HITB GSEC Singapore (August 21st - 25th)
Register Online Now!
Linux, Windows, and security FUD
It's 2013. but the Linux FUD just keeps coming. In the most recent example, security firm Trustwave claimed that Linux kernel vulnerabilities went unpatched more than twice as long as it took to fix unpatched flaws in Windows. This assertion would be a lot more believable if it wasn't coming from a Microsoft partner.
What no one seems to have bothered to do when they reported that Linux was far more lax about taking care of so-called zero-day flaws was to see where Trustwave was coming from. Had they bothered with even a simple Google search they would have found that the company had partnered with Microsoft to bring their application firewall to Internet Information Server (IIS). In particular, Trustwave made a point of boasting how they'd collaborated with the Microsoft Security Response Center (MSRC).
A little more research would also have revealed that Trustwave has a rather untrustworthy reputation. Last year, Trustwave, which is also a Secure Socket Layer (SSL) certificate authority, admitted to selling a subordinate root certificate to an organization to allow it to eavesdrop on encrypted employee traffic.