Saturday, January 07, 2006

Tech Link (Security): Windows owned Linux/Unix in 2005 US-CERT Report

Wow, according to US-CERT (United States Computer Emergency Readiness Team), Windows has lesser securities and vulnerabilities versus Linux/Unix.

I remember sometime ago, that Microsoft already released a similar report, but many scoff at that report, saying it shouldn't be a surprise that the report showed Microsoft having a better standing since it was a Microsoft sponsored survey. However, this time around, Microsoft's claim is verified and vindicated as can be shown by the latest report. Microsoft Windows shows 812 vulnerabilities accounting for ~15.62%, while Linux/Unix totalled a whooping 2328 vulnerabilities accounting for ~44.78%, and the remaining ~39.59% (2058 vulnerabilities) falls under the multiple operating systems vulnerabilities. Interesting to see Linux/Unix is the "highest pointer" in this report.

I am not a fan of any Operating System, but I mostly use Microsoft Windows and I am brain dead when it comes to Linux/Unix so I can't say any fanboyism stuff, however, I care about how fast OS developers to deploy patch when there's a need, and in this regard, I like Microsoft Windows (but of course, I am not saying Linux/Unix is slow in deploying patch, I just don't have enough experience with them). Below is the CERT report summary:
Cyber Security Bulletin 2005 Summary
2005 Year-End Index

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.

Source:US-CERT 2005 Year-End Index report

No comments: