Lock IT Down: By the numbers: Comparing Windows security to Linux

by John McCormick | Sep 24, 2001 7:00:00 AM

Tags: John McCormick

Takeaway: A comparison of security vulnerabilities in Windows 2000 and Linux

In TechRepublic discussions about the virtues of Linux vs. Windows, Linux enthusiasts love to point out that their OS is much more secure. They complain that Windows and its applications are full of bugs and poorly written code and that Windows is more susceptible to viruses.

Of course, administrators who work primarily with Windows take exception to these arguments. They believe that Windows can be secured just as well as any other operating system and that Windows is simply targeted more often because its use is so widespread.

One way to get to the bottom of this dispute is to look at the numbers. In this case, let’s examine the statistics on discovered vulnerabilities tracked by Security Focus Bugtraq. One word of warning: These numbers may just surprise you.

Buqtraq vulnerabilities 2001
Table A shows a cumulative list of vulnerabilities discovered so far in 2001.


Buqtraq vulnerabilities 2000
Table B shows the 2000 vulnerabilities listed by the same source.


The bottom line
As these numbers illustrate, Windows NT 4.0 was the leader in bugs identified during 2000. But Linux was not far behind. And in 2001, Windows 2000 has stabilized a bit and is actually running in the middle of the pack. One logistical note: It wouldn’t be fair to add those Linux bug numbers together—most are the same bugs across every platform. However, the conclusion here is that there is obviously a comparable number of security problems with the various flavors of Linux, as well as Sun’s Solaris, as there are with Windows NT 4.0 and Windows 2000.

Ultimately, with the vast number of individuals and businesses using Microsoft software, any flaws in the Redmond product are magnified because of their sheer impact. All this doesn’t mean that I don’t like Linux or that I’m a champion of Bill Gates and his Microsoft cronies. But I believe that simply because of its vast market share, Microsoft should be feeling a tremendous responsibility to make certain that its software isn’t just profitable. It should also be as secure as it can be made because any problems will have such a huge impact. Unfortunately, the Redmond giant doesn’t appear to feel that responsibility.

Microsoft should continue to have its feet held to the fire when a mistake is found. Conversely, Linux bugs will continue to be minor news unless that OS gains a larger share of the world’s computers and thus seriously impedes the work of many businesses and consumers.

---

What do you think about these numbers?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.

---

 

Print/View all Posts Comments on this article

By the numbers: Comparing Windows securi laif.hartmann@... | 09/24/01

Waiting for a fix that WORKS! dv8tor@... | 09/24/01

wdyson@... | 09/25/01

That's the point marauder62@... | 09/26/01

Linux update vs Windows. shanta@... | 09/26/01

I am not a Windows advocate . . . zachowland@... | 09/26/01

hmm.. rrands1@... | 10/11/01

Speaking the truth alnhelb | 10/16/01

Hi hey_tsm@... | 03/21/05

Jebem ti mater matooo@... | 09/26/01

here..! gboudrea | 10/02/01

Windows Update isn't so good. eprevost@... | 09/27/01

IF Tech Locksmith | 09/26/01

false sense of security ? drew@... | 09/29/01

Unweighted numbers worse than useless. lamar.owen@... | 09/26/01

Unweighted Tech Locksmith | 09/26/01

Re: Unweighted jhoffler@... | 09/29/01

Misleading Is An Understatement blazerw1@... | 09/26/01

Misleading Is An Understatment .1 Gar Nelson | 10/26/01

Non technical article. arizonbenito@... | 09/26/01

What about OpenBSD? drosario@... | 09/26/01

OpenBSD not secure alnhelb | 10/16/01

Numbers? wings19@... | 09/26/01

Here's some real numbers. Stygmata | 09/27/01

Not too bad, actually. drew@... | 09/29/01

But Microsoft gets paid for its code wrbrunson@... | 10/02/01

A simple point Don-Bans | 10/25/01

Check out Novell blarman | 10/31/01

Numbers lie no matter who you favor! kbrustad@... | 11/29/01

By the nembers: Compating Windows securi listings@... | 12/31/01

IIS split from NT/2k??? Quake Kid | 09/24/01

Exactly, except.... tommy higbee | 09/24/01

windows used more Tech Locksmith | 09/24/01

IIS vs. Apache Campus Corners | 09/24/01

re: Windows used more rami.aubourg@... | 09/25/01

Worms/viruses and n*x ninewands | 09/26/01

Linux vs Windows Security dennismoran@... | 06/14/02

Not totally true zachowland@... | 06/14/02

IIS vs. Apache ninewands | 09/26/01

As it should be. drew@... | 09/29/01

Misleading? Tech Locksmith | 09/24/01

yes by #'s misleading rpgmr | 09/24/01

Speaking my language matooo@... | 09/26/01

Why not a qualitative review? D. Brock | 09/26/01

'scuse me ?? drew@... | 09/29/01

Any other apps you want to count to? K.I.S.S. | 09/24/01

Yes, actually... efindel@... | 09/26/01

Security-Focused Versions efindel@... | 09/26/01

Other apps to count ... ninewands | 09/26/01

Using MS logic... D. Brock | 09/26/01

what the f..... are you typing?????!!!! matooo@... | 09/26/01

Re: what the f..... are you typing???!!! ninewands | 09/26/01

haha Quake Kid | 09/27/01

Re: IIS split from NT/2k??? Dave Buckner | 01/01/02

Good Bugs / Bad Bugs dbmullin | 09/24/01

Redmond may be stirring moehrinp@... | 09/24/01

Good vs Bad Tech Locksmith | 09/24/01

Unix (Linux) bugs are worse to me... claymuir | 09/24/01

Linux bug fixes aren't only up to you wdyson@... | 09/25/01

That's your take on the situation ... ninewands | 09/26/01

What you on? drew@... | 09/29/01

Yeah... drew@mutherboard.dyndns.org claymuir | 09/30/01

Good vs Bad ninewands | 09/26/01

Windows bugs are more serious mion@... | 09/26/01

very valid point drew@... | 09/29/01

What happened?? Quake Kid | 09/24/01

ok Quake Kid | 09/24/01

Apples and Oranges? tnash@... | 09/24/01

agreed drew@... | 09/29/01

Not just the OS eddie.glebocki@... | 09/24/01

Free vs. Commercial Software euri | 09/24/01

free vs commercial Tech Locksmith | 09/24/01

free vs commercial rami.aubourg@... | 09/25/01

I don't get it drew@... | 09/29/01

free vs commercial ninewands | 09/26/01

ya know.. drew@... | 09/29/01

can't figure it out drew@... | 09/29/01

Inconsistant scrutiny across platforms Jon O'Brien | 09/24/01

inconsistant Tech Locksmith | 09/24/01

Two edges... rami.aubourg@... | 09/25/01

Good Point. admin@... | 09/26/01

Don't know, but zachowland@... | 09/26/01

Are you kidding??? Yule | 09/26/01

Bad code doesn't make it wdyson@... | 09/25/01

That's not how hackers generally work D. Brock | 09/26/01

that's not how Tech Locksmith | 09/26/01

That's hysterical! admin@... | 09/26/01

Closed source . . . zachowland@... | 09/26/01

closed source more bugs just in kernel Tech Locksmith | 09/27/01

huh? drew@... | 09/29/01

"Since BEFORE OS'es"???? jshilling@... | 10/17/01

Old? Gar Nelson | 10/26/01

hmmm could be. drew@... | 09/29/01

Odd ... ninewands | 09/26/01

thats right. drew@... | 09/29/01

all the apps wdyson@... | 09/25/01

not only that . . . zachowland@... | 09/26/01

just recently drew@... | 09/29/01

Too bad... Packratt | 09/24/01

too bad Tech Locksmith | 09/24/01

True... Packratt | 09/24/01

I would like to see more numbers GrantR | 09/24/01

like to see more Tech Locksmith | 09/24/01

Linux GOOD, W2K BAD Quake Kid | 09/24/01

linux is good Tech Locksmith | 09/24/01

No, but you did misuse Bugtraq stats! chrisw01 | 09/26/01

Beginners on Linux wdyson@... | 09/25/01

Mandrake??? zachowland@... | 09/26/01

Ummmmm.... yeah. admin@... | 09/24/01

type of administrator cybersekkin@... | 09/24/01

admin and OS rami.aubourg@... | 09/25/01

No offense . . . zachowland@... | 09/26/01

re: no offense rami.aubourg@... | 09/27/01

Bug or Feature? Bucky Kaufman (MCSD) | 09/24/01

It's more complicated than you write... null | 09/24/01

can't make silk out of a sows ear cybersekkin@... | 09/25/01

Way to fix windows zachowland@... | 09/26/01

Keep the GUI!!???? eberend@... | 01/01/02

Food for Thought..... etingley@... | 09/26/01

Food for thought - Part 2 etingley@... | 09/26/01

Microsoft does care about little guys. admin@... | 09/26/01

Yep, Bill LOVES little guys... Packratt | 09/26/01

East Timor admin@... | 09/26/01

Food Tech Locksmith | 09/26/01

Ease of Installation is A Negative alex@... | 09/26/01

ease of Tech Locksmith | 09/27/01

I enjoyed this article admin@... | 09/26/01

Enjoyed Tech Locksmith | 09/27/01

Me too Quake Kid | 09/27/01

Microsoft's Responsibility vs Linux' fjw101@... | 11/30/01

Rant Alert :P paul2002 | 12/01/01

Another 2 cents since it still pops up Raymond W. | 12/31/01

Security is more than just bugs Scott.Geiger | 12/31/01

Netware rengland@... | 05/08/02

Windows vs *nix Security dennismoran@... | 06/14/02