Flaws in Windows trail open-source vulnerabilities

US-CERT recorded more than 5,000 security vulnerabilities in 2005, with nearly half of the total affecting the Linux, Unix and Unix-based Mac OS X platforms. Linux/Unix bugs outnumbered Windows flaws by nearly three to one, according to US-CERT.

Meanwhile, security firm Secunia reported similar proportions of advisories, but found that a number of critical Windows flaws had been left unpatched, while a typical Linux distribution had no unpatched vulnerabilities.

The security organization said a total of 5,198 vulnerabilities were reported, including 2,328 for Linux and Unix, or about 45 percent of the total.

Windows was affected by 812 flaws, and a further 2,058 were cross-platform. The vulnerabilities include applications such as Web browsers and music players as well as operating system components.

The figures may come as a surprise considering Windows' ongoing reputation for security problems, but doesn't necessarily reflect the overall security of the platform. For example, the Linux/Unix figures include large numbers of updated vulnerability advisories, while the Windows list includes only a handful of updates.

The raw figures also don't indicate the impact of a flaw. No Unix/Linux/Mac bug has caused anywhere near the panic currently being generated by the unpatched WMF flaw in Windows, partly because of Windows' near-complete dominance of the desktop PC market.

Secunia's figures offer more detail, though they tally up vulnerabilities differently from US-CERT. Secunia counted 45 vulnerabilities affecting Windows XP for 2005, up from 29 in 2004.

That total includes ten unpatched bugs, among which are the WMF bug and another unpatched, highly critical bug from April affecting the Jet Database Engine.

Over the same period, Secunia counted 136 flaws in Red Hat's flagship operating system, Red Hat Enterprise Linux Advanced Server 4. The discrepancy is partly accounted for by the inclusion of applications -- such as Thunderbird and Firefox -- in the Linux list; Windows applications aren't included in the Windows list.

There were a similar proportion of flaws in 2005 marked "highly critical" or "extremely critical" -- 24 percent for Red Hat and 31 percent for Windows XP. But in contrast to the Windows flaws, none of the Linux bugs were left unpatched, according to Secunia.

Apple's Mac OS X was the subject of 22 advisories in 2005, Secunia said. However, some of those advisories were for Mac updates covering several vulnerabilities. Two less-serious flaws from December are as yet unpatched. Forty percent of the Mac advisories covered "highly critical" or "extremely critical" bugs.

Suse Linux Enterprise Server 9 was the subject of 77 advisories last year, many of which, as with Apple, were cumulative updates covering several flaws. None of the flaws were unpatched.

Debian 3.1, a highly popular but less commercial distribution, was the subject of 181 advisories last year, of which one less-serious bug was not patched. Thirteen other flaws were only partially fixed, according to Secunia.

The subject of Linux's security compared with that of Windows is a thorny one, and there are no figures offering a one-to-one comparison. Besides the difference in market share, Windows is mainly used on the desktop while Linux is most popular on servers, presenting quite different security issues.

Several studies, some sponsored by Microsoft, have questioned Linux's security, but most such reports have been debunked as inaccurate.

A report from Yankee Group last year showed that in the midst of such propaganda efforts, Linux is still seen as more secure than Windows.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Essentials

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?