Linux more vulnerable than Windows, claims US report

News Analysis

Linux more vulnerable than Windows, claims US report

A study by the US Computer Emergency Readiness Team has created controversy after it said that more vulnerabilities were found in Linux/Unix systems than in Windows last year.

The report, Cyber Security Bulletin 2005, claimed that out of 5,198 reported flaws, 812 were found in Windows, yet 2,328 were found in open source Unix/Linux systems. The rest were declared to be multiple operating system vulnerabilities.

The report predictably attracted criticism from the open source community, with Linux vendor Red Hat saying the vulnerabilities had been wrongly tagged, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorised," said Mark Cox, a consulting software engineer at Red Hat.

"Firefox is categorised as a Unix/Linux operating system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."

He added that Linux operating systems were more secure for businesses than Windows platforms, as fewer vulnerabilities were critical and patches were brought out more quickly.

This debate between Linux and Windows over which is more vulnerable just won't go away. But what should be a worry is surely that there were 5,198 flaws in the first place.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy