Flaws in Windows trail open-source vulnerabilities

US-CERT recorded more than 5,000 security vulnerabilities in 2005, with nearly half of the total affecting the Linux, Unix and Unix-based Mac OS X platforms. Linux/Unix bugs outnumbered Windows flaws by nearly three to one, according to US-CERT.

Meanwhile, security firm Secunia reported similar proportions of advisories, but found that a number of critical Windows flaws had been left unpatched, while a typical Linux distribution had no unpatched vulnerabilities.

The security organization said a total of 5,198 vulnerabilities were reported, including 2,328 for Linux and Unix, or about 45 percent of the total.

Windows was affected by 812 flaws, and a further 2,058 were cross-platform. The vulnerabilities include applications such as Web browsers and music players as well as operating system components.

The figures may come as a surprise considering Windows' ongoing reputation for security problems, but doesn't necessarily reflect the overall security of the platform. For example, the Linux/Unix figures include large numbers of updated vulnerability advisories, while the Windows list includes only a handful of updates.

The raw figures also don't indicate the impact of a flaw. No Unix/Linux/Mac bug has caused anywhere near the panic currently being generated by the unpatched WMF flaw in Windows, partly because of Windows' near-complete dominance of the desktop PC market.

Secunia's figures offer more detail, though they tally up vulnerabilities differently from US-CERT. Secunia counted 45 vulnerabilities affecting Windows XP for 2005, up from 29 in 2004.

That total includes ten unpatched bugs, among which are the WMF bug and another unpatched, highly critical bug from April affecting the Jet Database Engine.

Over the same period, Secunia counted 136 flaws in Red Hat's flagship operating system, Red Hat Enterprise Linux Advanced Server 4. The discrepancy is partly accounted for by the inclusion of applications -- such as Thunderbird and Firefox -- in the Linux list; Windows applications aren't included in the Windows list.

There were a similar proportion of flaws in 2005 marked "highly critical" or "extremely critical" -- 24 percent for Red Hat and 31 percent for Windows XP. But in contrast to the Windows flaws, none of the Linux bugs were left unpatched, according to Secunia.

Apple's Mac OS X was the subject of 22 advisories in 2005, Secunia said. However, some of those advisories were for Mac updates covering several vulnerabilities. Two less-serious flaws from December are as yet unpatched. Forty percent of the Mac advisories covered "highly critical" or "extremely critical" bugs.

Suse Linux Enterprise Server 9 was the subject of 77 advisories last year, many of which, as with Apple, were cumulative updates covering several flaws. None of the flaws were unpatched.

Debian 3.1, a highly popular but less commercial distribution, was the subject of 181 advisories last year, of which one less-serious bug was not patched. Thirteen other flaws were only partially fixed, according to Secunia.

The subject of Linux's security compared with that of Windows is a thorny one, and there are no figures offering a one-to-one comparison. Besides the difference in market share, Windows is mainly used on the desktop while Linux is most popular on servers, presenting quite different security issues.

Several studies, some sponsored by Microsoft, have questioned Linux's security, but most such reports have been debunked as inaccurate.

A report from Yankee Group last year showed that in the midst of such propaganda efforts, Linux is still seen as more secure than Windows.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?