Browser

Secunia reports Red Hat and Firefox way buggier than Microsoft's products

Danish security firm Secunia has reported that bugs in open-source code, such as Red Hat Linux and the Firefox browser, were way above those in Microsoft's products last year.

Danish security firm Secunia has reported that bugs in open-source code, such as Red Hat Linux and the Firefox browser, were way above those in Microsoft's products last year.

An excerpt from TechWorld:

Out of the operating systems monitored by Secunia - Windows (98 and onwards), Mac OS X, HP-UX 10.x and 11.x, Solaris 8, 9, and 10 and Red Hat (excluding Fedora) - Red Hat was found to have by far the most vulnerabilities, at 633, with 99 percent found in third-party components. (Linux distributions are generally composed mostly of third-party software, which is integrated by the distributor.)

In the browser field, Firefox led the way with 64 bugs, compared to 43 for Internet Explorer, and 14 each for Opera and Safari.

The figures are contended by Red Hat. However, the more relevant fact is the pace at which the reported bugs are fixed, and it is here that perhaps Microsoft can take a few points from open-source books.

Secunia reported several vulnerabilities in CA's products as well.

On a larger note, is the discovery of more bugs in open source going to hamper its adoption?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

70 comments
Jaqui
Jaqui

of an exploit listing summary for last week. The issue becomes clear when you look at the breakdown below, supplied by SANS.org, which clearly identifies that their listing is not just exploits, it also included status updates [ which usually means patch announcements ] ... Sans also breaks their counts down into more finely grained categories than Secunia does. then go further down.. Summary of Updates and Vulnerabilities in this Consensus Platform Number of Updates and Vulnerabilities - ------------------------ ------------------------------------- Microsoft Office 1 (#1) Other Microsoft Products 1 (#10) Third Party Windows Apps 10 (#3, #6, #7, #8, #9) Linux 4 Apple 2 (#2, #12) Cisco 1 (#4) BSD 3 Solaris 3 Cross Platform 23 (#5, #11) Web Application - Cross Site Scripting 8 Web Application - SQL Injection 22 Web Application 17 Network Device 3 ******************** and look below here to see the base listing style used by Secunia. Secunia is counting the announcement of PATCH availability as well as vulnerability announcements in their stats for exploit rates,forgetting that a patch is not another exploit, and shouldn't be included in the total tally for their "annual" report. The Secunia Weekly Advisory Summary 2008-01-17 - 2008-01-24 This week: 79 advisories 4) Vulnerabilities Summary Listing Windows: [SA28599] Lycos FileUploader Module File Upload Component ActiveX Control Buffer Overflow [SA28595] HP Virtual Rooms Install HPVirtualRooms14 Class ActiveX Control Buffer Overflow [SA28557] Toshiba Surveillix RecordSend Class ActiveX Control Buffer Overflows [SA28563] Microsoft Visual Basic ".dsr" File Handling Buffer Overflows [SA28639] Web Wiz Rich Text Editor "sub" Directory Traversal Vulnerability [SA28601] Web Wiz Forums Directory Traversal Vulnerabilities [SA28586] IBM WebSphere Business Modeler Repository Deletion Security Issue [SA28578] BitDefender Update Server HTTP Server Directory Traversal Vulnerability UNIX/Linux: [SA28590] Citadel SMTP "makeuserkey()" Buffer Overflow Vulnerability [SA28587] Fedora update for clamav [SA28570] Gentoo update for netscape-flash [SA28631] HTTP File Server Multiple Vulnerabilities [SA28614] Debian update for libvorbis [SA28612] HP-UX ARPA Transport Unspecified Denial of Service Vulnerability [SA28610] Debian update for exiv2 [SA28602] Gentoo update for tikiwiki [SA28583] Red Hat update for wireshark [SA28564] Red Hat update for wireshark [SA28555] Mandriva update for cairo [SA28548] Debian update for flac [SA28546] Debian update for horde3 [SA28607] Avaya Products httpd Multiple Vulnerabilities [SA28591] Fedora update for mantis [SA28589] ELOG Script Insertion and Denial of Service Vulnerabilities [SA28569] Gentoo update for libcdio [SA28551] Debian update for mantis [SA28549] Debian update for tomcat5.5 [SA28545] Fedora update for boost [SA28541] Fedora update for e2fsprogs [SA28643] Red Hat update for kernel [SA28592] Fedora update for xorg-x11-server [SA28616] Mandriva update for x11-server-xgl [SA28609] IBM AIX Multiple Vulnerabilities [SA28571] Mandriva update for libxfont [SA28559] rPath update for mysql [SA28558] rPath update for kernel [SA28550] Sun Solaris X Window System and X Server Multiple Vulnerabilities [SA28544] Red Hat update for libXfont [SA28543] Red Hat update for xorg-x11-server [SA28542] Red Hat update for XFree86 [SA28540] SUSE update for Xorg and XFree [SA28539] Debian update for xorg-server [SA28574] Ubuntu update for apt-listchanges Other: [SA28625] Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability [SA28553] OKI C5510MFP Configuration Interface Security Issues Cross Platform: [SA28580] phpAutoVideo File Inclusion and Cross-Site Scripting [SA28568] Small Axe Weblog linkbar.php File Inclusion Vulnerabilities [SA28556] HP Oracle for OpenView Multiple Vulnerabilities [SA28640] SDL_image Two Buffer Overflow Vulnerabilities [SA28624] PHP-Nuke "modules/Search/index.php" SQL Injection [SA28619] Liquid-Silver CMS "update" Local File Inclusion [SA28617] aconon Mail "template" Information Disclosure [SA28606] Interstage HTTP Server Multiple Vulnerabilities [SA28605] PacerCMS Multiple Vulnerabilities [SA28594] aflog SQL Injection and Script Insertion Vulnerabilities [SA28588] WebSphere Application Server Two Vulnerabilities [SA28581] AlstraSoft Forum Pay Per Post Exchange "catid" SQL Injection Vulnerability [SA28576] IBM WebSphere Application Server serveServletsByClassnameEnabled Vulnerability [SA28572] MyBB SQL Injection and Cross-Site Request Forgery Vulnerabilities [SA28567] WordPress WP-Forum Plugin "user" SQL Injection [SA28566] Famp3 "id" SQL Injection Vulnerability [SA28565] FaPersianHack "id" SQL Injection Vulnerability [SA28560] Clever Copy SQL Injection and Cross-Site Scripting [SA28547] Openfire Jetty Information Disclosure Vulnerability [SA28562] AXIGEN Mail Server AXIMilter Format String Vulnerability [SA28633] Drupal Workflow Module Workflow Message Script Insertion [SA28632] Drupal Archive Module Unspecified Cross-Site Scripting [SA28629] MediaWiki Cross-Site Scripting Vulnerability [SA28622] Mozilla Firefox "chrome:" Directory Traversal Security Issue [SA28593] WordPress Permalinks Migration Plugin Cross-Site Request Forgery [SA28582] OZJournals "id" Information Disclosure Vulnerability [SA28579] ISC BIND libbind "inet_network()" Off-By-One Vulnerability [SA28577] Mantis "Most Active" Script Insertion Vulnerability [SA28573] singapore "gallery" Cross-Site Scripting Vulnerability [SA28561] cPanel Leech Protect "rurl" Cross-Site Scripting [SA28604] IBM Tivoli Provisioning Manager for OS Deployment HTTP Server Denial of Service [SA28603] IBM Tivoli Business Service Manager Password Disclosure [SA28613] Kayako SupportSuite "syncml/index.php" Information Disclosure [SA28552] Apache Tomcat SingleSignOn Information Disclosure ========================================================================

3razZz3r
3razZz3r

According to Secunia 2007 Report: http://secunia.com/gfx/SECUNIA_2007_Report.pdf "Red Hat was found to have the most number of vulnerabilities (633), with 99% (629 vulnerabilities) due to third-party components." Red Hat Kernel vulnerability = 4 3rd-party component vulnerability = 629 "Solaris, which had a total of 252 vulnerabilities, came next and had 80% (201) due to third-party components. " Solaris Kernel vulnerability = 51 3rd-party component vulnerability = 201 "Apple Mac OS X came third with 235, 62% (146) of which is due to third-party components. " OS X Kernel vulnerability = 89 3rd-party component vulnerability = 146 "Fourth came Windows with 123, but with only 4% due to third-party software." Windows Kernel vulnerability = 118 3rd-party component vulnerability = 5 "Last came HP-UX with 75 vulnerabilities, 81% (61) of which are due to third-party software." HP-UX Kernel vulnerability = 14 3rd-party component vulnerability = 61 In terms of the number of kernel vulnerabilities, Windows comes first with 118, followed by Max OS X with 89. Why can't people simply present facts as they are?

lsatenstein
lsatenstein

How do you classify a bug? Is a buffer overflow in a user logon a system comprimise? I would like to see the definion using a level playing field. Take XP or Vista, and a normal (non-administrative) user. Take a linux logon which does not have root privileges. Compare the two with the bugs identified in each. Tell me after the exercise, which system was comprimised, and by how many programs. I am willing to bet that the bugs reported for either system are only bugs if the XP user has administration privileges and the Linux user has root privileges. That is, I think the outcome of the above test would be a tie.

yoplait
yoplait

On simple comment : Don't put all your eggs in the same basket. One source telling something is too little. I don't trust this study. Yoplait.

mrjay67
mrjay67

I think the issue is not with the "bugs", but with general usability. I know this comment is veering off topic slightly but ease of use will hamper people using it more than the bugs will. Unless of course that is one of the bugs. Distros like (K)Ubuntu are making it a bit more enjoyable, but until people in general become more savy or Linux makes things as easy as Windows, it will be hampered. Most of the time the bugs and issues found do not directly effect me or the average person anyway(not that they can't - just what are the odds). So, no I don't believe the bugs are an issue unless they are overly reported and make it seem worse than it is.

Lovs2look
Lovs2look

After using firefox for ages, but not linux so much, I can report that I haven't managed to exploit or find these bugs. Even if they do have them, they will always be superior to M$ stuff due to the open source-ness of their nature. Software for the people, by the people.

jackie40d
jackie40d

This sounds like a Paid for search by MS . . follow the money is the normal statement for this . . SO I will stick with my Linux and running windows inside of it . .

TheGooch1
TheGooch1

Lets see, Red Hat has a large number of products...which one(s) are there a large number of bugs. Firefox..many versions out there, do they mean Firefox 2.0? which revision? When they say Linux, do they mean the stock Linux kernel, one of the many differently configured/built kernels? Or do they mean a Linux distrubution, which is the kernel plus related applications to make it useful as an OS? Microsoft has a billion ( meaning, a lot ) of software products, which ones are buggy? Sigh, this article is buggy.

Jaqui
Jaqui

The most important aspect of that is: with 99 percent found in third-party components. 627 bugs from 3rd party software, so Red Hat was responsible for 6 bugs. Secunia is usually more accurate when they use specific numbers than to blame a distro for bugs in software the distro did not write. Red Hat's contention that the speed of patching is important is a very valid point. I've been following Secunia's reports for the last year, and most of the "Linux" bugs were patches for php, fixing a lot of the long standing security issues with it's existing functions. There were patches for the kernel, but nowhere near even 100, yet the KERNEL is LINUX, everything else is different software. Only kernel bugs are Linux bugs.

jdclyde
jdclyde

There are a few things to look at. Severity of the exploit How long it takes to deploy the fix How trust worth and open are the vendors when an exploit is found How many total exploits are found? Do not mix and exploit with a bug. Do not mix OS with applications If doing a comparison, you do not compare a current product with a legacy product. Throwing Fedora into the mix is the same as if I threw WinME in. Clearly would not be an accurate reflection, and is intentionally done to distort/misrepresent/mislead/LIE about a product. 99% found in third party....

jmgarvin
jmgarvin

How many bugs does MS not tell us about or sweep under the carpet? I'm looking at you WMF flaw.

pr.arun
pr.arun

But on a larger note, is the discovery of more bugs in open-source hamper its widespread adoption?

ben@channells
ben@channells

Over the last 5 years windows has had less than Red Hat and More than Mac OS. But SUSE linux has a much lower bug score than the above. This is nothing new as can be seen on many bug tracking site Possible the reason why Novell bought up SUSE over other Linux versions. SUSE sells more in Europe than Red Hat but Red Hat out sells SUSE in North America. The target is US IT managers with little knowledge or history of experience and young support staff ;-)

JPRuiz
JPRuiz

Either vital or just a non-negotiable want. Many users, both regular end users and savvy IT personnel are just not willing to do away with the convenience and speed of the point and click architecture that MS has on all its products.

angrykeyboarder
angrykeyboarder

I've not been able to find and exploit bugs in any software. Almost all "serious" bugs are still things that are quite obscure (be it in Windows, Word, Firefox or F-Spot). P.S. Using "M$" is soooo childish.

chente.z.m
chente.z.m

Ok in the years i've been using both OS, meaning i've started with windows and then changed to linux, i've seen like hundreds of bugs in windows, when in linux i've seen very feew, and third party most of them, linux rules

tmcclure
tmcclure

If you read the report in more detail I think you will find that Microsoft has the most bugs for the "OS". Otherwise the results are skewed because of 3rd party componenets. So what are comparing then?

shardeth-15902278
shardeth-15902278

Didn't even think about that. Comparing a product's first year to a competitors second year is really not a valid comparison. Nice catch.

photocrimes
photocrimes

Ok, major problem with that. If we are including 3rd party software, where is Microsoft and Mac's third party software? How can you base a statistic off an unequal playing field? Would those numbers look as good if you included all of the windows software in the stats for the OS? SuSE alone comes bundled with over 1500 third party apps, and no it doesn't install them all by default. Why include a flaw in something like Apache and count it against Linux if most people don't even install it unless they are building a web server? I could argue that because 90% of the public gets Windows bundled on their new PC which also includes a boatload of 3rd party apps it really is no different than a Linux distro in the way it is received by the public. Thus, third party apps should count against them as well.

angrykeyboarder
angrykeyboarder

It seems to me they can't really get away with sweeping them under the carpet. Considering that most (if not all) of bugs are initally reported by third parties and not Microsoft itself. Thanks to Securina, SecurityFocus, Full Disclosure and so forth, MS can't really hide much of anything bug wise.

alxnsc
alxnsc

Even if more buggier it is more functional. BTW, do MS Vista bugs stimulate sales? What about IE 7 false warnings on non MS-certificates reliability? What about MS IE 7 protection against MS ActiveX? What about memory size limitations of MS Windows? Why is MS software not fit to use modern hardware? Why is MS so retarded? ... So hindering technology progress? Why do business and governmental organizations stick to the old and outdated MS XP? BTW, even Bill Gates dropped MS...

Frau Blucher
Frau Blucher

I just wanna know how much Microsoft paid Secunia to say that...

just another guy
just another guy

Why should it hamper open source projects? At least with open source you can hire someone to fix the problem if the developers in charge won't do it. Try hiring someone to fix the bugs in Windows. Or DreamWeaver. Bugs didn't stop them from being successful. The folks at Macromedia (now part of Adobe) still haven't fixed fatal, crash producing bugs I reported to them in Ultradev 4. All that is required is a commitment to quality, not actual quality. That is to say, it's about managing perception. That is something that a company like Microsoft can do, but open source cannot. Red Hat might be able to manage perception to some degree, but the Apache project doesn't have a marketing department dedicated to manipulating the feeling of the general public about Apache. OS/2 was a superior product to Windows when it came out, but success requires more than a superior product. Some might bring up that the Mac OS has always been, and continues to be, superior to Windows. So much for the value of being better. Sean

Larry the Security Guy
Larry the Security Guy

Did the discovery of bugs hamper the widespread adoption of Windows? Apparently not. But there are those who look for any excuse to downplay or dismiss open source, this is is a great excuse when taken out of context. Is open source software really buggy? It could be, depending upon the release mechanism. Is it easier to find bugs in open source software? I think so because, as its classification states, the source is open. Anyone with the skills can examine the source and even make repairs. Closed source, on the other hand, relies exclusively on those employed by the source owner, who might not have bug hunting on their task list. Are bugs in open source products more quickly squashed? I think so for at least the reason stated above. Is Microsoft learning from the open source community and producing fixes that actually eliminate bugs and don't introduce new ones? Possibly, and that's only a good thing.

dagblakstad
dagblakstad

Comparing Windows with Red Hat Linux is pretty useless. Red Hat Linux contains a vast range of software. For a more correct comparison you would probably have to include MS Office, MS SQL server + another RDBMS, IIS, all MS development language compilers and a lot more. On the other hand one could restrict Red Hat bugs to those found in the Kernel, one of the supported filesystems, drivers for general HW and a GUI. Without having the facts I would guess this would be in favour of Red Hat.

Melisa
Melisa

Palamida's role in open source vulnerability detection has allowed us, after scanning over 300 million lines of code in 2007, to see a distinct pattern in organizations using open source. Primarily, they did not realize that they were using outdated, unpatched versions of open source and thus, they harbored multiple vulnerabilities (see our Top 5 Most Overlooked Open Source Vulnerabilities blog). These companies had already adopted open source, were generally okay with its use, and felt that they had the tracking and use policies under control. What we find, again and again is that organizations have no idea how much open source they are using, where it's at, and whether it's secure. In terms of open source being buggier. We think the opposite is true. Due to the size and responsiveness of open source project communities, most bugs are worked out extremely fast. Whether an organization has adopted a buggy version and didn't upload the most recent fixes, that's the real question. With no active mechanism in place to push out the "latest" oss projects, it's up to the developers to ensure that they have the latest and greatest, and by regularly scanning during the build to ensure that they do, this would be a low level issue. Melisa LaBancz-Bleasdale, Palamida

randd
randd

I've never had a BSOD with Firefox. I can't say that with IE.

shardeth-15902278
shardeth-15902278

I assume 'bug' in this case refers to both exploitable holes, and hair-pulling annoyances? What application set? Just redhat base install compared to windows? Is that even close to a feature for feature comparison? what is matching up to wordpad? notepad? Is tehre really even a reasonable way to make a valid comparison here, or are they trying to compare the performance of a Ferrari and a Mack Truck, because both are automobiles?

mike
mike

Millions of eyes looking at source code are always going to find more bugs than a handful of people who are able to say "no one will ever be able to figure out that exploit", and then ignore it.

boxfiddler
boxfiddler

More buggier is incorrect; should be more buggy or just plain buggier. And is the discovery... should be 'does' the discovery... Sorry, but professional writers ought to look like professional writers. FWIW, I regulary email all sorts of websites with their spelling and grammar errors. Certain professional news sites are beginning to look like 8th graders write for them (this last comment is not aimed at you). edit to add: pr.arun I do not mean to offend. Forgive me please if I have offended you. I'm a teacher and sometimes I just cannot resist the impulse to offer correction. Tigger is correct - your English spelling and grammar are much better than that of most.

hlhowell
hlhowell

It came from Xerox PARC. Care to explore and discover the OS? In point of fact, Microsoft has put up this facade of Windows being the OS, when in reality it is just the user Interface. Gui's come in many flavors, and can be application specific, desktop specific or simply an envelope for running an application (such as X windows or Microsoft Windows). The OS consists of the ability to start up the system and load essential libraries of drivers and at least one interface for the user (User Interface). Adding graphics to the User Interface makes it a Graphical User Interface (GUI.) Check out the fact that there are multiple GUI's available in Linux, and on other systems, but only one on Microsoft products. But they have problems with just that one, not to mention literally a hundred megabytes or more of code and junk to make it run. Even with a minuscule error rate, hundreds of megabytes would leave you with hundreds or thousands of potential problems. Just statistically it is a nightmare. Add to that the fact that real hackers just disassemble the code they are interested in, or poke at some area automatically until a flaw is discovered, then disassemble the area where the flaw occured, and proprietary software is not secure. They don't use Microsoft tools to do this, so the stupid microsoft lockout doesn't hobble them at all. Code exists, and can be returned to machine language, or even in many cases reverse compiled if the hacker is astute enough and wants that level of access. As to bug counts, the sources used for finding and documenting bugs are different. The mechanisms are different and the culture is different. Microsoft VISTA is the pinnacle of their capability to date. How many of you use it professionally? Regards, Les H

jmgarvin
jmgarvin

You claim that there is convenience and speed in the point and click interface in many MS products? Then why did Exchange move to a more command line driven tool? Why are is MS focusing on more robust command line based tools.

angrykeyboarder
angrykeyboarder

You can't really compare the Windows OS to the "RedHat" (i.e. RedHat GNU/Linux) OS. 1. GNU and the Linux kernel are combined to create an OS. 2. Many programs included with RedHat Linux aren't even from RedHat or GNU. So there is no way to make a real comparison between Windows and RedHat Linux (or any other distro). It's (not even) like comparing apples to oranges.

blissb
blissb

Let me start by saying I'm a hard-core Linux supporter. I have not MS products in use at home -- only SuSE and Kubuntu. Do I think the article is distorted? Yes -- there was no discussion about severity, exploitability, or any of the other important "stuff." However -- there is a fairness thing that kind of sticks out to me. That's the whole "third party" thing. We feel justified pointing to an IIS bug/exploit/hole/whatever and saying "see how bad Windows is!" But woe be unto he who points out an Apache flaw that effects Linux systems, and says "See, Linux isn't perfect, either." (which of course is wrong, because Linux is perfect! :) Perhaps it's time to compare kernel to kernel and app to app, and see what falls out...

apotheon
apotheon

Microsoft doesn't really have to hide much to skew the results. The last time I tried to submit a bug to an open source software project, I just submitted it. There was this handy bug-submission interface, and the bug immediately went into the issues tracking database for the project. It was then visible and available for all to see, publicly, on the Internet. The last time I tried to submit a bug to Microsoft, the company tried to charge me for the privilege of submitting a bug report. Is it any wonder Microsoft reports fewer bugs than other software providers?

Tony Hopkinson
Tony Hopkinson

If no one reports them they aren't bugs a far as the official stats are concerned. Open source you get warts and all, closed source you need to sober up and wait 'til morning.

jmgarvin
jmgarvin

Then why do bugs like the WMF flaw hang around for over a decade?

angrykeyboarder
angrykeyboarder

I seriously doubt Mozilla or RedHat (or the Fedora Project) have *millions* of developers. That's a bit of an overstatement don't you think? Sure, they have more developers than Microsoft, but to say they have "millions" is absurd.

mhbowman
mhbowman

What's your opinion on the actual topic?

j.andrew.mcentire
j.andrew.mcentire

Honestly, I hope my children never have you as a teacher. Where is poetic license in your world? More buggier is a very common lingual construct in the subculture targeted by this article. Furthermore, "is the discovery" was perfectly accurate. I suppose you teach primary school somewhere rural. If you look at the rest of the sentence, the author posits (paraphrased): Is the discovery of more bugs in open-source going to effect its adoption? Is this going to effect that? Your suggestion would be to phrase it: Does this going to effect that? Sorry, but professional teachers ought to know their subject matter.

ginkep
ginkep

and RedHat with Firefox will become less buggier when Windows ;)

mdbobbitt
mdbobbitt

More buggier is incorrect; should be more buggy or just plain buggier. And is the discovery... should be 'does' the discovery... Sorry, but professional writers ought to look like professional writers. FWIW, I regulary (regularly) email all sorts of websites with their spelling and grammar (grammitical) errors. Certain professional news sites are beginning to look like 8th graders write for them (this last comment is not aimed at you). edit to add: pr.arun I do not mean to offend. Forgive me please if I have offended you. I'm a teacher and sometimes I just cannot resist the impulse to offer correction. Tigger is correct - your English spelling and grammar are much better than that of most.

Tig2
Tig2

I have sat here with a post window open trying to figure out how to say this without sounding snotty. So I'm just going to apologize in advance. But Arun does a whole lot better with English than many. And I will bet that he appreciates the input too! See the Smurf blog. Now THAT is some atrocious language! If you watch the whole thing, you will be able to hear the death cries of many brain cells you will never revive. And to an extent, I agree with you. I am in those news sites a lot. I have read some things that caused me to shake my head.

apotheon
apotheon

"[i]But small and mid sized businesses, those that outsource much of their IT needs to save money, will probably have one support guy taking care of their needs, and outsourcing the rest. These are the companies that will not choose Linux, knowing that the support and usability of MS is much simpler.[/i]" Since when? When I worked for an IT consultancy in Florida, I advocated for Linux servers for clients that would benefit from them, as replacements for the MS Windows servers they previously used. That advocacy was with my boss, since he was the guy that actually talked to the clients about software recommendations. He didn't really pick up my suggestions and run with them for a while. There came a time, though, when we were getting more business than we could handle. At that point, he started suggesting migration to Linux servers for the clients who were calling us about problems with their MS Windows servers the most often. They decided to listen to him, and he started having me install Linux servers at their offices. The end result: we weren't getting more business than we could handle any longer. People who had been developing problems with their MS Windows systems every couple of months now called us only when their power went out or someone got MS Windows workstations hosed up by malware (because, of course, end users seem congenitally incapable of keeping their anti-malware software up to date). The Linux systems that were installed required effectively [b]zero[/b] maintenance. In the rare case that a Linux server [b]did[/b] need some care (such as when a Linux server needed to have policies changed due to changing needs at the office), we didn't have to drive forty miles to a client's office and charge the client for the extra time spent because we could perform our maintenance remotely. At my most recent employment where I worked as a network administrator at a corporate office with mixed MS Windows and Linux systems, about 85% of the network was Linux and 15% was MS Windows. Yes, that includes workstations -- and more than three quarters of the computers were workstations (including laptops). How much of my time and energy do you think was sucked up by each OS in firefighting and general maintenance? You might guess 85% by Linux systems and 15% by MS Windows systems, but you'd be wrong. I spent about 65% of my time on the MS Windows systems. I spent about 15% of my time on the Linux systems. I spent the rest of my time in meetings, on the telephone with vendors, dealing with licensing issues, on hardware-related matters, and so on. Judging by my experience -- someone whose job description for years consisted of "the guy that has to know everything about both Linux and MS Windows" -- "support and usability" for Linux systems was far simpler than for MS Windows.

JPRuiz
JPRuiz

If you are a big company, with the adequate budget to have a fully staffed IT department, then your employees should have no problem with Linux. But small and mid sized businesses, those that outsource much of their IT needs to save money, will probably have one support guy taking care of their needs, and outsourcing the rest. These are the companies that will not choose Linux, knowing that the support and usability of MS is much simpler. In the end, small and mid sized businesses are the ones that keep the economy alive. And, technology must serve the needs of the business, not the business adapt itself to technology.

Jaqui
Jaqui

need to actually look at linux, not pay attention to MS paid for advertising. while Linux has robust command line tools, only 6 distros do NOT automatically have you in a "point and click" gui from the start. personally, I find the point and click gui to be a time waster, since it is far faster to use the command line than to use a gui.

JPRuiz
JPRuiz

The command line move is for tasks that are higher end administration and configuration tasks. The day to day administration is still point and click. Still, this is a decision that MS has made probably out of the knowledge that command line tools are more precise. Still, my company has had so many customers and potential customers refuse to even consider Linux simply out of the pure resistance to having an OS that is command line driven. Is this lazy on their part? Probably. But they still will not move away from the MS line. Bugs or no bugs, whichever alternative requires less time and effort to administrate and support will be the one business chooses. It is a matter of cost of ownership, and the point and click GUI makes it cheaper to own in the long run.

Jaqui
Jaqui

a comparison of kernels, base systems, graphics server, print server, graphic desktops, office suites, browsers .... is the way to go. but you will never find any security reporting company, such as secunia, doing so. [ hard to really compare when the cost of getting the proprietary software is so high it precludes getting it all to test. ] I'm all open source myself. no windows, no proprietary software at all. I have yet to see any severe security issues that are exploited with linux, in a decade of constant use of linux.

photocrimes
photocrimes

Totally agree. I'll be the first to tell you the Unix/Linux world is just as messy. I just can't stand it when stats are so obviously slanted against one side. It's kind of like saying "Hey look, GM as had more recalls and safety issues than Delco, so Delco products are safer!"

shardeth-15902278
shardeth-15902278

How many reported open-source bugs are same/similar, or resolved by the same fix (thus counting as 1 reported bug in the proprietary equivalent)? how many reported open-source bugs are minor things that go unreported in the proprietary equivalent (because it is not a problem that is worth the hassle or cost to report)?

apotheon
apotheon

You don't need millions looking at the source code to have millions helping with development. People reporting buggy behavior in the software as users contribute to development, too -- just as software testers at a corporate software vendor contribute to development. Still . . . with even a very narrow definition of development support, thousands is a lot more than a dozen at some commercial software vendor.

pepoluan
pepoluan

Yes, millions of eyes will be looking... at the program. Not the source code. Only thousands will actually look at the source code.

apotheon
apotheon

Something Microsoft sympathizers never seem able to grasp is the simple fact that the core dev teams of organizations like Red Hat and the Mozilla Foundation are only a small fraction of the total developers that contribute time to their projects. Every user of the software is a potential developer -- and when users find bugs, they tend to report them to the projects who take responsibilities for the software where the bugs were found. Those projects, in turn, actually accept bugs without charging a fee, admit to them, report them where appropriate, and [b]fix them[/b]. Often, those who [b]discover[/b] the bugs submit fixes, too. So, yes . . . millions.

boxfiddler
boxfiddler

As the reported bugs are mostly in 3rd party apps as regards open source, comparing 3rd party app bugs (Open Source) to OS bugs (Windows) is comparing apples to oranges. Unfortunately, I suspect that this particular report, if read by undiscriminating minds will negatively impact Linux and open source adoption by casual users. I'm not comfortable speculating on what impact it may have in the corporate/business environment.

boxfiddler
boxfiddler

""Is the discovery of more bugs in open source going to hamper its adoption?" So, that's the original sentence. Is the discovery going to hamper its adoption?" If that were the original sentence in the opening post that I quoted I would have said nothing. Below is the entirety of the post. "Open source more buggier But on a larger note, is the discovery of more bugs in open-source hamper its widespread adoption?" is hamper that. Incorrect. edit typo

j.andrew.mcentire
j.andrew.mcentire

"Is the discovery of more bugs in open source going to hamper its adoption?" So, that's the original sentence. Is the discovery going to hamper its adoption? NOT: does the discovery going to hamper. I'm from somewhere rural; I don't believe that people from rural areas are ignorant. I believe that it is more difficult to attract quality teachers to rural areas. There are exceptions. Granted, common usage does not a language make. After all, these rules were written by the gods millennia ago, who are we to change them. Who could be so audacious as to use a construct improperly for effect? Fortunately enough for me, I didn't have to take Comp 1 or 2. I tested out of them. Otherwise, I would likely have failed them. My creative writing instructor was surprised to have a student so young with such a well-defined sense of writing style. The Comp professors simply couldn't have appreciated the subtle humor of my style and, as such, would likely have graded my papers harshly.

boxfiddler
boxfiddler

"is the discovery of more bugs in open-source hamper its widespread adoption?" Is this hamper that? I don't think so. "I suppose you teach primary school somewhere rural." What, you think rural people are ignorant? Given the rate at which students flunk Comp 1 on my metropolitan campus, the city high school teachers are illiterate. to affect: have an influence or impact upon to effect: bring about results edit

pconnelly
pconnelly

Common usage of "more buggier" does not make it correct. Grammatically it is wrong. "He do" and "they is" are common usages, also. Does that mean we should accept them as proper English? The sentence structure was grammatically faulty, also.

mdbobbitt
mdbobbitt

?adjective 1. of or pertaining to grammar: grammatical analysis. 2. conforming to standard usage: grammatical speech.

just another guy
just another guy

You do realize that picking nits originates from the practice (before insecticides) of removing lice eggs from hair and clothing by hand? Ick! Anyway, back on track... the sentence could be de-clumsified by a slight rearrangement. pr.arun's grasp of (or usage of) English is much better than that of many native speakers. Of course, in this case you're really talking about his English writing skills, and not his speaking skills. Being incredible at one does not guarantee you are incredible at the other. Pick On! Sean

Timbo Zimbabwe
Timbo Zimbabwe

"pr.arun's English is much better than many English-speakers English" You forgot an apostrophe; pr.arun's English is much better than many English-speakers' English And to think that you are a teacher... ;)

boxfiddler
boxfiddler

In fact, you usually inspire me to up the ante as regards my expectations of myself. So there. Nyah.

Tig2
Tig2

And I really fought with that post to try not to offend you. I read a whole lot of news when I am researching something. I am sorely tempted to send a number of writers the entire Dr Seuss series!

boxfiddler
boxfiddler

and will edit my original post as apparently I have not made that clear. You are quite correct, pr.arun's English is much better than many English-speakers English (hmm.. that sentence is awkward but oh well). I will have to check out the smurf blog, but I am scared to after your comments related to it in that thread!