Experts query Windows win in flaw count

By Derek Sooman on January 9, 2006, 2:40 PM
Security experts and other critics have attacked a recent study which claimed that in 2005 more security vulnerabilities were found in Linux/Unix than in Windows. Published by the U.S. Computer Emergency Readiness Team, the study has been called "confusing and misleading" by Ark Cox, a consulting software engineer at Red Hat.

"For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics," he said.
Steven Christey, an editor for Common Vulnerabilities and Exposures, claims that the statistics used in the study were no basis for comparison of the relative security of Windows and Linux/Unix. This, he says, is because they had been collected from different sources with different criteria for the collection of flaws.




User Comments: 12

Got something to say? Post a comment
exscind said:
I knew something like this was going to happen. The article was flawed and biased from the start, I don't think that was a surprise there. It was probably written and suggested with the theme that Windows has fewer flaws than Linux/Unix to grab readers' attention. As I have said before, I congratulate the article for at least challenging the issue that Linux is 5,234,839,347 to the 20th power better than Windows, but no one should take that article literally because the research methodology is flawed and the issue is so much more complicated than "My OS is better than your OS, period."
2old said:
And lets not forget the impact as well - with a multitude more users each Windows flaw has a substantially bigger impact than Linux/Unix.
Cartz said:
[b]Originally posted by 2old:[/b][quote]And lets not forget the impact as well - with a multitude more users each Windows flaw has a substantially bigger impact than Linux/Unix.[/quote]Exactly! Also consider, for every 1 user looking for a flaw in Linux, there are 100s looking for flaws in Windows. Why waste your time exposing security holes in a piece of software that is rarely used. Since the goal of the exploiter is (likely) financial gain, why limit your market to a mere 5% of all computers. Your average Windows user is not so cautious, so not only is finding an exploitable flaw in Windows better in terms of pure numbers (of computers available to exploit), but they can also rely on a lower average 'tech savvyness quotient' over a Linux user.I say this because debatably, most people who run Linux are more tech savvy, they take care to have extra security and are careful about what they do online. The average windows user is not so cautious, and so it is easier to exploit them.In time, people will realize that Linux is not much more secure then Windows, if at all... It just hasn't been as thouroughly investigated.
DragonMaster said:
Which flaws are the most critical? ;)
sngx1275 said:
[b]Originally posted by Cartz:[/b][quote]In time, people will realize that Linux is not much more secure then Windows, if at all... It just hasn't been as thouroughly investigated.[/quote]Except that inherently linux OSes set up 2 accounts on installation. 1 for Root, 1 for the User. And most of the time you run as the user. In Windows, on your personal machine, you are running with Admin privs all the time unless you explicitly set up a limited account, so all sorts more bad things can happen when you aren't denying certain actions to take place.
PanicX said:
[b]Quoted from Mark Cox:[/b][quote]"There is also the issue of timing," he said. "With Linux products, critical updates are available within a day. If you look at Red Hat Enterprise Linux 3, the average patch time is under a day. With the recent critical WMF (Windows Meta File) vulnerability, it took Microsoft seven days," he said[/quote]There's dozens of things wrong with the original report when taken into a security comparison context. They really should have left OS's out of the equation altogether and made a report simply on overall vulnerability count.
asphix said:
I agree panicx. Approaching this topic from the angle they did is bound to just make peoples hair rise, put their backs to the wall and start taking pot shots at each other.The argument that windows flaws are more "serious" becaues more users are effected by them is a moot issue in my opinion.To play on the other side of the fence, A lot of the arguments that elude to justifications or acceptances toward Microsofts flaws can also be just as annoyingly useless.All I'm saying is that bugs, flaws and security issues will always be a part of computing. There will never be any such thing as the perfect OS. Instead of sounding like money hungry salesmen or representatives by comparing products to each other. We should stress the benefits of the product and let people choose for themselves.Linux/Unix are great OS's for certain people. So is Windows. Both offer different things, be it ease of use, familiarity, compatability, software etc etc etc. Getting into an argument over which is better security wise is sort of a dead end undertaking. You can tell me Linux is the fort knox of the computing world and I'll still use Windows, as thats what I'm comfortable using and I get along just fine in it.Which all leads back to, the perspective of this comparison was bound to cause extremist reactions. Either you'd react by thinking "Oh wow!" or "WHAAAAT?!" and nothing in between.
fury said:
Who ever expected the report to be fair, unbiased, and well-balanced anyway? It's from a government agency...The only way Windows and Linux are going to get a truly unbiased comparison is from a new user who has not touched computers at all and has not been told what to get by any of his/her friends and family. And that will be mostly superficial due to their newbie nature.Anyone with technical knowledge enough to make detailed analyses about either or both operating systems will always be biased towards Windows or Linux (or Mac OS?) by nature.
spike said:
I disagree. I have personal preference in many things, but I can still offer an unbiased analysis. It's all about detatching your self from the object of the analysis and looking at it from a pure academic standpoint.
nathanskywalker said:
really? flaws? no way!
lordbf1 said:
I do feel that linux is patched faster then windows is.
mentaljedi said:
I knew something was off! Yeh, it was too good to be true. But i am convinced that Vista will have great security. But i wonder if Linux will reslease something that bests it?
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.