• United States

Mailbag: Is Linux safer than Windows?

Apr 19, 20042 mins
Enterprise ApplicationsLinuxMicrosoft

* Readers weigh in on the Linux vs. Windows safety debate

Here’s a truism for you: start a Linux vs. Windows conversation among open-source denizens, and the emotions will bubble. This was evident last week when we introduced two reports that compared the security and TCO of Linux vs. Windows in enterprise deployments.

The first newsletter reported some findings by Forrester Research, which did a study on how many security vulnerabilities were reported in software from Microsoft and four leading Linux vendors, and how quick it took these vendors to come up with patches. It was found that Microsoft took the shortest time to issue patches (23 days), while some Linux vendors took more than twice as long.

One reader says that the lag time for Linux patches is exaggerated, from his personal experience.

“I have been using Linux as my desktop since 1997 [and] I have noticed Linux problems are usually fixed within hours of when they are found, not weeks or months. Personally, I don’t [think] there is a study group that is not influenced by [Microsoft].” (Microsoft was not a participant in the Forrester study.)

Another reader says he had conducted his own research to the contrary of Forrester.

“I actually recently conducted a formal academic study, which included this topic,” he writes. “In general, I found that Microsoft appeared to have faster response times [to bugs], however there was a difference in the typical type of vulnerability and the type of disclosure. From the data (a combination of ICAT, Secunia, and Bugtraq), it seems that Microsoft often received the benefit of being notified prior to public disclosure of the bug. Clearly, this is not often the case for Linux software. Due to the nature of [open source] software, discretely informing [an open source software vendor] without the public being informed is unlikely. In addition the availability of source code makes it harder to not disclose the bug, because other people are able to review the code.”

And finally, another reader was more blunt.

“I mean, really, given how many patches Microsoft has to put out each month or year they should be pretty good at it!”