A second remote hole for OpenBSD
Posted Mar 15, 2007 23:10 UTC (Thu) by man_ls
In reply to: A second remote hole for OpenBSD
Parent article: A second remote hole for OpenBSD
I'm surprised no-one has called on this:
Generally speaking, with administrators of equal skill level and websites with similar functionality, if you setup a Windows 2003-based web server vs a Linux-based web server the Windows server is going to be more secure.
Ehm, excuse me? Windows 2003 more secure than Linux?
Let me put this into perspective. I have two machines; one I load with the latest RHEL 4, the other one with the latest Windows 2003, default install. I place both machines on the public internet without a firewall, and wait to see which one stays out of trouble for a longer time. Would you bet for the Win2k3?
Same scenario, now I place both machines behind a firewall and just expose a web server (Apache on RHEL, IIS on w2k3), static HTML. Bets?
I know I keep my main machine connected via ADSL without a firewall and have never had a successful intrusion (that I know of); this with Debian, SUSE, Gentoo and lately Ubuntu. I had something which might have been a sporadic DOS with Dapper, long gone with Edgy. Maybe things have changed a lot, but even with w2k3 I wouldn't bet to stay connected long enough to download the latest patches without getting infected.
to post comments)