Saturday, September 16, 2006

Windows Security VS Linux/Unix Security

I am always believing that media could do anything even the invert of truth, why I am saying this?

Because all the previous time, people were thinking the Linux/Unix is much secure than Windows, which I finally found the proof that it’s not true:
Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 multiple operating system vulnerabilities
Source: http://www.us-cert.gov/cas/bulletins/SB2005.html

10 comments:

Mohamed Moshrif said...

I mean the numbers, as Linux users always claiming that windows numbers are much bigger than linux, ok, get me numbers to prove this

Ramy Mahrous said...

@Karim
So, what is the core reason that the salary of LINUX or other OSs administrator >>>>>>>>>>>> of Windows administrator?

Mohamed Moshrif said...

I just have one comment on your comment, do you mean that patches for Linux are available before Windows?!!!

Everyone knows well that MS patches is the fastest patches in the market, especially security patches which have release curves of days.

And what the name of those security wholes which are not patched yet?!!

Mohamed Moshrif said...

Also things that not everybody know, when did they start?!

UNIX: Around 1970
Linux: Around 1984
Windows Server: It began with Windows 2000 server.

So as you see, Linux and UNIX servers started long time before windows, and that’s why they have this share now, but as you see, numbers of customers who are changing from Linux/Unix into Windows Server is greater than those changing from Windows into Linux/Unix.
Now for security part, here you are some links which are talking about Linux security from Black Hat Hackers’ community:

http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Gutterman.pdf
http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-hardy/bh-eu-04-hardy.pdf
And here you are another study which is talking about comparison between Windows and Redhat Linux web servers including days of attack (time between vulnerability is discovered and the actual patch is made available)
http://www.securityinnovation.com/pdf/windows_linux_final_study.pdf

Comparing total cost of security patch management:
http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf
Windows Users Have Less Vulnerability:
http://download.microsoft.com/download/9/c/7/9c793b76-9eec-4081-98ef-f1d0ebfffe9d/LinuxWindowsSecurity.pdf

If you need more just tell me

Mohamed Samy said...

Also things that not everybody know, when did they start?!

UNIX: Around 1970
Linux: Around 1984
Windows Server: It began with Windows 2000 server.


A small correction: Windows server actually started with Windows NT Advanced server in 1993. Also, while the GNU project (which constitutes a large part of a Linux distribution) was created in the 80's, the Linux kernel project began in 1991 and Linux 1.0 was released in 1994, so Linux is actually younger than Windows!


Mohamed Samy

Mohamed Moshrif said...

Actually windows 3.1 was for workstation only, not for servers, see the windows history for more details, windows server started with 3.5, and when this is compared to the same Linux at that time you'll find that Linux (which started as GNU in 80's as you said) was built as fully server because it was started as server mainly, while windows emerged from client OS as that time, so as you see, Linux was having much longer time in research and also longer time in market, and when I said windows 2000, I was talking about the 1st real enterprise server, I think you knew what I meant now

Mohamed Samy said...

Actually windows 3.1 was for workstation only, not for servers, see the windows history for more details
windows server started with 3.5


I humbly disagree. The first server edition was NT 3.1 Advanced Server in 1991, designed to compete with Netware and the Unixes.
please see this

[Linux] was started as server mainly , while windows emerged from client OS as that time

Actually, Linux began as a hobbyist OS by a colledge student. It took many years of rewriting everything Unix had until it was ready for business. Redhat Linux for example ( one of the earliest commercial distributions) was created in 1994.

Linux was having much longer time in research and also longer time in market

You're comparing the research of a company who can hire anybody and do anything with a group of volunteer programmers.
When the GNU project started, they had, among other things, to write their own editor and C compiler and then begin working on an OS. Compare that to Microsoft who had all the needed infrastructure when writing NT. Not to mention that the project was lead by veteran David Cutler and a team of pro OS developers, not by some colledge student.
............

For what it's worth ,I don't think Linux is even finished yet. Yes I believe it's very good for a lot of tasks,and it's getting better by the day, but there are still Windows features that it doesn't have.

Mohamed Moshrif said...

In the link you gave:

1- It was releases in 1993 not 1991.
2- No mention any where that it was released to compete with Netware and Unixes.
3- Yes I compate both, MS at that time wasn't like MS now, it was also a group of small developers whose number doesn't exceed 100 (at the time of research which was 1988).

Ramy Mahrous said...

@Meshref
enta fkrtny bmodo3 bardo 3n el media .. roo7 kda as2l ay 7ad hoa el Windows XP bu23od ad aih sh3'al sleem hu2olk 49 hours, t2olo 3rft mneen u2olk goz o7'ty 7'alo ebn 3amto baa el bwab bt3hom lih 7'al 3ndo computer wy alna kda, tb enta grbt el modo3 dah abl ma ttklm hu2olk laa homa bu2olo kda..
wy u2olk dah fy memory leak wy kalam el far3' dah
tb walahy ana basib el PC bta3y bel ayam mftoo7 wala ay 7aga btnzl wala aa2rb moda kont sayb el PC 3 days and 18 hours ya3ny 90 hours wy b3d kda esht3'lt 3la el VS 2005, SQL 2005 and JDeveloper wy ghaz kan mya mya.. el mohm 99% mn ely bu2ol kda sh3'al 3la windows :D
ah s7i7 3lshan ely 3awz u3rf ad aih el windows reliable ud7'ol ushof ana mnzl kam program 3ndy 3la el PC last post on my blog

Mohamed Moshrif said...

One more thing about Linux, Linux arch. was the same like Unix, so the design time was minized by a huge factor, while windows was not