Re: LAMP vs Microsoft

["Jarrod Frates" <jfrates.ml () gmail com>]

The debates that go back and forth on this relate to the inherent
difference between LAMP and a Microsoft platform.  When you install
LAMP (using CentOS or Debian for a baseline installation, for
example), what applications are you including that are not in the
Windows environment?  What applications are included in Windows that
are not in the LAMP environment?

Perhaps a more specifically-defined question would be more useful.
Are you probing for the entire platform, or just the web-visible
architecture?  If it's just a comparison of Apache/MySQL/PHP on a
Linux kernel compared to just IIS/MSDE/ASP on a Windows kernel, that
may make more sense than an overall comparison.  Further specifying
whether only kernel exploits that are remotely-accessible should be
included or if all kernel exploits should be counted would also be of
use.

I don't have the numbers for a comparison of this type, but they would
probably be of some interest if someone wanted to put them together.
Might not be terribly difficult, either.


Jarrod

On 7/9/06, Darren Reed <avalon () caligula anu edu au> wrote:
> Does anyone have statistics on the cumulative vulnerabilities
> in LAMP vs the equivalent for Microsoft ?  (I'm also interested
> in whether there are better, as in more secure, environments than
> LAMP.)
>
> If the number of vulnerabilities is graphed over time, is either
> heading down or both heading up or...?
>
> - I'm not asking for a "who's better", I just want to know if
> anyone has a good set of numbers and if they're graphed for easy
> comparison.
>
> Thanks,
> Darren
>
> p.s. LAMP = Linux/Apache/MySQL/PHP