Linux more vulnerable than Windows, claims US report

News Analysis

Linux more vulnerable than Windows, claims US report

A study by the US Computer Emergency Readiness Team has created controversy after it said that more vulnerabilities were found in Linux/Unix systems than in Windows last year.

The report, Cyber Security Bulletin 2005, claimed that out of 5,198 reported flaws, 812 were found in Windows, yet 2,328 were found in open source Unix/Linux systems. The rest were declared to be multiple operating system vulnerabilities.

The report predictably attracted criticism from the open source community, with Linux vendor Red Hat saying the vulnerabilities had been wrongly tagged, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorised," said Mark Cox, a consulting software engineer at Red Hat.

"Firefox is categorised as a Unix/Linux operating system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."

He added that Linux operating systems were more secure for businesses than Windows platforms, as fewer vulnerabilities were critical and patches were brought out more quickly.

This debate between Linux and Windows over which is more vulnerable just won't go away. But what should be a worry is surely that there were 5,198 flaws in the first place.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy