or rather, let Paul Thurrott do that :) This is a follow-up to an earlier posting of Paul"s, "Windows More Secure Than Linux? Yep!"
Heres what Paul says in his follow-up: When a reader forwarded me the BugTraq link about OS vulnerabilities last week, I knew it was fascinating information that had to be discussed here in some capacity. But given that BugTraq"s 2001 data was still incomplete, and some curious disclaimers about skewed results, I felt it was best to stick a mention of it in Short Takes, an admittedly irreverent end-of-week send-off that we"ve been publishing here for a couple of years in a blatant attempt to have a little fun. Maybe it shouldn"t surprise me (though it did), but last week"s Short Takes made the Slashdot forums yesterday, causing hundreds of responses from a bitter Linux crowd, eager to pick it all apart.
And that, folks, is what happens when you challenge assumptions. I"m not really trying to make a blanket statement here at all. For example, generalities (like "Windows is more secure than Linux") are barely defensible. But then WinInfo Daily UPDATE readers know how I feel about Microsoft security--heck, I made it my top story of 2001--but Slashdot readers, seeing that one blurb, do not. What I am trying to say is that Linux is not more secure than Windows. It"s impossible.
What I"d like to know is why people can so blindly accept these generalities. There"s nothing but anecdotal evidence to support Linux security and reliability claims ("my Linux server has been running non-stop for two years," a typical Linux hacker will gush). But Linux is not used on nearly as many real world systems as Windows. It"s not the obvious target that Windows is, day after day. And yet, somehow, Windows, this most insecure of operating systems, boots up every day and just works. It gets the job done, and companies are betting their entire businesses on it. If it was really that insecure, that wouldn"t be the case.