Rant 2006-03-10: Linux unpatched's better than Windows unpatched

Notes before reading:
*For an explanation on how this rant is organized, please: read this.
*This rant is posted in this thread.
*The discussion is about an article that is about a study that tested the security of unpatched version of different OS'es, including Windows 2000 Server, XP Profesional, 2003 Server, Red Hat Entreprise Linux 3, and SuSE Linux 9 Desktop in which Linux came on top.
-SP is Service Pack, usually followed by a number indicating the consecutive version of it's installment. Windows 2000 has up to SP4 and XP Professional has up to SP2 (SP3's for XP is coming, but don't hold your breath).
-Many pro-Windows users were argumenting that the comparison was unfair because Windows 2000 Server and XP Professional were released very long before the Linux OS'es and their usual use is with their respective service packs installed which provide a lot of added security.
-The #9 remark on the beginning is the unstandardize way to reply to a given post in ActiveWin; #9's a post by someone by the name of chris_kabuki that proved by bibliography that the comparison between Windows 2003 Server and the Linux OS'es was in fact fair.

#9 ja, chris_kabuki beat me to it, jeje. Thanks, though, I've wouldn't thought on putting the different patches between the releases =).

The point of the article was to see the behaviour of unpatched OS'es security wise, but I have to admit: to throw Windows 2000 without SP4 (which came out in June 2003, http://en.wikipedia.org/wiki/Windows_2000) and Windows XP Professional without at least SP1 (which came out September 2002, http://en.wikipedia.org/wiki/Windows_xp) was very unfair for both of them. But, to include these two with those service packs would be a bit incongruent for this study: SP4 it's a patch for Windows 2000 as SP1 is for XP, so the whole point of seeing the behaviour of UNPATCHED OS'es would be lost. Then again, it's still unfair to observe the behaviour security wise of an OS in an obviously unsecure state compared to others that were released almost five years later obviously having being pre-patched against all the illnesses that were wreaking havoc before they arrived. Nevertheless, if you take out the comments about these two OS'es, there still lies Windows 2003 which is in a very fair position compared to the others (explained in chris' post).

Although for me is quite surprising that Windows XP Professional lasted almost as long the 2000 Server edition, which I've used many times to put up small file sharing servers inside BSD protected LAN's. I'll probably switch to Windows XP Pro, jeje.

User fanboys should be glad, though. It's a good "patch yer machine up!" article to make more XP users stop ignoring the Windows Update bubble in their system tray.

No comments: