A study sponsored by Microsoft pointed out that websites that operate on Linux face more risks than Windows.
The study released on Tuesday said that last year's Windows Server 2003-based network server patched fewer vulnerabilities than the standard open source Red Hat Enterprise Linux ES 3.
The study also pointed out that Microsoft's web server's "days of risk" is much less than open source competitors - risk day is a measure of known, unpatched vulnerabilities Methods.
"The purpose of this research is to think twice and ask everyone to be safe about which platform." Herbert Thompson is the Director of Research and Training at Security Innovations, a security applications company. One of the three authors of the report, he said so. In general, people always think that Linux is safer than Windows.
This report was controversial when it was released last month at the RSA Conference Information Security Conference. Some of the comparative studies that were safer for Windows and Linux have also caused heated discussions.
"We think this is not true," Mark Cox, head of Red Hat's security response team, told the recent research report on the company's website blog on Tuesday. He pointed out that the report does not distinguish between "critical" and less dangerous ones. If it is calculated separately, it will be more beneficial to Red Hat.
In addition to answering on the blog, Red Hat is not willing to comment on this report.
Vulnerability is a calculation
In this study, the researchers calculated the published vulnerabilities that each network server was patched in in 2004. In addition, the risk days are aggregated—the total number of risk days after the vulnerability is exposed and the software developer fixes the vulnerability.
Servers using Red Hat Enterprise Linux ES 3 have a risk day of more than 12,000, while Microsoft has about 1600 days, the study said.
In terms of leakage, the Red Hat network server with Apache Web server, MySQL database, and P HP scripting language is factory set to handle 174 vulnerabilities, the study pointed out. There are 52 vulnerabilities in the factory settings of Microsoft Server 2003, Internet Information Server 6, SQL Server 2000, and ASP.Net.
The researcher also studied the minimization of the two, which is to compare some applications that are not related to webpage servos. In this case, Microsoft still easily defeated Red Hat Linux software with 52 vulnerabilities. 132
Red Hat's Cox refuted the study in a blog post.
"Without Microsoft or Red Hat's strict standards, only 8 vulnerabilities in Red Hat Enterprise Linux 3 are dangerous," he wrote. "And three out of these vulnerabilities." It is usually repaired in one day, usually eight days."
In general, a "dangerous" level of security breaches may allow hackers to remotely control a computer system. The study divided the vulnerability levels into three levels: high, medium, and low. The "high" dangerous level includes Red Hat and Microsoft's "critical" ("dangerous" or "significant"), as well as vulnerabilities that allow regional users to gain access to system functions. According to the report, Microsoft's "high-risk" vulnerabilities are much less, whether in the original settings or in the minimized settings.
But researchers acknowledged that Microsoft funded the study. Microsoft’s press release on Tuesday also pointed out that the report is part of Microsoft’s Get the Facts campaign, which aims to highlight the benefits of Windows software.
"When Security Innovations proposed a software security approach to Microsoft, we evaluated it and found it useful to our customers, so they sponsored their research," Microsoft said in a press release. “We encourage our customers to test and evaluate the information in their own computer environment.”
In addition to Thompson, the other two authors of this research report are the Florida Institute of Technology. Richard Ford, a computer science professor, and a security test engineer at Security Innovations. They hope to publish research methods in the research report to counter criticism from all sides.
"The design of the research method allows others to verify it on its own -- it must be quantified and repeatable," Thompson said. "We are not giving a piece of cake. We also provide a cake."
Although the calculation of risk days and vulnerabilities cannot be used as a true measure of safety, Thompson said that they want to focus on On indicators that are meaningful to system administrators. He alleges that the total amount of time to wait for a vulnerability is a fairly reasonable calculation.
However, Thompson admits that most of the security depends on the professionalism of the administrator.
"I think, for a capable administrator, both operating systems are fairly secure," Thompson said. "If I have a Linux expert, then I would like this person to help me with the Linux web server; if I am a Windows expert, then of course I will use Windows.
without splitting the hard disk Installing Linux is a bit scary for novices: partitions and some ma
got a long time (about 3 days), and finally got through. At first I wanted to give up but slowly beg
1.LinuxOSVersion:RedHat AS 52. Network Environment Settings: Host (Linux): IP: 192.168.1.1 NetMark:
RedHat Linux provides firewall protection for increased system security. A firewall exists between y
Teach you to query the time when installing Win7 system
How to use the Linux operating system Rar compressed file package
Linux centos shutdown and restart command detailed and actual
Linux operating system three ways to configure environment variables
Linux remove garbled files and folders (support batch) method
Linux File Sharing - Process and Open File
Vim common commands and transformation to IDE
Linux user disk space restrictions Brief description