Purely objective information about security issues is becoming one of the scarcest commodities in the tech industry.

Share story

Purely objective information about security issues is becoming one of the scarcest commodities in the tech industry.

The researchers who caused waves at the RSA conference last month with a study that found Windows more secure than Linux finally admitted last Tuesday that Microsoft paid for the study.

Hugh Thompson at Security Innovation and Richard Ford at the Florida Institute of Technology concluded that Windows Server 2003 was safer than Red Hat Enterprise Linux 3.0 when used in basic, untweaked configurations.

They declined to mention the study’s sponsor when they previewed the research at RSA but disclosed when they posted final results Tuesday at www.securityinnovation.com. Their news release also included a supporting quote from Charles Kolodgy at IDC, another firm that has produced research used in Microsoft’s anti-Linux marketing efforts.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

Kolodgy, Thompson and Ford say the study is valuable because of the methodology used to compare the systems.

“Most of the evidence offered in a debate over the security of one operating system or application over another is anecdotal and generated from the individual user experience or the exploitation of one vulnerability,” Kolodgy said in the Security Innovation news release.


Better connections



In a recent survey, about 52 percent of respondents who have dial-up Internet connections are favorable toward upgrading to broadband, including 14.7 percent who say they definitely will do so.

Source: The Diffusion Group


“The flexibility in the approach taken serves as a foundation upon which other academic and professional research groups can build upon,” he said. “Once future research projects that build on this research are conducted, a standard can be reached by which application and operating-system security can be accurately assessed.”

While Ford and Thompson didn’t mention the Microsoft link at RSA, they weren’t shy about seeking corporate support. When a member of the audience asked them to include Apple Computer servers, they said they’d be happy to broaden the study if the company would pay for the work.

Surf check

Microsoft fared worse in another security study released last week. ScanIT, a consultancy in Belgium, said Microsoft‘s Internet Explorer was unprotected for all but one week in 2004 — between October 12 and 19, the Inquirer, a U.K. tech pub, reported.

ScanIT said IE was the most exposed browser because of the length of time between vulnerabilities becoming known and patches being issued.

The firm said IE was exposed for 98 percent of 2004. Mozilla‘s Firefox was unsafe for 56 days, or 15 percent of the year, and Opera‘s browser was unsafe for 17 percent of the year, or 65 days, the report said.

ScanIT’s home page prominently displays the logo of Sun Microsystems, a ScanIT partner and a major supporter of the Mozilla Foundation.

Worms coming?

Apple Computer also took a hit for security issues last week. Symantec reported an increase in Mac attacks and said that it had documented 37 serious weaknesses in the system.

“Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code,” the report said, according to Reuters. “It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems.”

Symantec also happens to sell software to protect Macs.

Cutting edge

Geeks will have to add another holster to their belt for a new product that may rival the functionality of the Leatherman multipurpose tool. Victorinox, maker of the Swiss Army knife, next month plans to begin selling knives with USB storage drives with up to 1 gigabyte of capacity. That’s in addition to the blade, file and pointy little scissors.

Several models, in red and blue, have an LED light as well. A 512 MB model lists for $119; the 1 gigabyte model lists for $199.

Download, a column of news bits, observations and miscellany, is gathered by The Seattle Times technology staff. We can be reached at 206-464-2265 or biztech@seattletimes.com.