Flexibility Could Be a
Benefit or Drawback for Linux"> In the report, Security Innovation said one of the most heavily touted benefits of Linux was its high modularity and the granularity of control that administrators have over a system. "In the experiment, we found that such flexibility also leads to ambiguity for administrators in terms of paths to follow when resolving conflicts. On the Linux side, each administrator pursued vastly different paths to resolve dependency conflicts that arose when new components were installed. The result was solutions that grew in complexity and heterogeneity rapidly over time," Thompson said in the report.Multiple pathways could be both an asset and a weakness, allowing on the one hand highly skilled administrators to solve problems using greatly varied approaches, but, on the other, leading to the "personalization" of systems which could make issues like administrator substitution problematic, the report said."The Linux solutions also quickly went out of support from the both the distribution vendor and third-party solution vendors as individual components (such as MySQL) were upgraded to meet third-party solution needs," Thompson said. In contrast, Microsoft has pursued a philosophy it calls
"integrated innovation" where much of the core system functionality is incorporated with the operating system itself.
During the experiment, all Windows administrators followed a fairly homogeneous route to both install patches and apply component upgrades for the simulated changing business requirements, Thompson said in the report.
Novells Barney countered that Microsofts "integrated innovation" philosophy is "widely regarded as the primary reason Windows is an inherently insecure operating system allowing intruders to attack Windows through applications such as Internet Explorer, IIS, etc."
This integration with strong dependencies makes it possible for an intruder or worm to bring down an entire system. Integrated innovation was also generally cited as the primary reason for Microsofts schedule slips for Windows Vista and Windows Longhorn Server, he said.
To read more about Windows Vistas history of delays, click here.
"The lack of modularity meant all developers have to be concerned with all dependencies in each part of the system. Those are just a few initial observations. SUSE Linux has achieved the highest level of security of any Linux distribution, and Novells additional Linux application security and identity management offerings give customers a powerful, comprehensive security framework for Linux and mixed environments," Barney said.
Next Page: Microsoft plans to work with Novell in future.