In its first annual Security Issues Survey, Huntington, N.Y.-based BZ Research made a strong case for Linux security in the server space, as the operating system was found to top rival Windows consistently on a variety of fronts.
The survey polled 6,344 software development managers about the security of popular enterprise operating environments and Linux and open source consistently topped Microsoft Windows, according to respondents.
Respondents consistently gave Linux higher marks for security than Windows, with client operating systems and applications seen as most susceptible to security exploits.
The survey also explored the use of security vulnerability assessment and testing tools. Most respondents saying their organizations don't do enough testing and that they plan to do more.
Asked to rate the security of server operating environments against operating system related hacks and exploits, Windows Server fared worst by far. Some 58% rated Windows Server very insecure or insecure versus 13% for Linux.
On the positive side, some 74% of respondents rated Linux secure or very secure versus only 38% for Windows Server.
Asked about the security of operating systems against application-related hacks and exploits, Windows Server was again rated poorly as 58% of respondents rated it as very insecure or insecure versus 18% for Linux.
While the report could be viewed as a boon for Linux and open source, and a thorn in the side of Microsoft, some in the security industry believe it's only a matter of time before the thousands of exploits and virus attacks experienced by Windows each year spill over onto the Linux side.
Steven Sundermeier, vice president of products and services for the Medina, Ohio-based Central Command Inc. said that his company has found just as many Linux vulnerabilities and exploits as there are in Windows. But the big difference, he said, is that the virus writers see more monetary opportunities in producing malicious code for market leader Microsoft.
"The tech administrators are also getting the same sort of [security] bulletins for the Linux environments, but these are not being readily exploited," Sundermeier said.
Sundermeier said customers always ask why there are hundreds of thousands of Windows based signatures, and wonder why there aren't any in the Linux environment. The truth, he said, is that is not necessarily the case.
"[Linux exploits] have been known to circulate in the wild, but they do not infect the masses because there is no standardization on Linux kernels, modules and so forth," Sundermeier said.
Bryan Tidd, the IT director for the City of Canton, Ga., agreed with the BZ Research report in that he believed Linux to be the more secure operating system.
"Out of the box, Linux is more secure and the installation of features or packages is more granular with Linux," Tidd said. "Any operating system can be hacked and attacked, but Windows Servers get the brunt of hacks. Microsoft just has a big target on it and it will stay there until there operating system and server products come out of Redmond tighter and when they can win security assurance at install."
Open source software also faired well in the survey. The majority of survey respondents believed it was a clear winner over proprietary alternatives in the areas of desktop/client operations, Web servers, server operating systems and components and libraries.
Proprietary software was said to be more secure than open source in only one category, database servers, while the results were statistically the same in three categories: desktop/client applications, server applications and application servers.