Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux/Unix Tops Charts for Vulnerabilities in 2005

Posted by samzenpus on from the better-safe-than-sorry dept.

BeanBunny writes "I realize that this topic is almost as volatile around here as Intelligent Design, but I think this is interesting nonetheless. US-CERT has released their year-end vulnerability summary. According to InformationWeek.com, Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows. Obviously, statistics are meaningless without the proper conjecture, speculation, and opinionation, so let the debate begin again over which OS is really more secure."

2 of 438 comments (clear)

  1. Already hashed over in depth on GrokLaw by jmac880n · · Score: 5, Informative

    This is old news. PJ has done a pretty thorough job debunking this one on Groklaw.

  2. Re:Along with the total numbers... by LnxAddct · · Score: 5, Informative

    Not only do they not take into account severity, a large portion of the vulnerabilites in the Linux list are tagged with "update" meaning that a large portion are just updates to previously filed bugs, but worst of all, their lists are just plain wrong. A huge chunk of the open source projects listed under *nix are not listed under Windows, yet they run on Windows and the vulnerabilities affected windows. There are Apache, Gaim, PHP, Zope, Clam AV, Vim, Emacs,Perl, MySql and many more vulnerabilities listed just under *nix, yet equally affect Windows. Even worse, Windows has 1 firefox vulnerability listed, yet *nix has 153 firefox vulnerabilities listed (including the couple of tens of updates) but every vulnerability I saw listed equally affected Windows. This list is separating vulnerabilities by pretty much whether its open source or not (for the most part, say 90%), not by what platform it runs on, yet the latter is how they are categorized. This whole list is a big giant piece of misinformation and someone needs to correct it.

    It's also not intelligent to group together all Unix derived operating systems, as they all follow completely different security structures, development paradigms, and grouping them is simply serving to inflate already misleading numbers. The fact is that the only thing this list clearly shows is that open source projects are much better at following up on security problems(noting all of the updates), and that there are far more applications that run under *nix than under Windows once you account for all of the at least semi-popular open source projects.
    Regards,
    Steve