Which operating system logged the most vulnerabilities in 2005?
According to the United States Computer Emergency Readiness Team (US-Cert) 2005 year-end index, Unix/Linux racked up more reports of vulnerabilities compared to Windows.
Security professionals, however, argue that the numbers alone don’t tell the full story, and that a properly configured Unix/Linux server is likely more secure than a Windows server.
US-CERT’s year-end compilation found 5198 reported vulnerabilities in 2005. Of that number, 2328 of them were for Unix/Linux (45 percent), 2058 were multiple operating system vulnerabilities (40 percent), and 801 were for Windows (15 percent).
Notably absent from US-CERT’s index, however, is the recent zero day WMF metafile issue for which Microsoft has promised a patch next week.
Panda Software CTO Patrick Hinojosa said he doesn’t think the raw numbers tell the whole story.
“*nix vulnerabilities cover a wide range of actual OS’s and that would tend to mitigate the ability to exploit these,” Hinojosa told internetnews.com. “In addition, when I examined the vulnerabilities listed, the ones in Windows are probably more problematic given that the given Windows user is going to be much less security aware that the typical *nix user,” he said. “Considering all factors, I would feel more confident in a Unix server that is locked down than in a Windows server.”