Well, well, well. Now this isn’t what you get to see everyday. Paul Thurrott reports in his latest newsletter.
During a live duel of sorts between backers of Windows 2003 and Red Hat Enterprise Linux during the RSA Conference 2005 this week in San Francisco, a surprising victor emerged. Based on the previously agreed upon rules, Windows 2003 came out ahead, emerging as the more secure OS.
How could this happen, you ask? After agreeing to terms, backers of both OSs evaluated the security-oriented performance of Windows 2003 and Red Hat Enterprise Linux during the past year, looking at such key criteria as number of reported security vulnerabilities and the amount of time that elapsed between the public disclosure of a security flaw and the release of a fix. But doesn’t the open-source model practically guarantee that fixes are released more quickly than they are with proprietary OSs? I guess not.
Results of the competition will be released next month, but here’s the gist: Windows 2003 won every part of the competition. It had fewer flaws overall. The average time between Windows 2003 flaw reports and fixes was less than half that of Red Hat Enterprise Linux. Less than half.
Does this mean that Windows is more secure than Linux on the server? Not necessarily. But it certainly provides an interesting real-world example of why assumptions about Linux security are completely bogus, as I’ve often noted.