This morning I was interviewed over the phone by Michael Cohn for a story in TechWeb’s Security Pipeline, basically an opinion interview to include with an article on a receint study that is about to be released by the Florida Institute of Technology.
Slashdot | Study Finds Windows More Secure Than Linux
“A Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers.” In addition to the Seattle Times article, there is also coverage on VNUnet. From the article: “The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, ‘Security Showdown: Windows vs. Linux.’ One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.”
Do I believe in “secure by default”? No I don’t. Why? Because you have to factor in how usable the system is by default. A computer that is locked in a room with zero network connectivity is secure by default, is it usable, not really?
Of course, depending on who you talk to (Security Report: Windows vs Linux) you will hear different things about which Operating System is more secure, I think that is not the correct way of looking at this problem. The security of you platform is dependant mostly on the skill and dilligence of the Administrator maintaining the platform. I feel that there are far more junior/novice Windows Administrators in the world and this contributes to the problem greatly.
There is no magic bullet when it comes to system security, a proper security strategy is multiple layers of overlapping and complimentary techniques and processes to protect your platform.
So which is more secure, Windows or Linux… Linux