Lock IT Down: By the numbers: Comparing Windows security to Linux

A comparison of security vulnerabilities in Windows 2000 and Linux

In TechRepublic discussions about the virtues of Linux vs. Windows, Linux enthusiasts love to point out that their OS is much more secure. They complain that Windows and its applications are full of bugs and poorly written code and that Windows is more susceptible to viruses.

Of course, administrators who work primarily with Windows take exception to these arguments. They believe that Windows can be secured just as well as any other operating system and that Windows is simply targeted more often because its use is so widespread.

One way to get to the bottom of this dispute is to look at the numbers. In this case, let’s examine the statistics on discovered vulnerabilities tracked by Security Focus Bugtraq. One word of warning: These numbers may just surprise you.

Buqtraq vulnerabilities 2001
Table A shows a cumulative list of vulnerabilities discovered so far in 2001.

Buqtraq vulnerabilities 2000
Table B shows the 2000 vulnerabilities listed by the same source.

The bottom line
As these numbers illustrate, Windows NT 4.0 was the leader in bugs identified during 2000. But Linux was not far behind. And in 2001, Windows 2000 has stabilized a bit and is actually running in the middle of the pack. One logistical note: It wouldn’t be fair to add those Linux bug numbers together—most are the same bugs across every platform. However, the conclusion here is that there is obviously a comparable number of security problems with the various flavors of Linux, as well as Sun’s Solaris, as there are with Windows NT 4.0 and Windows 2000.

Ultimately, with the vast number of individuals and businesses using Microsoft software, any flaws in the Redmond product are magnified because of their sheer impact. All this doesn’t mean that I don’t like Linux or that I’m a champion of Bill Gates and his Microsoft cronies. But I believe that simply because of its vast market share, Microsoft should be feeling a tremendous responsibility to make certain that its software isn’t just profitable. It should also be as secure as it can be made because any problems will have such a huge impact. Unfortunately, the Redmond giant doesn’t appear to feel that responsibility.

Microsoft should continue to have its feet held to the fire when a mistake is found. Conversely, Linux bugs will continue to be minor news unless that OS gains a larger share of the world’s computers and thus seriously impedes the work of many businesses and consumers.

What do you think about these numbers?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.


Editor's Picks