In general, the more powerful and flexible the operating system, the more open it is for attack through its Web (and other) servers. Windows and Linux systems, with their large number of built-in servers, services, scripting languages, and interpreters, are particularly vulnerable to attack because there are simply so many portals of entry for hackers to exploit. Less capable systems, such as Macintoshes and special-purpose Web server boxes, are less easy to exploit. The safest Web site is a bare-bones Macintosh running a bare-bones Web server.

In the real world, of course, many sites will want to run a Windows or Linux server in order to gain the performance advantage of a multitasking operating system and the benefits of database and middleware connectivity . Security holes have been found in both Linux and Windows NT server systems, and new security holes are being found on a regular basis.

If you have configured your system correctly and are compulsive about applying your vendor’s security patches promptly, a typical Linux system will be more secure than a typical Windows system. However, you also have to factor in the experience of the people running the server host and software. A Linux system administered by a novice system administrator will be far less secure than a Windows system set up by a seasoned Windows system administrator.