Security: Windows vs. Linux

The debate rages on this topic, at levels of passion usually reserved for religious or political discourse. As, admittedly, a completely biased Microsoft employee, I generally try to steer clear of the emotionalism and keep the conversation focused on facts. A great place to get those facts, is www.Microsoft.com/getthefacts . Here you can find links to downloads of third party non-commisioned reports by respected independent groups like Forreter and IDC that demonstrate the greater security, reliability and lower total cost of ownership of the Windows Server Platform.

Additionally, two Florida based independent researchers, one a Linux guru, the other a Microsoft advocate, recently went head to head Window vs. Linux on Security. The Seattle Times reported their findings and you can read the article at https://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html . Thanks to my colleague Chris Smith for this link.

From the Seattle Times piece "They compared Windows Server 2003 and Red Hat Enterprise Server 3 running databases, scripting engines and Web servers (Microsoft's on one, the open source Apache on the other).

Their criteria included the number of reported vulnerabilities and their severity, as well as the number of patches issued and days of risk — the period from when a vulnerability is first reported to when a patch is issued.

On average, the Windows setup had just over 30 days of risk versus 71 days for the Red Hat setup, their study found. "

People were shocked to discover that, according to this independent third party research, when a security vulnerability is identified, as they are in both Operating Systems, the fix on the Linux side takes nearly twice as long on average as the fix from the Windows side. You may ask, how can that be? With Linux's open source there must be thousands and thousands of programmers around the globe working to fix the holes, how can Microsoft get it done in half the time?

The answer is simple: there aren't thousands and thousands of developers around the world working to improve the Linux code-at least not on a consistent or full time basis. The code is open source, it's no one group's responsibility.

At Microsoft we have dedicated teams, with hundreds of developers, whose expertise and resources can be marshalled and tasked with the job of securing the code. These guys are the unsung heroes, they will work literally around the clock when the call goes out; writing code, testing, rewriting and testing again and not stop until the work is complete. 

That's why Windows will always respond to the security challenges of the 21st century faster, more completely and with a higher confidence level than our competitors. But don't believe me-go get yourself the facts. 

"My other server is your Linux box"---from a controversial T-shirt