Language Selection

English French German Italian Portuguese Spanish

Microsoft vs Linux Reports - Sheer Waste Of Time?

Filed under
Linux
Microsoft

The report released by Security Innovation Inc., an application security company, comparing Windows Server 2003 security with Red Hat Enterprise Linux 3 Enterprise Server (RHEL3ES) is very interesting in its own right. Just skimming through the report reveals a few discrepancies that question its credibility.

The main page briefing about the paper states:
"Results of Independent Research Project that Microsoft Windows Server 2003 has Fewer Security Flaws than Multiple Configurations of a Compatible Linux Server." While the researchers are clearly mentioning the Microsoft product the use the more generic term "Linux". Why generalize? It is hard to believe that these PhDs do not understand the relevance of this statement. Why couldn't they just be direct and mentioned "RHEL3ES?"

In the report:
"Aside from beliefs over the relative "security" of the closed versus Open Source development paradigms, another important contributing factor is that Microsoft develops and releases all the components in their Web server stack. This allows Microsoft more control over release cycles and vulnerability disclosures than the distributed development method."

This brings up a couple of interesting points. Firstly, according to them implementing multiple components (software) in an enterprise makes the overall system more vulnerable. Well, so we must expect enterprises to immediately take actions to ensure that ALL their ERP, SCM, CRM, and, of course, Web Servers are from a single vendor. Though we hate to repeat this but have they ever heard of something called "vendor lock-in".

Secondly, the report states that Microsoft has control over release cycles AND VULNERABILITY DISCLOSURES. Do they intend to say that the "days of risk" has been significantly affected by the fact that the vendor has control as to when the vulnerability will be disclosed?

A little later comes:
"Another factor which helps Microsoft in terms of average days of risk is that Microsoft strongly encourages a "responsible disclosure" policy - that is, the company attempts to carefully coordinate vulnerability announcement with fix announcement and actively build relationships with new security researchers."

It does seem that the report is trying to explain that the companies buying the Microsoft products are supposed to work closely with Microsoft to ensure that the vulnerability announcement and fix announcements are as close as possible to ensure that the "days of risk" are kept to a minimum. We sincerely hope that we got this one wrong.

Though a lot more can be analyzed in the report, it does appear that "independent" research seems to have been done (or should we say, written) by people who think that Enterprise IT Heads are a bunch of fools who have all the time on earth to read through tones of pages of deceptive analysis.

Source.

More in Tux Machines

Debian News

  • Contributing with Debian Recommendation System
    Hi, my name is Luciano Prestes, I am participating in the program Google Summer of Code (GSoC), my mentor is Antonio Terceiro, and my co-mentor is Tassia Camoes, both are Debian Developers. The project that I am contributing is the AppRecommender, which is a package recommender for Debian systems, my goal is to add a new strategy of recommendation to AppRecommender, to make it recommend packages after the user installs a new package with 'apt'. At principle AppRecommender has three recommendation strategies, being them, content-based, collaborative and hybrid. To my work on GSoC this text explains two of these strategies, content-based and collaborative. Content-based strategy get the user packages and analyzes yours descriptions to find another Debian packages that they are similar to the user packages, so AppRecommender uses the content of user packages to recommender similar packages to user. The collaborative strategy compare the user packages with the packages of another users, and then recommends packages that users with similar profile have, where a profile of user is your packages. On her work, Tassia Camoes uses the popularity-contest data to compare the users profiles on the collaborative strategy, the popularity-contest is an application that get the users packages into a submission and send to the popularity-contest server and generates statistical data analyzing the users packages.
  • Looking for the artwork for the next Debian release
    Each release of Debian has a shiny new theme, which is visible on the boot screen, the login screen and, most prominently, on the desktop wallpaper. Debian plans to release Stretch next year. As ever, we need your help in creating its theme! You have the opportunity to design a theme that will inspire thousands of people while working in their Debian systems.
  • SteamOS 2.87 Arrives with Support for Nvidia GTX 1080/1070, AMD "Bonaire" GPUs
    Today, July 29, 2016, Valve announced the availability for download of a new stable version of its Debian-based GNU/Linux operating system designed for gaming, SteamOS 2.87. After being in the Beta stages of the development for the past two months, SteamOS 2.87 is now the latest stable and most advanced version of the gaming OS developed by Valve for personal computers and Steam Machines. It comes as a replacement for the previous stable release, SteamOS 2.70, announced back in April 2016. Prominent new features of SteamOS 2.87 include the availability of updated Nvidia and AMD Radeon graphics drivers, version 367.27 and AMDGPU-PRO 16.30 respectively, which now offer support for the recently announced Nvidia GTX 1080 and GTX 1070 GPUs, as well as for the "Bonaire" GPUs.

Ubuntu Leftovers

  • Willing To Experience Linux? Try Ubuntu Demo Right Now In Your Browser
    If you are new to the world of Linux, you might not be knowing about online Ubuntu Linux demo website. If you are planning to make a switch to Linux, you can head over to this website and get familiar with Ubuntu Linux.
  • Ubuntu Touch takes a huge step towards Convergence in OTA-12
    Ubuntu has a very ambitious goal with Ubuntu Touch. It proposed an operating system that could work equally on any capable device, a smartphone that can truly be your computer, no holds barred. That was the promise of Convergence, which we took for a spin with the Meizu PRO 5 smartphone and, before that, the bq Aquaris M10 tablet. The results back then where disappointing yet promising. Ubuntu Touch, as it was when we reviewed these devices, still lacked that punch that would make you truly go "wow!". But, unlike other operating systems, Ubuntu is fast evolving, and the latest OTA-12 brings much needed improvements to bring us closer to true Convergence.
  • Yakkety Yak Alpha 2 Released
  • [Mint] Monthly News – July 2016

Android Leftovers

Microsoft Watch

  • Microsoft to Cut 2,850 More Jobs in Exit From Phone Business [iophk: "and how many permatemps are also getting axed?" Ed: Lots of other layoffs for years now]
    Microsoft Corp. is more that doubling an earlier job cut plan, part of Chief Executive Officer Satya Nadella’s move to pare the company’s smartphone ambitions. Some 2,850 positions worldwide will be eliminated in fiscal 2017, the company said Thursday in a regulatory filing. That’s in addition to 1,850 job cuts, primarily in the smartphone hardware business and sales, announced in May.
  • Cortana removal will not be tolerated in Windows 10 Anniversary Update
    CORTANA IS taking over. The forthcoming Anniversary Update of Windows 10 has shown a new twist in Microsoft's 'do as we say' attitude towards customers. It appears that the update, due for release on 2 August, just three days after the end of the free upgrade period for Windows 10, removes the ability to turn personal assistant bot Cortana off, reported PC World (not that one, the IDG one). In all fairness, the upshot of this is fairly minimal. Cortana butts into your computing only if it's told to, and it's very easy for it not to. However, the fact that it's always on means that it's always collecting metadata, and that might leave some people feeling a tad uncomfortable.
  • Microsoft faces two new lawsuits over aggressive Windows 10 upgrade tactics [Ed: more of the same, still...]
    Microsoft is facing two more lawsuits over the company’s questionable Windows 10 upgrade tactics. Both suits are seeking class-action status. The first suit was filed in U.S. District Court in Florida. It alleges that Microsoft’s Windows 10 upgrade prompts “violated laws governing unsolicited electronic advertisements,” as reported by The Seattle Times. The suit also says Microsoft’s tactics are against the Federal Trade Commission’s rules on deceptive and unfair practices. The second suit was filed in June in Haifa, Israel alleging that Microsoft installed Windows 10 on users’ computers without consent. Microsoft already paid out a $10,000 award in a previous U.S. suit over similar circumstances. Microsoft told the Seattle Times it believes the suits won’t succeed. The Times also reports that Microsoft said Windows 10 upgrades (the Times report called them “updates”) are a “choice, not a requirement.” The story behind the story: That’s quite a disingenuous statement considering that Microsoft violated the known behavior of the Windows interface to essentially trick people into upgrading.