Lies, damned lies and patches
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $97.50 (24 issues) and save more than 37% off the cover price!
Vendors can argue about platform security all they want, but there’s a simple test of a secure computer: it’s the machine that has been patched, says Kerry Thompson.
Thompson says a recent report by Forrester Research comparing the security record of Windows and Linux systems rehashes an old argument but doesn’t address whether an individual machine has all security patches installed.
Forrester concluded that Windows is not necessarily less secure than Linux. Windows flaws tended to be more severe, but Linux vendors tended to take longer than Microsoft to ship patches.
Linux vendor Red Hat was keen to argue the point, saying that Forrester was not distinguishing between response times for critical patches and less urgent fixes.
“I have seen these arguments so many times,” Thompson says. “It’s very hard to tell which is more secure and which isn’t. In my mind, they’re pretty much equal.”
However, the Linux model is more secure, he says, and Linux tends to have better cryptographic and security tools available. Windows is also more of a target for writers of malware.
Forrester’s report says both Windows and key Linux distributions can be deployed securely.
Meanwhile, the new Open Source Vulnerability Database can be found here.
