Replies

Unix based systems have more exploits than Windows, and that is a fact.

Windows More Secure Than Linux? Yep!
Thanks to David Byrne for this tip: For at least the first 8 months of 2001, open-source poster child Linux was far less secure than Windows, according to the reputable NTBugTraq, which is hosted by SecurityFocus, the leading provider of security information about the Internet. (The company's 2001 statistics are available only through August 2001 for the time being.) According to NTBugTraq, Windows 2000 Server had less than half as many security vulnerabilities as Linux during the reported period. When you break the numbers down by Linux distribution, Win2K had fewer vulnerabilities than RedHat Linux 7.0 or MandrakeSoft Mandrake Linux 7.2, and it tied with UNIX-leader Sun Microsystems Solaris 8.0 and 7.0. A look at the previous 5 years--for which the data is more complete--also shows that each year, Win2K and Windows NT had far fewer security vulnerabilities than Linux, despite the fact that Windows is deployed on a far wider basis than any version of Linux. So once again, folks, you have to ask yourselves: Is Windows really less secure than Linux? Or is this one of those incredible perception issues? For more information and the complete stats, visit the SecurityFocus Web site. I'll check back on this story to see how all of 2001 shapes up.

Unix based systems have more exploits than Windows, and that is a fact.

I agree with you -- it's mostly a perception issue. I write Windows software for a living, play with Linux at home, and wish I had one of the new Macs. They're all good in their own ways and are getting better every year. I've never understood Microsoft-bashing because Bill Gates has made personal computers an integral part of everyone's lives. PCs would still be an obscure hobby for dweebs if it weren't for him.

I remember that study. When you analyzed the reports you saw that most of the Linux exploits were local ones (ie, someone had to be physically present at the machine or at the very least have some level of user access beyond just being able to see the machine on a network) while the majority of the Windows ones were remote (ie, any schmuck with the right tool could break in). Also, I think that they counted a number of individual security alerts from various sources (Red Hat, SuSE, Mandrake, etc) as individual exploits even though the different companies were sending an alert for the same problem, so one exploit in Linux would get counted three times.

Is that the study you're referencing, or am I remembering a different one?