CERT's Best-Worst Vulnerabilities of 2005

Though there were more reported vulnerabilities, Linux is still seen as likely more secure than Windows.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Which operating system logged the most vulnerabilities in 2005?

According to the United States Computer Emergency Readiness Team (US-Cert) 2005 year-end index, Unix/Linux racked up more reports of vulnerabilities compared to Windows.

Security professionals, however, argue that the numbers alone don't tell the full story, and that a properly configured Unix/Linux server is likely more secure than a Windows server.

US-CERT's year-end compilation found 5198 reported vulnerabilities in 2005. Of that number, 2328 of them were for Unix/Linux (45 percent), 2058 were multiple operating system vulnerabilities (40 percent), and 801 were for Windows (15 percent).

Notably absent from US-CERT's index, however, is the recent zero day WMF metafile issue for which Microsoft has promised a patch next week.

Panda Software CTO Patrick Hinojosa said he doesn't think the raw numbers tell the whole story. "*nix vulnerabilities cover a wide range of actual OS's and that would tend to mitigate the ability to exploit these," Hinojosa told internetnews.com. "In addition, when I examined the vulnerabilities listed, the ones in Windows are probably more problematic given that the given Windows user is going to be much less security aware that the typical *nix user," he said. "Considering all factors, I would feel more confident in a Unix server that is locked down than in a Windows server."

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.