Against the Linux 2.6.x kernel: 6% (17/265) - less critical vulnerabilities unpatched
So windows has 4.5x as many unpatched and 3.7x as many in total and has far more critical vulnerabilities left unpatched.
btw: Highly critical means that the system can be completely comprimised if someone exploits it - there are just no known expoits of it in the wild. Less critical basically means you have to be local and lets face it, if they have local access you're screwed anyway.
And for good measure, lets compare Linux to win 7 in 2010:
Linux: http://secunia.com/advisories/product/2719/?task=statistics_2010 47 advisories (same as windows) 4% unpatched (almost 3x better than windows) Criticality: Highly: 0% (walks all over windows here) Moderately: 4% (more than 4x better here) Less: 47% Not: 49% Loction: Remote: 9% (again, walks all over windows) Local Network: 2% (much better than windows again) Local: 89%
In short: Linux had ZERO remote automated system exploits - all remote exploits required user interaction. The vast majority of Linux exploits required local access and even then the impact was fairly low. The majority of Win 7 exploits had significant system impact. The majority of Win 7 exploits could be triggered remotely, with many requiring no user interaction.
The winner? Shear numbers: inconclusive - both have the same number Criticality: Linux wins here easily - 96% were rated less critical or lower, compared to Win 7's 57% rated at moderate or higher Locality: Again, Linux wins hands down - the vast majority are local exploits and the majority of Win 7 exploits are remote Time to patch: ? Exploits in the wild: ? but I'd suspect Linux would win given that most require local access to achieve...
Slashdot Mirror
You do realise you are comparing Win 7, which has been out for 2 years, against the 2.6.x kernel which has been around for 8 years, right?
Lets looks at Windows during that timeframe (keep in mind that the stats only go back to 2003, when the 2.6.x kernel was released):
Win 7: 8% (5/65) - highly critical vulnerabilities unpatched
Vista: 8% (8/147) - highly critical vulnerabilities unpatched
XP: 12% (42/342) - highly critical vulnerabilities unpatched
Server 2008: 4% (4/130) - highly critical vulnerabilities unpatched
Server 2003: 6% (19/295) - highly critical vulnerabilities unpatched
Summing up: 8% (78/979) - highly critical vulnerabilities unpatched
Against the Linux 2.6.x kernel: 6% (17/265) - less critical vulnerabilities unpatched
So windows has 4.5x as many unpatched and 3.7x as many in total and has far more critical vulnerabilities left unpatched.
btw:
Highly critical means that the system can be completely comprimised if someone exploits it - there are just no known expoits of it in the wild.
Less critical basically means you have to be local and lets face it, if they have local access you're screwed anyway.
And for good measure, lets compare Linux to win 7 in 2010:
Win7: http://secunia.com/advisories/product/27467/?task=statistics_2010
47 advisories
11% unpatched
Criticality:
Highly: 40%
Moderately: 17%
Less: 36%
Not: 6%
Loction:
Remote: 55%
Local Network: 11%
Local: 34%
Linux: http://secunia.com/advisories/product/2719/?task=statistics_2010
47 advisories (same as windows)
4% unpatched (almost 3x better than windows)
Criticality:
Highly: 0% (walks all over windows here)
Moderately: 4% (more than 4x better here)
Less: 47%
Not: 49%
Loction:
Remote: 9% (again, walks all over windows)
Local Network: 2% (much better than windows again)
Local: 89%
In short:
Linux had ZERO remote automated system exploits - all remote exploits required user interaction.
The vast majority of Linux exploits required local access and even then the impact was fairly low.
The majority of Win 7 exploits had significant system impact.
The majority of Win 7 exploits could be triggered remotely, with many requiring no user interaction.
The winner?
Shear numbers: inconclusive - both have the same number
Criticality: Linux wins here easily - 96% were rated less critical or lower, compared to Win 7's 57% rated at moderate or higher
Locality: Again, Linux wins hands down - the vast majority are local exploits and the majority of Win 7 exploits are remote
Time to patch: ?
Exploits in the wild: ? but I'd suspect Linux would win given that most require local access to achieve...