Comparing Security in UNIX and Windows Hosting
The Security Debate
If you read anything at all that compares hosting platforms, you’re going to run into the statement, “UNIX is more secure than Windows.” The problem is that most treatments on the topic stop there and don’t explain why this is true or what measures can be taken to make Windows more secure. Worse yet, when arguments defending Windows do appear, they tend to be vague in nature and contain little to no verifiable facts.
Now, there’s a good reason why it’s not easy to find a lot of statistical information on which hosting platform is more secure. There are no global measurable standards that can be used to answer the question. Should one consider the quantity and frequency of security patches, the number of successful directed attacks, the inherent design of the system, or other completely different factors? Although the term “security” sounds very official and precise, there really isn’t a consistent definition of the concept as it is applied to operating systems.
To make matters worse, there are large groups out there in Computerland who approach the operating system debate like it’s a college football game. There’s so much cheering and rooting for the “home team”, that it can be pretty difficult to listen beyond the noise and find out what the real scoop is.
Before giving up entirely on the question, it should be noted that there are several independent organizations that do classify and compare operating systems using a standard set of criteria. Each of these organizations has its own methodology and standards, so it‘s still hard to give a global answer to the question as to which operating system is more secure and support that conclusion with irrefutable data. However, as a means for comparison, these standards are far more reliable than the general water cooler talk on which way too many people base their beliefs.
Common Criterion
Although it has received some criticism from select groups, the Common Criterion project is an international set of standards that evaluates operating systems and other products and assigns a pre-defined security rating. If you check out these ratings, you’ll find that Windows Server 2003 has the same assurance level as various versions of UNIX and Linux.
Granted, this designation doesn’t mean that the systems are equally secure. Rather, it means that they’ve all met the security guidelines needed to receive this particular level of assurance. It’s also important to note that this evaluation is based on testing the system while using a specified configuration. If a different setup is chosen, the designation may no longer apply.
The Bottom Line
So, have we answered the question as to which hosting platform is more secure? Not really. In fact, due to general design issues that are far beyond the scope of this article, I’ll confess that I believe UNIX and its derivatives to be more secure despite the fact that I’m a Windows user. So, if you’re choosing a hosting platform based on security alone and have no other needs, it’s tough to argue against UNIX.
However, this is seldom the case. Most of us have other requirements that need to be met, and Windows hosting can really shine in these categories. If this is the case, the question really becomes one that asks if Windows is secure enough to warrant taking advantage of these other benefits. Assuming that you do the research and pick a provider with experience and competence, which we’ll talk more about later in this series, you shouldn’t have to worry.
This post is part of the series: UNIX vs. Windows Hosting: Things to Know Before Choosing a Web Hosting Plan
This series of articles takes a look at the advantages offered by Windows hosting plans in addition to discussing the relative differences between UNIX/Linux and Windows web hosting solutions.
