Can it be true? Is a Windows server more secure than Linux? Common technical opinion tells us this cannot be. So, when I read this article from The Seattle Times (and Slashdot), I was astounded.
Two Florida researchers presented their findings to an RSA Conference of computer-security professionals. Apparently, one was a Microsoft enthusiast, the other Linux. My first thought was that this was another Microsoft sponsored study, so that is obviously not the case. Comparing Windows Server 2003 and Red Hat Enterprise Server 3, their research computed a metric called days of risk described as “the period from when a vulnerability is first reported to when a patch is issued.” The researchers found that on average the Windows server configuration had just over 30 days of risk versus 71 days for the Red Hat configuration.
This is obviously going to be very controversial. Hopefully, though, more objective studies like this one will be performed to spark constructive debate on the topic.
Additional resources:
Linux fan concedes Microsoft is more secure
Study finds Windows more secure than Linux (Mikehall’s Embedded WebLog)
Windows More Secure Than Linux? (Say Anything)