Linux Security

[Jacques B.]

I read an article on the web a while back (sorry, don't have the URL
and therefore cannot vouch for it's authenticity or accuracy).  It
compared network vulnerabilities of Windows systems and Linux systems
both patched & unpatched.  They connected the systems to the web and
noted that the various unpatched flavours of Windows OS were all
compromised in short order (within hours or less I believe) whereas
the unpatched Linux flavours remained uncompromised.

However when properly patched both Windows and Linux flavours all
remained uncompromised over a period of a month.

Of course add the human factor and any OS is vulnerable.  And the more
services you have running, the more potential vulnerabilities may
exist on any OS.  I was under the impression that the tests dealt with
systems in a laboratory environment (were not used during the course
of the test other than patching and checking for compromise and such).

I qualify this because I know some will no doubt jump in and say how
this system or that system was compromised despite being patched.  Or
the OS itself was not compromised but rather a service running in the
OS, or whatever.

The short and sweet is both Linux and Windows systems have the ability
to be fairly secure in a networked environment (i.e. Internet).  The
largest influencing factor being the human factor.  Security and
usability are typically at the opposit end of the spectrum.  If
implementing of a particular security measure is too difficult for the
average user, or inhibits usability too much, it will inevitably fail
to provide the degree of security it was designed to offer.

Jacques B.