Analyst Meeting: Microsoft, Linux, and Security

[Guest]

Analyst Meeting: Microsoft, Linux, and Security
   One topic Ballmer had no problem broaching is security and the company's arch-foe, Linux. Ballmer cited the CERT Coordination Center's (CERT/CC's) 2002 OS advisories, noting that Sun Microsystems' Solaris and Red Hat Linux both garnered 12 advisories, whereas Microsoft received 5 across all Windows versions. He also noted that Linux vulnerabilities were growing 21 percent faster than those from Microsoft, with the open-source solution suffering 485 vulnerabilities in 2002 compared with 202 for Microsoft. Jumping to an oft-cited "advantage" of Linux, Ballmer then provided evidence that major open-source vendors usually deliver important security patches for Linux far later than Microsoft does for Windows. From January 2002 to October 15, 2002, for example, Red Hat released nine security patches one or more months after other vendors; those Red Hat systems, he said, remained vulnerable while customers waited for the patches. "Can IBM give you a product roadmap for Linux?" Ballmer asked. "Can they deliver new features and fixes to Linux? Does it indemnify the intellectual property in Linux? No, no, and no." Go, Ballmer. Go, go, go.

And there were those people who didn't believe me when I was saying that Linux had experienced far more security flaws than Windows. Especially when you consider the distribution.:)

[PIX]

The very nature of open source allows anyone to inspect the security of the code. Microsoft
as made their claims that their products are secure, but they offer NO guarantee. Windows
is closed source with no way for users to fix or diagnose. I don't recall anyone I know ever
saying that the *nux systems were more secure. I will personally state that the *nux operating
systems are more reliable and more robust. There are numerous testimonials of active servers with
uptimes measured in years. Microsoft fixed most of the 'Blue Screen of Death' problems with the
release of Windows 2000, but 'code bloat' has introduced more reliability problems. I personally
stand by the FreeBSD operating system for it's reliability and security. BSD is NOT linux. A default
FreeBSD installation has yet to be affected by a single CERT security advisory since 2000. RedHat
is notorious for turning on VERY insecure services by default. FreeBSD uses the system of kernel
security levels which are more powerful than simple run-levels. They allow the admin to deny access
to certain OS functions such as reading /dev/mem, changing file system flags..etc.
Lastly, let's look at the cost equation. I priced 3 licenses for Windows 2003 Enterprise server for a new
client. It was going to be a little over $8000....gasp. I can run pretty much the same apps utilizing
SAMBA and WINE for the internal clients on a Mandrake Linux or FreeBSD 5.0 for the cost of buying
6 blank CD's.

[Guest]

Now that I agree with. however, my original point was that one day in Chat, I pointed out the Linux distributions (not FreeBSD) had more security alerts per user than Microsoft did. This sparked a massive in-game chat about it all. So, I thought I'd back up my words:)

Personally, I like windows for it's ease of use, and the reliability that XP certainly offers. I also like Linux and FreeBSD for it's cost. So, it's always a user vs cost that needs to be done for a client. :-D

[PIX]

Damn tootin on that ease of use.:D

[_Acid_Head_]

VIRUS!

[Guest]

Linux has viri too:)