Enterprise Initiatives

This blog focuses on Enterprise IT topics such as Enterprise Architecture, Portfolio Management, Change Management, Business Process Management, and recaps various technology events and news.

Many of the folks I know who have issues with Linux, lean on unproven myths and perceptions to prove their point. I prefer to back arguments with research and real data. In doing so I stumbled across a well-researched article that answers many questions about the Windows vs. Linux security debate. It is a rather long article so I'll highlight a few sentences out of it.

While discussing the myth, "Windows only suffers so many attacks because there are more Windows installations than Linux, therefore Linux would be just as vulnerable if it had as many installations", the article states:

...according to Netcraft, 47 of the top 50 web sites with the longest running uptime (times between reboots) run Apache. None of the top 50 web sites runs Windows or Microsoft IIS. So if it is true that malicious hackers attack the most numerous software platforms, that raises the question as to why hackers are so successful at breaking into the most popular desktop software and operating system, infect 300,000 IIS servers, but are unable to do similar damage to the most popular web server and its operating systems?

Malicious software is so rampant that the average time it takes for an unpatched Windows XP to be compromised after connecting it directly to the Internet is 16 minutes -- less time than it takes to download and install the patches that would help protect that PC.

While discussing the myth, "Open source is inherently dangerous because the code is readily available", the article states:

Windows Server 2003 has experienced the most severe security holes. Microsoft's own classification of the flaws shows that 38% of the patched programs are rated as Critical. If we apply the metrics outlined in the previous sections, we would have to raise that to between 40-50%.....In sharp contrast, of the 40 vulnerabilities listed by Red Hat, only 4 are rated as Critical by our metrics (Red Hat does not list a severity rank for its alerts). That means 10% of the most recent 40 updates are of Critical severity.

There is a lot more good information in this article so feel free to read more...

read more


Post a Comment

Subscribe to: Post Comments (Atom)

My favorite sayings

"If you don't know where you're going, any road will get you there"

"Before you build a better mouse trap, make sure you have some mice"