Being as a Windows geek tho, I consider Linux as a more powerful server operating system than Windows. When I saw OS comparison at http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I was shocked! Showed it to a friend and he felt like being brainwashed :D lol. What do you fellows think about this?
Thanks.
On Sat, Aug 23, 2008 at 12:00 PM, ABBAS KHAN bashukhan@gmail.com wrote:
Being as a Windows geek tho, I consider Linux as a more powerful server operating system than Windows. When I saw OS comparison at http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I was shocked! Showed it to a friend and he felt like being brainwashed :D lol. What do you fellows think about this?
It's marketing, plain and simple. Do you think that a windows website is going to expound upon the virtues of linux while trying to sell a competing product?
When you look at the supposed security reports comparing windows and linux, are they figuring in everything that ships with the distribution as a 'linux' vulnerability? For example, when comparing RHEL against Win2k3, do they figure openoffice stats against linux while saying that MSOffice is separate?
Do they use default configurations against tuned setups when comparing speeds?
Most importantly what is your system administrator familiar with? Many times security and system stability come down to the skill of the administrator responsible for the system. A stellar windows admin with a windows server is better than a shoddy linux admin with his/her distro-de-jour.
Use the tools appropriate for the task, within the administrator's skillset. If no such combination exists, find a new admin. These days, system admins are a dime a dozen, but if you find one who is truly gifted in the art, they're worth their weight in gold.
ABBAS KHAN wrote:
Being as a Windows geek tho, I consider Linux as a more powerful server operating system than Windows. When I saw OS comparison at http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I was shocked! Showed it to a friend and he felt like being brainwashed :D lol. What do you fellows think about this?
windows has only one vulnerability: - windows is vulnerable to attacks
other systems and programs have millions of vulnerabilities: - foo program allows an attacker in 10.1.2.3 to access /etc/hosts - foo program allows an attacker in 10.1.2.3 to access /etc/aliases now repeat this for every possible file and for the 2^32 IP addresses, and you get as many vulnerabilities as you can count.
and think of it. windows is 100% by default. you need to power the system before it gets owned. and did you read the ULA? you paid to use the system, but what makes you believe you will be the only one? it is a shared system. anyone on the internet can use it. it's not a vulnerability, it's a feature.
and windows is "user friendly". if a vulnerability is found, why fix it and annoy the user? just issue a dialog box "this may be unsafe. do you really want to...?". after all, the user paid. no?
more seriously, using vulnerability count as a security measure is childish at best. Are 5 cents more than 1 euro (dollar|...)? do 10 rabbits eat a lion?
but in this particular case, there is no child play. it is intentional:
" Reliance on a single metrics is a major feature of Microsoft's Get the Facts campaign, and this is perhaps understandable if we consider what the campaign is. It is essentially a marketing-driven campaign intended to .... " Source: http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/
Hi, that MS article is just marketing fluff. Here is a less biased viewpoint: http://arstechnica.com/news.ars/post/20080425-study-70-percent-say-red-hat-m...
Its further interesting to note that at a CanSecWest conference earlier this year, researchers were given access to 3 machines to attempt to hack. The OSX laptop was compromised on day 2, the Vista laptop on day 3, and the machine running Ubuntu linux wasn't hacked into at all.
On Sat, Aug 23, 2008 at 6:27 PM, Damian S dsteward@internode.on.net wrote:
Hi, that MS article is just marketing fluff. Here is a less biased viewpoint: http://arstechnica.com/news.ars/post/20080425-study-70-percent-say-red-hat-m...
Its further interesting to note that at a CanSecWest conference earlier this year, researchers were given access to 3 machines to attempt to hack. The OSX laptop was compromised on day 2, the Vista laptop on day 3, and the machine running Ubuntu linux wasn't hacked into at all.
Mac OS X is based on UNIX (BSD) and the OSX laptop was the first to be compromised. This illustrates that any OS can be compromised, depending upon how securely it is configured. It took another day to break into the Vista laptop. The Ubuntu Linux box probably was a much later OS and configured better?
On Sun, 2008-08-24 at 12:54 -0500, Lanny Marcus wrote:
On Sat, Aug 23, 2008 at 6:27 PM, Damian S dsteward@internode.on.net wrote:
Hi, that MS article is just marketing fluff. Here is a less biased viewpoint: http://arstechnica.com/news.ars/post/20080425-study-70-percent-say-red-hat-m...
Its further interesting to note that at a CanSecWest conference earlier this year, researchers were given access to 3 machines to attempt to hack. The OSX laptop was compromised on day 2, the Vista laptop on day 3, and the machine running Ubuntu linux wasn't hacked into at all.
Mac OS X is based on UNIX (BSD) and the OSX laptop was the first to be compromised. This illustrates that any OS can be compromised, depending upon how securely it is configured. It took another day to break into the Vista laptop. The Ubuntu Linux box probably was a much later OS and configured better?
---- I vaguely recall that the compromise on the OSX laptop was a breach in Safari (big surprise there - not)
Windows security has improved some...this is a useless thread
Craig
-
ABBAS KHAN -
Craig White -
Damian S -
Jim Perrin -
Lanny Marcus -
mouss