I'd like to point out the rest the folks on the thread who might not be familiar with this particular FUD point. It is major apples to oranges comparison that b2k and other microsoft supporters trot out.
He's attempting to compare just the windows operating system itself, with an entire distribution that includes the OS, various editors, html production software, multiple browsers, firewall software, multiple firewall software, cd/dvd writers, 2 full office suites, web server, and scripting software, games, image editing/creation software and much other stuff that dosn't immediately come to mind. Microsoft doesn't even make software that is comparable with all the software that is included in a standard Red Hat distribution, but if you included everything that they do sell that has a RedHat equivalent, you'll find that the numbers to not compare favorably.
"...statistics gathered by leading security company SecurityFocus on their NTBugTraq site say differently..."
Note that part of their site name is "NT". How impartial do you think that makes them. In fact, I follow their postings regularly, along with those of several other security sites. The one thing that I have noticed about NTBugTraq is that when there are several interrelated bugs in Microsloth Windows based OS's, they almost always bundle them together as only one event, but in similar situations, on non-Microsloth products, they always create separate incidents. That's the kind of diddling with the numbers that it takes to make Microsloth even appear to be somewhat secure. But, the picture is quite different, when viewed from the trenches.
I have run entire IT departments for very large corporations and have been a US security lead for a major oil company and in all those years, two things have become obvious. First, it not only takes significantly more security support staff to secure and keep secure Microsloth based systems, than any UNIX based systems, including LINUX, but the Microsloth security staff has to be much better trained than their UNIX counterparts. Secondly, even with that larger and better trained support staff, the few successful attacks that we experienced were almost exclusively on Microsloth based systems. At one company, we had one MCSE and two MCSE/MCSA's, who were all security specialists and who did nothing else. Those three highly trained specialists maintained security on one fifth as many servers as our single UNIX security man did and he had only a high school diploma and some practical experience and handled system admin work on several of those UNIX systems, as well. While I was there, we never had a single successful attack on a UNIX (or LINUX) based system, while successful NT attacks, though not common, were far from rare. And that's not even considering the Windows desktop attacks and the additional security staff that we had to deal with those problems.
I am now the Infrastructure Director of a new international natural resources exploration and development company. Some time back, we decided that all of our servers will be UNIX (or LINUX) based and our desktops and laptops will all be Macs (UNIX under the hood). Since we began operating in this environment, we have not had a single security event of any kind. I wonder how many companies can say the same of their Microsloth based networks.
Read more from SecurityFocus:
For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers [big time].Considering the vast number of Explorer, Outlook and IIS vulnerabilities that were out, the Windows number should have been quite higher, but they weren't counted. This also doesn't take into consideration that Windows enables most services and installs almost all packages by default, while usual Linux practice is to install only those packages and services that are needed, which for any one installation reduces the vulnerability count.