Linux as Secure

With the public and trade press now able to discuss openly that Microsoft software is reliability and security challenged, it is worthwhile taking a look at the the Microsoft Get the Facts campaign. In it Microsoft maintains that that Windows 2003 server is just as secure if not more so than Linux.

Now as one who works with both Linux and Windows 2003 systems I have always found this latter claim as hard to swallow as the lowest TCO-Total Cost of Operations being foisted upon us by the very same Get the Flaps sponsored studies. Simply put, I see day in and day out Linux servers with roughly the same hardware and processing tasks outperforming Windows for reliability and security. So when two recent studies have put the question again of code reliability and security, I trotted on over and read the results.

The first is by Nicholas Petreley formerly of Infoworld and one of the earliest proponents of Linux in the IT trade press. Long and lonely were the days in the late 1990s when Nicholas tried to persuade Infoworld readers of the virtues of Linux. So at first I took this study with a grain of salt – and tended to be prepared for Linux evangelism. And there is still is that – but perusing through I could not help but acknowledge that Nicholas was constantly leaning over in favor of Windows. This report is definitely worth the read as it addresses some key inconsistencies in the Get the Flax campaign.

The second report is from Coverity(you will need to register to get access to the report), a source code analysis vendor, and revolves around error/bug analysis of the Linux kernel. Again, the analysis is most impressive and though it is not directly comparative with Windows, the study shows the Linux kernel has error defect rates nearly an order of magnitude better than most system software. The study seems to underline what I see every day – Linux and solid are not a random observation. And Coverity, which is in the business of producing error reduction software, has no incentive to sugarcoat the facts and endanger their own credibility.

So if you are in charge of an Open Source or Linux initiative at your organization, and someone is citing the Get the Flox facts use these two resources to help set the record straight.

(c)JBSurveyer 2005