- Joined
- 8 Apr 2005
- Messages
- 16,950
This is a good insight on this topic as well....
http://interviews.slashdot.org/article.pl?sid=06/01/26/131246&from=rss
How is it that OpenBSD is able to be so secure by design with so few resources and yet all of Microsoft's resources cannot stem the tide of security problems that impact everyone, including those of us who do not use Microsoft programs?
Nash: First, I should say that OpenBSD includes a relatively small subset of the functionality that is included in Windows. You could argue that Microsoft should follow the same model for Windows that the OpenBSD Org follows for their OS. The problem is that users really want an OS that includes support for rich media content and for hardware devices, etc. So while OpenBSD has done a good job of hardening their kernel, they don't seem to also audit important software that are used commonly by customers, such as PHP, Perl, etc. for security vulnerabilities. At Microsoft we're focusing on the entire software stack, from the Hardware Abstraction Layer in Windows, all the way through the memory manager, network stack, file systems, UI and shell, Internet Explorer, Internet Information Services, compilers (C/C++, .NET), Microsoft Exchange, Microsoft Office, Microsoft SQL Server and much, much more. If a software company's goal is to secure customers, you have to secure the entire stack. Simply hardening one component, regardless of how important it is, does not solve real customer problems.
Second, it is not completely accurate to say that OpenBSD is more secure. If you compare vulnerability counts just from the last 3 months, OpenBSD had 79 for November, December and January compared to 11 for Microsoft (and that includes one each for Office and Exchange - so really 9 for all versions of Windows). I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true.
http://interviews.slashdot.org/article.pl?sid=06/01/26/131246&from=rss