Advertisement
Promo

Security threats Toolkit

Linux and Unix 'had more vulnerabilities than Windows'

Tom Espiner ZDNet.co.uk

Published: 05 Jan 2006 17:55 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005.

Linux/Unix-based operating systems — a set that includes Mac OS X, as well as the various Linux distributions and flavours of Unix — had over twice as many vulnerabilities as Windows, according to the United States Computer Emergency Readiness Team (US-CERT), which is part of the US Department of Homeland Security.

The report — Cyber Security Bulletin 2005 — was published last week and found that out of 5,198 reported vulnerabilities, 812 were Windows operating system vulnerabilities, while 2,328 were Unix/Linux operating vulnerabilities. 2,058 were multiple operating system vulnerabilities.

However, the popularity of Windows means it is still much more likely to be attacked than Linux, according to security firm McAfee.

"In the Windows vs Unix debate, the number of vulnerabilities is less relevant than the amount that are turned into successful attacks. We see far more successful attacks against Windows, because it's the most common environment," Greg Day, security analyst at McAfee, told ZDNet UK.

"As Linux becomes more common, we'll see more attacks against it," Day added.

McAfee recommended firms look more at the probability of attack, rather than whether an attack is possible.

CERT's report did not include figures for how quickly vulnerabilities are patched once they are discovered. According to security firm Secunia, 124 of its security advisories relate to flaws in Windows XP Professional, of which 29 are unpatched — which gives it a lands Microsoft's operating system with a "Highly Critical" security rating.

In contrast, Red Hat 9 is affected by 99 Secunia warnings, but only one of these flaws has not been patched by Red Hat. SuSE Linux Enterprise Server 9 is covered in 91 advisories, but every one has been patched by the vendor. Both products get a 'Not Critical' rating.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
88 out of 201 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

9 comments

  1. These statistics mean nothing - one of the biggest... Matt Webber
  2. If you read that then read this too. http://t... Anonymous
  3. Can't reporters do MATH???? Geez, they're su... Anonymous
  4. What matters isn't the amount of vulnera... Anonymous
  5. So ALL UNIX like operating systems combined had ab... Walt Reed
  6. So you count Mandriva, Red Hat, Debian, Ubuntu, Ge... Oldator
  7. I don't know why any self-respecting journali... Clay Garland
  8. OS, Web Server and Hosting History for www.us-cert... Philip
  9. What the article fails to mention that anytime new... Anonymous

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Red Hat Enterprise - UNIX Systems Administrator

Linux Systems Administrator London

Linux Systems Enginee Red Hat CentOS Unix shell bash Perl MySQL

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters