Home | Products | Services | About Open Source | Publications | Contact us | About us
FAQ | Lamp | Linux 101 | Myths and Facts | Distro Timeline | Apache RTFM!
Home » About Open Source

Myths and Facts

By Jack Knight and Jim Kissel - September 2005

Myth: Windows gets attacked most because it's the biggest target in terms of numbers of users.
Fact: Actually, the biggest potential target is Apache, by far the most popular web server on the Internet, with close to twice the amount of users for IIS as of Oct 2006. Despite this, sucessful attacks on Apache are far fewer in number, and cause less damage. Whilst attacks are of course aimed at Windows because of the number of users, but more significantly because its fundamental design makes it a much easier target, and much easier for an attack to wreak havoc. Windows' features such as RPC (unnecessarily) add vulnerabilities to which Linux's design is not vulnerable in the same ways, and it simply cannot experience attacks of similar levels, or inflicting similar levels of damage, to Windows.

Myth: Open Source Software is inherently dangerous because its source code is freely available, whereas Windows' source code is closely and securely guarded by Microsoft.
Fact: This 'inherent danger' clearly has not articulated itself in terms of numbers of attacks. Windows-specific viruses, Trojans, worms and malicious programs exist in large and ever increasing numbers. The associated myth with this is that “obscurity aids security”. In fact this can actually make it more difficult for software houses to identify vulnerabilities in their own products, and can lead to weaknesses being missed due to lack of visibility. The Open Source model, on the other hand, facilitates widespread review and demonstrably makes it easier to identify and correct flaws.

Myth: Statistics 'prove' that Windows has fewer, less serious security issues than Linux.
Fact: If we sanity check this statement against the vulnerability metrics used by the highly respected and authoritative US Computer Emergency Readiness Team (CERT) data as opposed to various sponsored studies, we get a return of 250 results for Microsoft, with 39 having a severity rating of 40 or greater, and 46 for Red Hat, with only three scoring over 40. So simply making claims based on that one metric (as certain executives of proprietary software companies have been known to do) is like judging a hospital's effectiveness in dealing with emergency cardiac care from its average speed in dealing with all of its patients. It is of course in Microsoft's interest to promote such FUD.

For comprehensive information on myths and facts of Windows vs. Open Source security, see this detailed security article from The Register

So is Open Source a viable and more secure alternative to Proprietary Products? We honestly believe that it is. We have been on both sides of the fence over 20 years in the industry, and can therefore offer an objective viewpoint. We can help you with a range of professional services including assessment, planning, risk management, training, project/programme management and consulting.

To find out more about how you can benefit from Open Source Software, please contact us.