Language Selection

English French German Italian Portuguese Spanish

Microsoft vs Linux Reports - Sheer Waste Of Time?

Filed under
Linux
Microsoft

The report released by Security Innovation Inc., an application security company, comparing Windows Server 2003 security with Red Hat Enterprise Linux 3 Enterprise Server (RHEL3ES) is very interesting in its own right. Just skimming through the report reveals a few discrepancies that question its credibility.

The main page briefing about the paper states:
"Results of Independent Research Project that Microsoft Windows Server 2003 has Fewer Security Flaws than Multiple Configurations of a Compatible Linux Server." While the researchers are clearly mentioning the Microsoft product the use the more generic term "Linux". Why generalize? It is hard to believe that these PhDs do not understand the relevance of this statement. Why couldn't they just be direct and mentioned "RHEL3ES?"

In the report:
"Aside from beliefs over the relative "security" of the closed versus Open Source development paradigms, another important contributing factor is that Microsoft develops and releases all the components in their Web server stack. This allows Microsoft more control over release cycles and vulnerability disclosures than the distributed development method."

This brings up a couple of interesting points. Firstly, according to them implementing multiple components (software) in an enterprise makes the overall system more vulnerable. Well, so we must expect enterprises to immediately take actions to ensure that ALL their ERP, SCM, CRM, and, of course, Web Servers are from a single vendor. Though we hate to repeat this but have they ever heard of something called "vendor lock-in".

Secondly, the report states that Microsoft has control over release cycles AND VULNERABILITY DISCLOSURES. Do they intend to say that the "days of risk" has been significantly affected by the fact that the vendor has control as to when the vulnerability will be disclosed?

A little later comes:
"Another factor which helps Microsoft in terms of average days of risk is that Microsoft strongly encourages a "responsible disclosure" policy - that is, the company attempts to carefully coordinate vulnerability announcement with fix announcement and actively build relationships with new security researchers."

It does seem that the report is trying to explain that the companies buying the Microsoft products are supposed to work closely with Microsoft to ensure that the vulnerability announcement and fix announcements are as close as possible to ensure that the "days of risk" are kept to a minimum. We sincerely hope that we got this one wrong.

Though a lot more can be analyzed in the report, it does appear that "independent" research seems to have been done (or should we say, written) by people who think that Enterprise IT Heads are a bunch of fools who have all the time on earth to read through tones of pages of deceptive analysis.

Source.

More in Tux Machines

Software: LibreELEC 8.0.1 (Kodi), MKVToolnix 10.0.0, Claws Mail 3.15)

  • LibreELEC (Krypton) v8.0.1 MR
    LibreELEC (Krypton) v8.0.1 MR is available bringing Kodi v17.1, hardware support for the Raspberry Pi Zero W, improved software HEVC decoding on RPi3/CM3 hardware, driver support for Fe Pi audio cards, and support for Cirrus Logic DAC audio cards (thanks to @HiassofT). The bump to Kodi v17.1 resolves several upgrade and user-experience issues we have seen with the initial Kodi v17.0 release, and happiness is enhanced for users wearing an official LibreELEC tee-shirt or hoodie.
  • LibreELEC 8.0.1 Is Out Based on Kodi 17.1, Adds Support for Raspberry Pi Zero W
    LibreELEC developers announced the release and general availability of the first maintenance update to the major LibreELEC 8.0 stable series of the Linux-based operating system built around the Kodi open-source media center.
  • NetworkManager 1.8 to Support Handling of PINs for PKCS#11 Tokens as Secrets
    Lubomir Rintel announced that the development of the NetworkManager 1.8 major release has kicked off with the availability of the first snapshot, versioned 1.7.2, for public testing.
  • MKVToolnix 10.0.0 Open-Source MKV Manipulator Improves H.264 and H.265 Parsers
    MKVToolnix developer Moritz Bunkus released a new major branch of his popular, open-source and cross-platform MKV (Matroska) manipulation software, versioned 10.0.0.
  • Claws Mail 3.15.0
    Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client.
  • Claws Mail 3.15 Open-Source Email Client Brings New Hidden Preferences, Bugfixes
    Claws Mail, the lightweight and open-source GTK+ based email client for Linux, UNIX, and Windows operating systems, was updated recently to version 3.15.0, a maintenance update that adds new functionalities and addresses a lot of bugs. Claws Mail 3.15.0 comes more than four months after the first point release to the 3.14 series of the application, and among the new features implemented we can mention a bunch of options that should help users configure Claws Mail when opening a selected message, such as checkboxes on the Display and Summaries page of Preferences.

Games for GNU/Linux

  • It looks like we may be getting a Planescape Torment Enhanced Edition
    Back in January Beamdog was looking for testers on a new game. Now the Planescape website has a countdown timer. It's legitimate too, as tweeted by the Beamdog and the D&D twitter accounts.
  • RTS game 'Deadhold' could come to Linux, considering an experimental Beta
    The developers of Deadhold [Steam, Official Site] want to support Linux and they are thinking about releasing an experimental Linux Beta.
  • Ten amazing Linux games you can play without WINE
    Those of us who have taken up the mantle of a Linux gamer know that our path is rarely easy. For a long time, few games were released for our chosen platform. Those that were shipped riddled with bugs, compatibility issues and rarely worked out of the box. Getting games to work require using WINE and deeply complex almost arcane workarounds to force windows games to work on our quirky systems. Unfortunately, games rarely worked well and usually required hours of complex tweaking in order to get them to function properly. To top this all of, there were graphics driver problems, optimization issues, peripherals rarely worked out of the box and our lives were generally difficult.

Ubuntu-Based LXLE 16.04.2 Gets an RC Build, Promises to Be the Best Release Ever

LXLE 16.04.2 is on its way to becoming the best release ever of the Ubuntu-based distribution built around the lightweight LXDE desktop environment, and it just received a Release Candidate (RC) build. Continuing to get all the goodies from Ubuntu 16.04.2 LTS (Xenial Xerus), LXLE 16.04.2 Release Candidate is here only two weeks after the last Beta milestone, and adds quite a bunch of improvements and bug fixes. These include a reconfigured menu layout to be less cluttered for navigation, and a revamped Control Menu to act as a dynamic Control Panel. Read more

These Are the Default Wallpapers of the Ubuntu 17.04 (Zesty Zapus) Linux Distro

Ubuntu member Nathan Haines is proud to inform Softpedia about the availability of the new community wallpapers for the upcoming Ubuntu 17.04 (Zesty Zapus) operating system. Ubuntu 17.04 just got its Final Beta release at the end of last week, and now that Final Freeze stage is approaching fast, it's time for us to have a look at the default wallpapers shipping with the final release, which have been contributed by various artists and photographers from all over the world. Read more