Where can I find infomation on a comparison of the security on a Linux server vs a Microsoft server?

Where can I find infomation on a comparison of the security on a Linux server vs a Microsoft server Asked by jmrire 46 months ago Similar questions: find infomation comparison security Linux server Microsoft Computers > Hardware > Desktops & Laptops.

Similar questions: find infomation comparison security Linux server Microsoft.

The first two sites I have listed for you are VERY informative on this subject. The third is the wikipedia comp. Security Report: Windows vs LinuxAn independent assessmentBy Nicholas Petreley?

More by this authorPublished Friday 22nd October 2004 07:26 GMT--------------------------------------------------------------------------------Improve IT Culture and employee satisfaction in your business - Sign up for the latest RegCast here Executive Summary Busting The Myths Myth: There's Safety In Small Numbers Myth: Open Source is Inherently Dangerous Myths: Conclusions Based on Single Metrics Windows vs. Linux Design Windows Design Windows has only recently evolved from a single-user design to a multi-user model Windows is Monolithic by Design, not Modular Windows Depends Too Heavily on the RPC model Windows focuses on its familiar graphical desktop interface Linux Design Linux is based on a long history of well fleshed-out multi-user design Linux is Modular by Design, not Monolithic Linux is Not Constrained by an RPC Model Linux servers are ideal for headless non-local administration Realistic Security and Severity Metrics Elements of an Overall Severity Metric Overall Severity Metric and Interaction Between the Three Key Metrics The Exception To The Rule Applying The Overall Severity Metric Means Of Evaluating Metrics Exposure Potential Exploitation Potential Damage Potential Overall Severity Risk Additional Considerations Application Imbalance Setup and Administration A Comparison of 40 Recent Security Patches Patches and Vulnerabilities Affecting Microsoft Windows Server 2003 Patches and Vulnerabilities Affecting Red Hat Enterprise Linux AS v.3 CERT Vulnerability Notes Database Results References Footnotes Executive SummaryMuch ado has been made about whether or not Linux is truly more secure than Windows. We compared Windows vs. Linux by examining the following metrics in the 40 most recent patches/vulnerabilities listed for Microsoft Windows Server 2003 vs. Red Hat Enterprise Linux AS v.3:The severity of security vulnerabilities, derived from the following metrics: damage potential (how much damage is possible? ) exploitation potential (how easy is it to exploit?) exposure potential (what kind of access is necessary to exploit the vulnerability?

) The number of critically severe vulnerabilities The results were not unexpected. Even by Microsoft's subjective and flawed standards, fully 38% of the most recent patches address flaws that Microsoft ranks as Critical. Only 10% of Red Hat's patches and alerts address flaws of Critical severity.

These results are easily demonstrated to be generous to Microsoft and arguably harsh with Red Hat, since the above results are based on Microsoft's ratings rather than our more stringent application of the security metrics. If we were to apply our own metrics, it would increase the number of Critical flaws in Windows Server 2003 to 50%. We queried the United States Computer Emergency Readiness Team (CERT) database, and the CERT data confirms our conclusions by a more dramatic margin.

When we queried the database to present results in order of severity from most critical to least critical, 39 of the first 40 entries in the CERT database for Windows are rated above the CERT threshold for a severe alert. Only three of the first 40 entries were above the threshold when we queried the database about Red Hat. When we queried the CERT database about Linux, only 6 of the first 40 entries were above the threshold.

Consider also that both the Red Hat and Linux lists include flaws in software that runs on Windows, which means these flaws apply to both Linux and Windows. None of the alerts associated with Windows affect software that runs on Linux.So why have there been so many credible-sounding claims to the contrary, that Linux is actually less secure than Windows? There are glaring logical holes in the reasoning behind the conclusion that Linux is less secure.

It takes only a little scrutiny to debunk the myths and logical errors behind the following oft-repeated axioms:Windows only suffers so many attacks because there are more Windows installations than Linux, therefore Linux would be just as vulnerable if it had as many installations Open source is inherently less secure because malicious hackers can find flaws more easily There are more security alerts for Linux than for Windows, therefore Linux is less secure than Windows There is a longer time between the discovery of a flaw and a patch for the flaw with Linux than with Windows The error behind axioms 3 and 4 is that they ignore the most important metrics for measuring the relative security of one operating system vs. another.As you will see in our section on Realistic Security and Severity Metrics, measuring security by a single metric (such as how long it takes between the discovery of a flaw and a patch release) produces meaningless results. Finally, we also include a brief overview of relevant conceptual differences between Windows and Linux, to offer an insight into why Windows tends to be more vulnerable to attacks at both server and desktop, and why Linux is inherently more secure. Busting The MythsMyth: There's Safety In Small NumbersPerhaps the most oft-repeated myth regarding Windows vs. Linux security is the claim that Windows has more incidents of viruses, worms, Trojans and other problems because malicious hackers tend to confine their activities to breaking into the software with the largest installed base.

This reasoning is applied to defend Windows and Windows applications. Windows dominates the desktop; therefore Windows and Windows applications are the focus of the most attacks, which is why you don't see viruses, worms and Trojans for Linux. While this may be true, at least in part, the intentional implication is not necessarily true: That Linux and Linux applications are no more secure than Windows and Windows applications, but Linux is simply too trifling a target to bother attacking.

This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, 1 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS.

If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities. Yet this is precisely the opposite of what we find, historically.

IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful. The Code Red worm that exploited a buffer overrun in an IIS service to gain control of the web servers infected some 300,000 servers, and the number of infections only stopped because the worm was deliberately written to stop spreading. Code Red.

A had an even faster rate of infection, although it too self-terminated after three weeks. Another worm, IISWorm, had a limited impact only because the worm was badly written, not because IIS successfully protected itself. http://www.theregister.co.uk/security/security_report_windows_vs_linux/Viruses and Spyware (Last updated March 2005)There are many types of malicious software programs.

The most common types are referred to as Viruses and Spyware. Spyware has become a generic term, much like "Xerox machine" (which is taken to mean any copying machine, not just those made by the Xerox corporation). The term "Spyware" now refers to a whole host of malicious software such as worms, Trojans, dialers, keystroke loggers, browser hijackers and, of course, actual Spyware.

The vast majority of all malicious software (of all types) runs on Windows. I don't know the actual percentages, but it wouldn't surprise me if it was 98% or so. Spyware on Windows has become such a problem that Microsoft purchased an anti-Spyware software company and released their product as the Microsoft Anti-Spyware program in early 2005.As this is written the product is still in beta form, but Microsoft has stated that it will be free even when complete.

In my opinion, Spyware is the worst problem effecting Windows based computers. In addition to running an anti-virus program constantly, Windows users also need an anti-Spyware program constantly running in the background to protect them. http://www.michaelhorowitz.com/Linux.vs.Windows.htmlSecurityTo determine what constitutes secure software, working backwards from insecurity is illuminative.

The ideal software to encourage the creation of malware has several characteristics. It should be:Widely used, to maximize the number of those who could be infected, and the likelihood that infected systems will contact others able to be infected Slowly patched, to maximize the time the malware remains effective, and minimize development effort for new malware Monolithic with no compartmentalization of components, to maximize the damage malware can do To discourage the creation of malware and reduce its impact, software should therefore have a small user base, rapid updates to neutralize new threats, and a compartmentalized structure that isolates damaged sections. http://en.wikipedia.org/wiki/Comparison_of_Windows_and_Linux#Security Sources: I have included links and snippets from various websites comparing the security of both Microsoft and Linux servers.

I can answer it either way, but I'd rather give you the sort of information you're looking for.

3 Given an experienced sysadmin for each platform, they are approximately equally secure. There tend to be more exploits found for Windows and it usually takes longer for a patch to be issued. There are also far more worms/viruses/trojans for Windows than Linux.

Given an experienced sysadmin for each platform, they are approximately equally secure. There tend to be more exploits found for Windows and it usually takes longer for a patch to be issued. There are also far more worms/viruses/trojans for Windows than Linux.

" "I'm searching for a good book about Linux Internet server implementation. Does anyone can help me?" "What are the 3 latest, most powerful CPUs from Intel for mainstream desktops and laptops? How about AMD?

" "Can someone explain in detail, the process for installing a Linux Server." "is there some kind of software which could help me fix laptops? And desktops? " "i'm looking for gigabit ethernet cards for desktops and a Win Server 2003 maching.

Suggestions? " "Server wise, dose anyone else use OS X, if so why, if no why? Just looking to see where I stand in comparison." "What is the cheapest and best way to set up a linux server?

" "How do you put a Client Access License on your server and user desktops? " "tell me how to configure microsoft 2003 server?

I'm searching for a good book about Linux Internet server implementation. Does anyone can help me?

Can someone explain in detail, the process for installing a Linux Server.

I'm looking for gigabit ethernet cards for desktops and a Win Server 2003 maching. Suggestions?

Just looking to see where I stand in comparison.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.