CERT’s Best-Worst Vulnerabilities of 2005

Which operating system logged the most vulnerabilities in 2005?

According to the United States Computer Emergency Readiness Team (US-Cert) 2005 year-end index, Unix/Linux racked up more reports of vulnerabilities compared to Windows.

Security professionals, however, argue that the numbers alone don’t tell the full story, and that a properly configured Unix/Linux server is likely more secure than a Windows server.

US-CERT’s year-end compilation found 5198 reported vulnerabilities in 2005. Of that number, 2328 of them were for Unix/Linux (45 percent), 2058 were multiple operating system vulnerabilities (40 percent), and 801 were for Windows (15 percent).

Notably absent from US-CERT’s index, however, is the recent zero day WMF metafile issue for which Microsoft has promised a patch next week.

Panda Software CTO Patrick Hinojosa said he doesn’t think the raw numbers tell the whole story.
“*nix vulnerabilities cover a wide range of actual OS’s and that would tend to mitigate the ability to exploit these,” Hinojosa told internetnews.com. “In addition, when I examined the vulnerabilities listed, the ones in Windows are probably more problematic given that the given Windows user is going to be much less security aware that the typical *nix user,” he said. “Considering all factors, I would feel more confident in a Unix server that is locked down than in a Windows server.”

This article was first published on InternetNews.com. To read the full article, click here.