Posted on 01/09/2006 3:50:13 PM PST by cabojoe
THE UNITED STATES Computer Emergency Readiness Team (CERT) has prepared a report for the government that claims that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005.
Cert included under the Linux umbrella Mac OS X, as well as the various Linux distributions and flavours of Unix. It claimed that the Unix camp had more than twice as many vulnerabilities as Windows.
The Cyber Security Bulletin 2005, said that out of 5,198 reported flaws, 812 were Windows operating system vulnerabilities, while 2,328 were Unix/Linux operating bugs.
The remaining 2,058 were multiple operating system vulnerabilities. It is possible to hear the sounds of the provisional wing of the Linux and Apple glee clubs strapping cyber explosives to their belts at the announcement.
It seems that the figures prove the impression of many in the security industry that the only reason Windows boxes get turned over the most is because there are more of them.
CERT's figures did not include figures for how quickly vulnerabilities are patched once they are discovered. You can have a look at the report here. And flame CERT not us. µ
bugs that never existed: The Debian lintian Insecure Temporary File, as this was discovered, discussed, and corrected in the year before it was reported. Further this was a bug in an alpha product not a relased version. Does cert count bugs in alpha MS versions?
Ah, yes, the downside of shipping software that's common between *nix platforms.
Has nothing to do with commonality its the way its reported that makes the numbers meaningless. A bzip2 error is a bzip2 error be it on Linux, Solaris, AIX, or HU-UX... Yet CERT will report it one time for each and *THEN* say its really 4 bugs. Defending the piss poor methodology these guys are using shows that perhaps the biggest OS partisan on the thread is you.
See post #41. Analysis which removed dupes still makes Linux the flaw leader.
41 still ignores reports of bugs in alpha and pre release versions. 41 also ignores multiple post of the same bug to different platforms, it only deals with 'updates'.
"Now on to why Linux' kernel still managed to rack up double the vulnerabilities of Microsoft Windows. There are a heck of a lot of Linux kernels out there. Last week saw the release of 2.6.15. Some of the vulnerabilities affect multiple kernels, some only a handful, and some vulnerabilities are present only in a single version of the kernel. Further, kernels in testing are included in the US-CERT reports, since each kernel version can be downloaded by brave kernel developers from day one -- the same guys who find the vulnerabilities and publish them."
I could care less what you believe.
And likewise I'm sure. Feel free to believe in the Easter Bunny, Santa Claus, that islam is a Religion of Peace, that one day we'll fill out our income taxes on a postcard a la Steve Forbes, and that Windows beats Linux from a security point of view. I really could care less.
Not according to some of the articles posted here during the week when there was no patch. Oh, that's right. You were not posting on FreeRepublic during that time. You might want to dig through the archives.
It's only potentially dangerous if you're browsing p0rn or war3z.
In this case, that is patently untrue and a dangerous lie to propogate. FreeRepublic could have easily been made a vector for this defect to be exploited. It's hardly a porn or warez site.
As I mentioned in my previous post, some of the other exploitable defects in MS-Windows that were somewhat similar would have required a user to specifically browse to an evil site. This makes it less likely that a given individual would be at risk if they didn't make it a habit of browsing porn/warez sites. This was much different, in that all that was necessary would be for someone to anchor an <img> tag in a post on a blog comment, or forum such as this, and you could hit as many people as there were MS-Windows viewers of that page.
You can do better than this. I know you're not that stupid.
When only applied to production kernels and software redhat had 7 vunerabilities as opposed to Windows 44.
I think so few own them that the hackers have gone after the 95% windows units for the most vast results.
Give it up. He obviously doesn't want to compare apples to apples.
Why do you imply inconsistencies where none exist? Production kernels are clearly marked as such by their release numbers. The development process in Open source, and I say this only because you are having trouble with obvious concepts, is open. Every line of code put into a feature request or enhancement is seen by the world. If Windows lived under the same model do you think they would have fewer bugs?
When you include all of this multiple-version, widely available open-source Franken-crapware, you have more vulnerabilities than Windows.
its kinda funny that when you include Alpha and Beat opensource software windows production still struggles to keep fewer bugs..
"That was my first reaction too, but remember that "Windows" is actually an aggregation itself of several members each of two different lines of descent. (W3.1/3.11 > 95 > 98 > 98SE > ME and NT > Win2K > XP Pro/Home > etc.)"
That's a very fair point if they are counting all the various historical versions of windows..
There's also a cross line at the bottom of your chart, Windows 3.0 > NT 3.1, because NT uses a modified 32-bit version of the Windows 3.1 API.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.