[PLUG-TALK] Happy Anniversary

Steve Schieberl wingsuit at gmail.com
Thu Feb 24 01:42:37 UTC 2005


A year ago, I wrote to Zach at Willamette Week in response to his
article on Linux.  He admitted to writing it without having consulted
any Windows experts, and published info passed onto him by the PDX
penguins.  It was a communication between him and me, but I allowed
him to edit down and publish my e-mails in the form of a "Letter to
the Editor":

http://www.wweek.com/story.php?story=4813

This post, by Galen Seitz, appeared on this list shortly thereafter:

> There is a letter in this week's edition of Willamette Week which is
> critical of Linux, and very much needing a response.  I am wrapped
> up in a family health crisis, but I hope that some/many of you will
> find some time to respond.

This is just silly.  You should be ashamed.  I'm such a sweetheart,
and you guys conspired against me.  Bad penguins.  To start, my letter
was not critical of Linux.  It was rectifying some of the one-sided,
untrue comments against Microsoft's products.  There was a response
that argued the prices I'd listed (I wrote street prices, whereas the
Raymond L. Robert wrote MSRPs), and issued some mild personal attacks.
 Note that the author of the article I contested is the same person
who had my letter published.

I'm not trying to convert anyone, and I won't criticize anyone for
using any OS.  I have SUSE (FreeBSD before that and Red Hat before
that) and XP on my box at home.  We all have our reasons for operating
a computer the way we do.  Contrary to the belief of many on this
list, I have mine.  Here's some background (so you don't have to rely
on Google's scarce results that have little or nothing to do with me)
and what's happened since the coup:

My thoughts are not unfounded, as was insinuated.  I have more
experience writing PHP and working with Linux servers than Windows and
.NET.  Even in 2004 (after writing that letter), I developed
mcmenamins.com and audioprecision.com (and its online CRM) in
PHP/MySQL, on Linux running Apache.  The development, debug, and IT
time (especially when it comes to security) is significantly more with
Linux than Windows.  We've never had a Windows server get hacked, but
a client from last year, running Linux, was hacked (not via the site),
and some important documents were compromised.

Using Active Directory for every aspect of the system doesn't have the
holes that are inherent in the pieced together environment of
Linux/Apache/MySQL/PHP, which don't perfectly align.  Note that a
Gauntlet from last year proved that any Linux server running PHP and
MySQL on Apache could be compromised.

One year later, the two claims I made in my letter, based on my
experience, have been proven on a much grander scale.  One is that
Windows is (at least can be) more secure than Linux.  The other is
that the total TCO will be less with Windows.

At the RSA Conference 2005 (http://2005.rsaconference.com/), an
undeniable amount of hard data was presented.  Windows had ten less
vulnerabilities reported per month and were repaired, on average, 31
days sooner than Linux vulnerabilities.  The study was funded equally
by both Sun and Microsoft.  It was instigated by Richard Ford of FIT,
who had anticipated (and wanted) a win by Linux
(http://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html).

Independent studies by major research groups Forrester, Bearing Point,
and IDC all showed that the Total Cost of Ownership (TCO) of Windows
servers (both web and internal) was up to 40% less than the same
number of similarly configured Linux servers used for the same
purpose.

A year ago, if I mentioned Windows vs Linux security, I'd receive
links to news articles about viruses, as if Linux was immune.  The
tables are turned right back around for 2005:

http://www.pcmag.com/article2/0,1759,1767806,00.asp (note that Windows
does not appear in the top 5 security threats of the week)
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1061030,00.html

Now that Linux is getting targeted more and more, long-standing
vulnerabilities are popping up left and right.  AV companies are
stepping in to the rescure.

Even penguins need to come up for air every now and then.  Respect my gangsta.

- Steve Schieberl



More information about the PLUG-talk mailing list