There’s been plenty of ‘studies’ and whitepapers popping up lately about how Windows is starting to have less patches and less security vulnerabilities found than Linux. Some even go as far as to say Linux is showing more in general.
I’m starting to believe them.
I’m currently sitting here watching four servers (all running Gentoo) all do their weekly updates. For the uninitiated, Gentoo has a system called Portage which manages all installed applications and software. It downloads source code, then compiles and installs it, usually with the minimum of fuss. If you’ve ever used FreeBSD’s ports system, its very similar, and in some ways more powerful.
Every week when I look on these servers to see how many patches and updates need to be installed, I get slightly more disheartened. Of the four servers, three are running eight updates, and the other one is doing 12, mainly as it has more installed. Admittedly a lot of these are just general updates and bug fixes – a major proportion aren’t actually security patches. But even so, its still a lot of maintenance to carry out each week to ensure your server is up to date and as secure as can be.
For all my complaining, I do prefer this slightly to the RPM-based distros and their ‘wait a month for an update’ strategy. I applaud the fact they are being cautious with these things, and not just throwing updates out, willy-nilly. But by the same token, I often need to make things work now – not in a month. One example is Apache2′s mod_auth_ldap module. I needed LDAP authentication on an apache server and although it worked, the performance was bad. The caching feature just didn’t work, so for every GET or POST request you made to the server, it went and queried the LDAP server. Not a good idea considering the amount of data due to go through this server. Within no time, the bug had been fixed, and a swift upgrade later and everything was working fine.
I suppose its like all things, its swings and roundabouts, you just have to decide what you’re happiest with.