News

Analyst Firm Questions Security of Windows 2003 for Critical Applications

• By Scott Bekker
• March 01, 2004

In a new report on Windows Server 2003 security, an analyst firm argues that while Microsoft made clear progress on the security of its flagship server operating system, Unix and Linux remain better choices for mission critical applications.

The security conclusion reached by the Burton Group is based primarily on the common argument that Windows' attractiveness as an attack target makes it disproportionately vulnerable.

"Because they are not the target of many large-scale attacks, other operating systems such as Linux and Unix are more appropriate for mission-critical enterprise applications that contain sensitive data," research director Daniel Blum said in a statement.

Blum added that Linux and Unix have their vulnerabilities, too. "Consequently, using Linux or Unix does nothing to eliminate the requirement for diligent efforts to secure them against misconfiguration and attacks," he said.

The report found several positives, including centralized policy management and distributed authentication. But Burton's Blum lumped together several negatives other than large-scale attacks, including the operating system's size, complexity and continued support for interfaces such as ActiveX.

"To its credit, Microsoft has demonstrated willingness to sacrifice some backward compatibility for security," Blum said. "However, 2003's rash of successful exploits, including the notorious Blaster and SoBig attacks erased much of the good will Microsoft had begun to build with customers."