Quote:
Originally posted by BenH
And who has the largest number of patches, not including the 150 linux distros which MS loves to factor in on its FUD? And in regard to Apache (given that it mainly runs on Linux), how many patches vs IIS? AIRC the last major exploit was discovered about 18 months ago and had a working patch released within hours.
|
I do an update on my RedHat system every month or two and there are more updates than on Windows Update in the same period of time. Half of those RedHat updates are usually described as security fixes. It doesn't really indicate much either way though.
As for IIS vs Apache patches, I don't think IIS has needed a patch for some time, but I'm not going to argue IIS is better (regardless of who has the more patches) because I do prefer Apache myself anyway (running on linux).
The difference with patches is MS "fixes the barn door after the horse has bolted", which is part of the problem, whereas the linux community fixes it usually before it's an issue.
Or rather MS spends a huge amount of time and money regression testing so their fixes are not going to break systems and cost people a lot of money, whereas on linux they fix it and then fix those bugs, then fix those bugs, and you have to wait until someone comes up with a decent fix or you fix it yourself (that's the problem of open source, it's a "do it yourself or wait, test in production" strategy).
MS has often fixed the problem well before it's an issue but as soon as they make the problem public the kids go off and write their virus/trojans/worms knowing a lot of people don't patch. Add to that the fact their fix may be written but not tested so needs time for testing, that gives them time to write the stuff.