Information Week has posted a story arguing that Windows is more secure than other operating systems. It uses the CERT security advisory, which lists three times as many vulnerabilities for Linux, Unix and the Mac OS as Windows, as 'proof'.
It strikes me there's an almost cognitive dissonance going on here. While the world is still reeling from the Windows Meta File vulnerability, we're expected to believe that Linux, Unix and the virus-less Mac OS are more insecure than Windows. Don't trust the evidence of your own eyes, believe the lies of these stats.
The Information Week article lists a number of reasons why the stats shouldn't be taken at face value; one reason is that Linux, Unix and Mac OS vulnerabilities are lumped together. Looking just at Mac vulnerabilities gives you a little over 25.
But no mention is made of how important these vulnerabilities were: is the ability to crash a program as important as a privilege escalation bug that can compromise the whole system? And no acknowledgment is made that a vulnerability without an exploit is only a theoretical vulnerability at most.
Equally, breakdowns on vulnerabilities in core packages versus peripheral packages is an important factor. Unix, Linux, the Mac OS and indeed Windows are composed of thousands of different programs, some of which may never be used. A vulnerability in the Windows fax software is never going to be as important as a vulnerability in Internet Explorer. On the Unix and Linux side, so many packages are optional installs that many of the supposed vulnerabilities would never exist in the vast majority of systems.
So remember to read the stats rather than the headlines. Count the actual Windows viruses and Trojans, then count the Unix/Mac/Linux ones. Which would you rather face: 2,300 theoretical vulnerabilities, only a small proportion of which could ever affect you, or the 800 or so vulnerabilities of Windows, most of which have exploits in use in the wild today?
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
Leave a comment