In TechRepublic discussions about the virtues of Linux vs. Windows, Linux enthusiasts love to point out that their OS is much more secure. They complain that Windows and its applications are full of bugs and poorly written code and that Windows is more susceptible to viruses.
Of course,
administrators who work primarily with Windows take exception to these
arguments. They believe that Windows can be secured just as well as any other
operating system and that Windows is simply targeted more often because its use
is so widespread.One way to get to the bottom of this dispute is to look at the numbers. In this case, let's examine the statistics on discovered vulnerabilities tracked by Security Focus Bugtraq. One word of warning: These numbers may just surprise you.
Buqtraq vulnerabilities 2001
Table
A shows a cumulative list of vulnerabilities discovered so far in
2001.
 |
Buqtraq vulnerabilities 2000
Table B shows the 2000 vulnerabilities listed by the same source.
 |
The bottom line
As these numbers illustrate, Windows NT 4.0 was the leader in bugs identified during 2000. But Linux was not far behind. And in 2001, Windows 2000 has stabilised a bit and is actually running in the middle of the pack. One logistical note: It wouldn't be fair to add those Linux bug numbers together--most are the same bugs across every platform. However, the conclusion here is that there is obviously a comparable number of security problems with the various flavours of Linux, as well as Sun's Solaris, as there are with Windows NT 4.0 and Windows 2000.
Ultimately, with the vast number of individuals and businesses using Microsoft software, any flaws in the Redmond product are magnified because of their sheer impact. All this doesn't mean that I don't like Linux or that I'm a champion of Bill Gates and his Microsoft cronies. But I believe that simply because of its vast market share, Microsoft should be feeling a tremendous responsibility to make certain that its software isn't just profitable. It should also be as secure as it can be made because any problems will have such a huge impact. Unfortunately, the Redmond giant doesn't appear to feel that responsibility.
Microsoft should continue to have its feet held to the fire when a mistake is found. Conversely, Linux bugs will continue to be minor news unless that OS gains a larger share of the world's computers and thus seriously impedes the work of many businesses and consumers.
TechRepublic is the online community and information resource for all IT
professionals, from support staff to executives. We offer in-depth
technical articles written for IT professionals by IT professionals.
In addition to articles on everything from Windows to
e-mail to fire walls, we offer IT industry analysis, downloads,
management tips, discussion forums, and e-newsletters.
©
2001 TechRepublic, Inc.
These statistics are meaningless without including the release dates of the software in question. A product that only had 1 month in the marketplace during 2000 will have less bugs discovered than a product that was there for the full 12 months.
On a simlar line, it's not reasonable to be comparing a mature operating system with one that was released more recently. Of course a more recently released product will have more bugs.
These stats need some dates and even market penetration (which is pretty difficult to assess) to make them usable figures for comparison.