated based on data gathered between June 1, 2002 and May 31, 2003, according to four metrics — "all days of risk," quantifying the platform's actual vulnerability to attack; "distirbution days of risk," comparing the Linux distributors' responsvieness to a vulnerability; "flaws fixed," measuring the platform maintainers' thoroughness, and the percentage of high-severity vulnerabilities. Among the study's findings: Microsoft demonstrated the lowest average "all days of risk," and Red Hat and Microsoft tied in terms of relative severity and thoroughness.
     Petreley's study, published in October 2004, compared Microsoft Windows Server 2003 and Red Hat Enterprise Linux AS v.3, based on the severity of the security vulnerability (determined by the damage potential, the exploitation potential, and the exposure potential), and the number of critically severe vulnerabilities. Petreley found that whereas 10% of Red Hat's patches and alerts addressed critical vulnerabilities, 38% of Microsoft's patches and alerts addressed vulnerabilities ranked by Microsoft as critical. The report also includes a detailed discussion of security and severity metrics. Posted by Chris Hodge at January 5, 2005 04:08 PM | TrackBack | Links to this post
Categories: Open Source | Security