Jeff Jones complains about Linux advocates making a baseless assertion that Linux is more secure than Windows. To prove his point he compared vulnerabilities with varying degrees of severity for Windows XP SP2 and Red Hat Desktop 3/4. The results are shocking for every Linux fan. Although, I believe that his vulnerability summary is probably correct, it does not say much about security.

Security experts regularly confuse vulnerability with security issues. Often, they are developers or former hackers. Thus, their main concern is the theoretical possibility of breaking into a system. However, in practice this is more or less irrelevant. When it comes to security, the only thing that counts is the probability of someone or some malware breaking into a system.

The number and the severity of vulnerabilities is only one aspect. However, there are factors which by far are more important: the number of other, similar systems (important for worms and viruses), the number of people who are able to write exploits for a system, the number of hacker/crackers specialized on a certain system, the average expertise of the people managing/using a system (administrators, home users), their average concern about security, the average number of installed security tools, etc.

Consider this analogy. Your own body has some apparent vulnerabilities. Someone can harm you very easily using a simple knife. It would reduce your vulnerability considerably if you wear armour all the time. Would you feel more secure , then? Do you think that you would live longer because you reduced your vulnerability? If you are currently in South Lebanon, you would indeed be seriously worried about the vulnerability of your body. Wearing armour certainly improves security in this situation. The point is that you can only say something about the security of a certain system if you consider the whole environment.

I am certainly not one of these fanatic Linux advocates. However, for me it is quite obvious that Linux or any other non-Windows system is more secure, simply because they are lesser in number and also because of the other factors I mentioned above. Any Windows environment is still a battle field. Obviously, this has nothing to do with the often stated claim that Open Source is superior to Closed Source when it comes to security.

The only thing you can infer from Jeff's impressive vulnerability summary is that Microsoft's programmers have been doing a good job lately. But, if you are a system administrator you won't feel more secure, especially after you counted the malware that the virus scanner caught on your Windows systems during the last hour.

Subscribe to 4sysops newsletter!

Via Steve Lamb's Blog


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account