[kwlug-disc] Security arguments

Raul Suarez rarsa at yahoo.com
Tue Sep 22 10:26:02 EDT 2009


I made the mistake of making an of the cuff remark regarding web server security without doing my homework.

One of the arguments from Khalid in his Apache presentation was that there were more Apache servers but still more attacks on windows servers, disproving the theory that Linux is not attacked because it just has a low market share. What I understood was that the IIS breaches were more frequent and more public and I took that understanding at face value.

Of course I may need to eat my hat as this person brought up this link,


I've said in the past that facts should trump FUD and I've tried to be very objective when talking about Linux to maintain credibility but now I feel that that link breaks one of my "strong" arguments.

I know that facts and interpretation of the facts aren't always the same thing. Even facts could be perceived differently depending on the angle you look at them at.

Up until now I've been convinced by what I've seen that Linux is safer than Windows but my Linux experience is on the desktop. Now I realize that I've extrapolated that to servers without having first hand experience.

The question is clear and open: 

What are the facts, hopefully statistically based, that prove that Linux Web servers are safer than Windows Web servers?
Or even that Apache is more secure than IIS?

I think it's a valid question and one that may help us better position our arguments in favour of Linux.
Raul Suarez

Technology consultant
Software, Hardware and Practices
An eclectic collection of random thoughts

Make your browsing faster, safer, and easier with the new Internet Explorer® 8. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/

More information about the kwlug-disc mailing list