Windows beats UNIX on vulnerabilities

User Comments: 37

1. January 6, 2006 3:21 PM
   iluvnug said:
   What versions of windows, linux, and unix is US-CERT talking about here? I don't know if one can make the assertion that is being made in the title of this news in regards to anyone one version versus another.
   Reply
2. January 6, 2006 3:50 PM
   mentaljedi said:
   [b]Originally posted by barfarf:[/b][quote]Well the best way to compare would be the cost per capita. That would give the real and fair cost of using linux and unix vs windows system. Over the 2005 year from all flavors of linux and unix and gather the total cost of downtime, prodcution loss, repair..etc due to vulnerabilities from businesses. There will be of course errors in determining what was caused by vulnerabilities or human error but if you have large enough sample size those error will be minimized. Then take all flavors of windows (i know for fact some businesses still use windows 98 and maybe even old systems) determined their costs. Then divide both by their estimated install base. This will give $$$ cost per machine or per user. For this to be fairly accurate its best do it only in the USA and only with businesses since they can give the most consistant data plus they would have the greatest effect on the economy. As my econ prof said "What affects the economy effects you."[/quote]Yes, not because money is more important but is a good measure of how serious somehthing is. I myself have never been hacked into but my computer seems to destory itself (no joke).
   Reply
3. January 6, 2006 4:03 PM
   John Smith said:
   I had always assumed it was the better way to go security wise. Ya learn something new every day.
   Reply
4. January 6, 2006 5:18 PM
   cyrax said:
   Now you see, i was about to go into a long winded argument about why window not as good as unix and then it hit me....its like telling a grown person about the dangers of spitting in the wind. Its something you know instinctively, windows was built on flawed architecture thus it makes sense that there would be more serious flaws than unix. It ain't the number hosse, its how bad it is that counts.
   Reply
5. January 6, 2006 11:48 PM
   exscind said:
   I think some missed the point that others have tried to argue. Sure, Linux... in fact, let's just make it Windows vs Everything Else (abbreviated to EE hereon). Windows has less vulnerabilites exploited/found than EE, and it is understandable due to the different variations of EE; however, the point is how many times have you seen news reporting on EE vulnerabilities in comparison to Windows? I don't disagree, I do think Linux (aka EE!) - in general - is safer than Microsoft. But I do disagree with those hardcore anti-Windows fellows claiming invincibility with their EE operating system while condemning Windows to all hell. There is a difference between the two, but it's not the hyperbole that many makes it out to be.And for the record, yes I do think this article is a bit skewed and obviously biased in the preconception before the article was even written. But I do like the fact that this article is trying to chip down the wall that the anti-Windows fan club is trying to build, and tries to show the gap between the two sides are not as wide as they want to believe. Windows has inherent flaws that makes it naturally more vulnerable to attacks (and the magnitude of the attack), but hackers are still able to dig into EE's architecture now that it is becoming more popular. The flawed infrastructure simply makes the hackers' job easier; it doesn't deter them away at all.
   Reply
6. January 7, 2006 1:04 AM
   maxtor said:
   @exscind. Thank you. That is exactly what I was trying to say. Hopefully everyone will read your post. I don't believe that I am biased; I'm not sure if you were implying that to me. I use Windows almost as much as I use EE(lol). Now to sum up your post. When you compare the Windows vulnerabilities to the vulnerabilities of just about everyother operating system, of course Windows will have less vulnerabilities.Like you previously said, "this article is a bit skewed and obviously biased".I guess I have to hand it to Microsoft though. This year was probably their best year yet. Seems to me that more security holes have been fixed/patched, and XP is more secure than ever. Although I cannot say that it is secure, but with a router and the right software it gets pretty close...
   Reply
7. January 7, 2006 1:18 AM
   xerowingsx5k said:
   Woah, when I read the title, I almost thought this was something Microsoft is supposed to be proud of. Microsoft's Windows line has consistently shown us security flaw after security flaw of problems. I remember the time when I would receive a Windows update almost every other day to patch security flaws. As much as I don't like Windows, I can't seem to live without it.
   Reply
8. January 7, 2006 5:32 AM
   eko said:
   Well, consider these facts:1. Linux is free, Windows costs a lot of money2. Some people have always been, in a way or another, against the crowd. If everyone goes in one direction, why should I follow?3. Consider the fact that the number of vulnerabilities is not the only thing that matters. Just think about the gravity of those vulnerabilities. I've seen lately some critical vulnerabilities on Windows, but the ones one Linux are less worrying. So let's just try to separate the facts, to try and find out exactly what are the real things which stay behind that info. As long as we don't know exactly how accurate the results are, I think it's premature to go and make an accusation, or even a strong opinion, over one thing or the other !
   Reply
9. January 7, 2006 7:48 AM
   Mictlantecuhtli said:
   Open source software probably has a lot more "vulnerabilities" in applications, if they are called that, but their developers patch them quickly. I don't think every patch is counted at CERT.I don't know how many people are debugging closed source software - sometimes (if not usually) their end user license agreements even prohibit that.[quote]You may not reverse engineer, decompile, or disassemble the Software, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.[/quote]So how are you going to find those vulnerabilities?
   Reply
10. January 8, 2006 11:46 PM
    PanicX said:
    Interesting article. I like all the fuss its stirred up while it failed to show anything of any significance. If you're trying to use a report like this to display actual system security, there's a few things you need to know. First is the difference between a vulnerability and an exploit. A [url=http://www.microsoft.com/technet/archive/community/colu
    ns/security/essays/vulnrbl.mspx]vulnerability[/url] is "a security exposure that results from a product flaw, and which the maker of the product should fix." An [url=http://mtechit.com/concepts/security_exploit.html]explo
    t [/url]is "a bug or misconfiguration on a Host System which can be used by an Intruder to gain unauthorized access to that Host System or to a network to which it is connected. The Intruder might also take advantage of this problem to cause Denial of Service."A machine with say, 2328 vulnerabilities may infact, be more secure than a machine with 1 exploitable vulnerability. How's that possible? Say for instance you have Kerio 6.13 installed which contains [url=http://www.us-cert.gov/cas/bulletins/SB05-320.html#win5
    a vulnerability[/url] that allows users with disabled accounts to still bypass the firewall. However you may not have any disabled users, which would make this vulnerability unexploitable, and you remain secure. The real measure of security is the number of exploitable vulnerabilities for each OS. Not to mention that this study includes thousands of vulnerabilities in third party products that are not part of a default OS installation. You can't measure a computers security by vulnerabilities in software thats not installed on your machine.Whether or not Linux (which is just a kernel BTW) is more secure than Windows is debatable. I don't have any research that conclusively shows a users risk with either OS. However I tend to beleive that windows vulnerabilities are more publized, A. because the huge userbase that is possibly affected by it. B. because they're exploitable vulnerabilities.
    Reply
11. January 9, 2006 6:47 AM
    nic said:
    A vulnerability becomes an exploit only when some has devised a method to make use of the defect. Hackers would need to spend time coming up with inventive ways of using any known vulnerabilty. More vulnerabilities in Windows turn into exploits because there is a large base of would be hackers trying hard to find an exploit that will be usefull. I think its wrong to suggest that windows has more exploitable vulnerabilities than Linux, as the user base for Linux is much smaller and less exploits are therefore devised. Opensource software by its nature allows hackers to examine the code and therefore find more exploits, if these exist. Maybe this explains the large number of vulnerabilities found in Linux.
    Reply
12. January 9, 2006 7:29 PM
    maxtor said:
    @nic. Actually, that is a very good point that I didn't consider. Even though I believe that Windows has many more vulnerabilities than Linux or Unix, that is a point I actually never thought of. The reason that Linux and Unix have more vulnerabilities than Windows has already been explained by the many people defending the OSes. It only makes sense that Linux and Unix have more vulnerabilities, which like I just said, reasons have already been explained, and there is no need for me to say it again.
    Reply

Recently commented stories