[ISN] Linux and Windows security neck and neck

[InfoSec News]

http://www.vnunet.com/vnunet/news/2139790/surveys-useless-security

Iain Thomson
vnunet.com 
14 July 2005 

There is little to choose between Microsoft and Linux in terms of
operating system security, according to experts, but misleading
figures and surveys are muddying the waters for IT managers evaluating
the platforms.

Graham Titterington, principal analyst at Ovum, told vnunet.com that,
while in security terms the gap between Linux and Microsoft had
shortened, Linux had the edge.

However, he suggested that the mass of statistics put out by both
sides was obfuscating the issue.

"A couple of years ago Linux was without doubt more secure than
Windows, but things have changed a lot," said Titterington.

"My hunch would be that Linux still has the edge but it's difficult to
tell with all this misleading information being pumped out.

"Just doing a head count of vulnerabilities is useless, for example,
if you're not grading the seriousness of the vulnerabilities."

He added that Microsoft had made real progress on security in the past
two years, but that the increasing number of Linux enthusiasts coming
into the market would help the open source alternative in the long
run.

John Engates, chief technology officer at managed hosting company
Rackspace, which offers both Linux and Windows hosted servers, said:  
"If you think about where you get Linux talent it's in the younger
generation.

"Linux has a slight advantage in that computer science students are
learning it, but Microsoft has made life easier for non-techies,
particularly with its improved patches."

Engates added that his company manages 13,000 servers, roughly half of
which are open source and half Microsoft. He claims to see little
difference between the security on either platform.