So, by now everybody and their brother has seen the MSFT funded report discussing the "most secure" OS that is Microsoft Windows. I'm not sure that I buy all the hype about the report being biased; the methodology is extremely transparent, and I would argue that it's pretty sound. On the other hand, there is quite a bit more software included in RedHat than in MS Windows (more software would lead one to conclude that there would be more security issues.)
Here's what I do think is interesting; as an exercise to the reader, do a vanilla install of WhiteBox Linux "Liberation" (or RedHat if you have a license.) Now, log in for the first time and use the "up2date" utility to install all the applicable patches (including the kernel patches.) Now reboot and notice how the machine grinds to a screeching halt during the boot process; I've done this exercise enough times in the lab to know that the default "patching" process toasts the machine (at least on the hardware in my lab.) In all fairness, this never happened to me on Windows (AutoUpdate patches the machine, it reboots, no troubles.) In fact, Solaris 2.6, 7, 8, 9 and now 10 all patch themselves without headache. I'm not going to be first in line to say that Microsoft is secure or anything, but I'm not going to say RedHat is either...
Posted by Ed at March 25, 2005 11:09 AM