Base security

Authentication, access control, cryptography, audit trail/logging

Pluggable Authentication Module, plug-in modules, Kerberos, PKI, Winbind, ACLs, LSM, SELinux, Controlled Access Protection Profile audit, kernel cryptography

Kerberos, PKI, Access Control lists, Controlled Access Protection Profile audit, Microsoft crypto application programming interface

Linux is superior

Network security and protocols

Authentication, layer, network layer

OpenSSL, Open SSH, OpenLDAP, IPSec

SSL, SSH, LDAP, AD, IPSec

Both are comparable

Application security

Antivirus, firewalls, intrusion detection software, Web servers, email, smart card support.

OpenAV, Panda, TrendMicro, firewall capability built into the kernel, Snort, Apache, sendmail, Postfix, PKCS 11, exec-shield

McAfee, Symantec, Check Point, IIS, Exchange/Outlook, PCKS 11

Linux is somewhat superior

Deployment and operations

Installation, configuring, hardening, administration, vulnerability scanners

Install and configuration tools, Bastille, mostly admin through command line interface, Nessus, distribution- specific Up2Date, YaST, Webmin

Install and configuration tools come with Windows, no specific hardening tool, admin GUI, security by default has been emphasized lately

Both are comparable

Assurance

Common Criteria Certification, flaw handling

Linux has achieved EAL3 and has good flaw handling

Windows has EAL4 and good flaw handling

Windows is superior

Trusted computing

Trusted Platform Module, Trusted Computing Software Stack, instrumentation, attestation

Trusted Platform Module device driver open sourced by IBM, Trusted Computing Group software stack is targeted for 2005

Next-Generation Secure Computing Base, possible availability with Longhorn 2006

Neither is superior

Open standards

IPSec, POSIX, Transport Layer Security, Common Criteria

Linux meets all open standards

Microsoft participates in open standards but has some proprietary standards.

Linux is superior