Page 1 of 1
Linux/Unix Vulnerabilities Outnumber Windows' 3 To 1
Posted: 2006-01-04 09:00pm
by Dominus Atheos
InformationWeek wrote:Linux and Unix, including the Mac, had 2,328 vulnerabilities last year, compared with 812 vulnerabilities for Microsoft Windows, according to the U.S. government's computer security group.
Tallies kept by the U.S. government's computer security group show that Linux and Unix operating systems faced nearly three times the number of vulnerabilities in 2005 than did Microsoft's often-maligned Windows.
In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total.
Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total.
Another 2,058 vulnerabilities affected more than one operating system.
Although US-CERT didn't break out Mac vulnerabilities in a separate category, the Linux/Unix section listed more than 25 attributed to the Apple Computer operating system.
The end-of-year vulnerability score should be taken with a grain of salt, however, since US-CERT doesn't filter out updates (so one actual vulnerability can be counted numerous times) nor does it break out individual vulnerabilities from warnings that cover multiple bugs (as in the many Mac OS X vulnerability listings).
Suck it, Linux geeks!
Sorry about the above comment, I just hang around at Slashdot way to much, and they piss me off.
Posted: 2006-01-04 09:08pm
by Durandal
This is a far cry from the whole story. If, for example, Mac OS X suffered from an SSH vulnerability, it's not exactly a huge deal since SSH is off by default. Whereas, if there's a Samba vulnerability in Windows, it becomes a conduit for a worm almost immediately, since Samba is on by default.
Posted: 2006-01-04 09:25pm
by Pu-239
Plus distros tend to include a lot of desktop applications that on the windows side aren't really considered part of Windows.
Posted: 2006-01-04 10:25pm
by Pu-239
Posted: 2006-01-04 11:17pm
by Xon
But at the same time it can take multpule patches to close the one vulnerability.
Posted: 2006-01-04 11:59pm
by Darth Wong
The fact that phpBB exploits are listed as Linux-only exploits EVEN THOUGH PHPBB RUNS ON BOTH WINDOWS AND LINUX is a good indicator of the worthlessness of this assessment.
Re: Linux/Unix Vulnerabilities Outnumber Windows' 3 To 1
Posted: 2006-01-05 12:55am
by Miles Teg
Darth Atheos wrote:InformationWeek wrote:Linux and Unix, including the Mac, had 2,328 vulnerabilities last year, compared with 812 vulnerabilities for Microsoft Windows, according to the U.S. government's computer security group.
Tallies kept by the U.S. government's computer security group show that Linux and Unix operating systems faced nearly three times the number of vulnerabilities in 2005 than did Microsoft's often-maligned Windows.
In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total.
Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total.
Another 2,058 vulnerabilities affected more than one operating system.
Although US-CERT didn't break out Mac vulnerabilities in a separate category, the Linux/Unix section listed more than 25 attributed to the Apple Computer operating system.
The end-of-year vulnerability score should be taken with a grain of salt, however, since US-CERT doesn't filter out updates (so one actual vulnerability can be counted numerous times) nor does it break out individual vulnerabilities from warnings that cover multiple bugs (as in the many Mac OS X vulnerability listings).
Suck it, Linux geeks!
Sorry about the above comment, I just hang around at Slashdot way to much, and they piss me off.
I'm not impressed. Even a cursory glance at that page should tell you why the numbers stack up as they do.
Several Points:
* Windows is one operating system, while the Unix/Linux category includes at least these distinct UNIX style codebases: HP-UX, AIX, Darwin, Linux, Solaris, SCO UNIX, and BSD.
* (Related to point one) This list contains vulnerabilities for several different Linux and BSD distributions, including but not limited to: SuSE, Redhat, NetBSD, OpenBSD, FreeBSD, etc. The UNIX/Linux list appears to list each vulerability multiple times when an app is distributed by/runs on all of the above UNIX systems and distributions.
* The amount of software for Linux systems that comes bundled with the various distributions is several times the amount of software bundled with Windows (perhaps even an order of magnitiude or two). The list of vulns under "Multiple Operating Systems" only appears to include items that are cross platform.
It's pretty clear this is a worthless POS.
Miles Teg