When you want to really judge the security of an Operating System (OS), you don’t ask Microsoft to “Get the facts”, as they will most likely just pay a company to research defined on criteria that they (Microsoft) probably provided or outlined to ensure they get the answer they want you to get. You likewise don’t ask Linux zealots as their answer is likely to be more emotive then factual. So what do you do? Well, I’d ask guys working at the front lines, the guys that deal with OS security on a day to day basis.
With that in mind, Bzresearch has done just that, they asked 6,344 development managers, and the answer they got makes for good reading. These 6344 folks are not trying to sell anything, they are not trying to convince you of anything, they are just stating the facts as they see them. Ironically what they are saying is in almost direct contradiction to what Microsofts “Get the facts” campaign has been touting. Why do you suppose that is? I should point out that I was unable to find out if the research was funded or not and if it was, by whom. But since Bzresearch sell their research for some significant $$$, I’m guessing they funded themselves. (Please correct me if I am wrong). You might also find this article interesting for the same reasons.
Recently I’ve had a need to start researching a new distro to take over as our primary web server as the old one is approaching the end of it’s supported life span. After much looking around, I decided on CentOS 4 which is 100% RedHat Enterprise Linux 4 (RHEL) binary compatable. In fact CentOS is basically all of RedHats source RPMs compiled and with RH’s trademarks removed. So you get the benefits of Redhats Enterprise linux offering, without the rather expensive subscription price tag. I’ve been using Linux since before Redhat 4 and as such I don’t require hand holding, so the RHEL support is not something I need, so CentOS fills my needs rather well. RHEL4/CentOS includes SELinux to tighten security even more, and on top of that I’ll be employing VSFTP/TLS for remote logins and the mod_security Apache plug-in to watch everything coming in ports 80 and 443. I’d put that sort of security up against a Windows server any day. CentOS is fantastic for both the Open Source community and for Redhat. For the users, CentOS gives us an enterprise tested Open Source Linux distribution, and for Redhat they get to show they really are a full Open Source company and refute the claims Sun has been levelling at them of late. From my perspective, it allows me to have a fast, stable and secure Operating System at a price I can afford.
