CSO

I have an opinion. I hope people take it seriously based on a few credentials of mine. Without some form of credentials, perhaps these feelings I have are just dust parts in the wind.
Age: 25
Degree: Computer Science
Career: Software Developer (3 years)
Number of computers purchased in life: ~20
Security is not only based on the protective walls we put up, but how we act. I could get viruses on my linux machines. But I don't download apps and install them to give access to attackers. Same for my windows machines. I have never had a virus on my machines. I have run Win95, XP, and now Vista. I have never had a virus on my linux machines, mostly Gentoo.
Downtime is my concern. No question my linux machines have caused me more downtime than Windows.
WAIT - Read on please.
Every one's situation is different. I may not be very articulate, but I feel I have a good point. I know what not to do on windows, it has always seemed common sense to me. Never a virus. never. I have never had to reinstall because my system was bogged down. Out of hard drive space? Yes, such is life now that video games take GB's of room. I strongly feel the problems have with windows is due to their own ignorance to software.
I know people that get viruses downloaded and running in just moments on a windows machine. Why? They want to see naughty pictures and a web site they hit says "Download and install this app to view the page correctly!", so they do. It's user ignorance.
I have an ignorance as well. This will attest to my downtime with linux. I have a hard time finding the right configuration files I need to fix when updates fail (never had an update fail on windows...but lost count on linux (fedora, redhat, suse, gentoo, ubuntu, etc - I've used a lot)). For instance, right now my linux server running apache is not running correctly. It doesn't correctly compile PHP anymore on my web pages. And it took me a week to get it back up and running at all (configuration files moved around, the update didn't warn me about that). Sure it's my own fault, if only i had read such and such manual online about the patch, and read such and such manual on how to correctly configure apache....But it's not just my services, but the basics of the OS. 4 times in the last two years my linux builds have had to be locally repaired bc remote login was corrupted because a pam update had failed or changed configurations on me. Never had such problems on windows. And I've not had to change or manually help a SINGLE UPDATE. Never had to worry about configuration files for updates with windows.
So it would seem to me that the root of the problem with window's vulnerability is in the user base, and the root of the problem with linux vulnerabilities is in the developer base (updates that break things). Not to mention that I have hardware on 'bleeding edge' machines that do not even have a driver on linux, and who knows when one will come out, or even if it will work well. I had such driver issues on linux (issue == no driver available, no hack available, or just 3-8 hours of blog reading to figure out how to program my own fix). Such issues on linux in my experience has been with blue tooth keyboards (took a week to hack a fix on my linux box to recognize my keyboard and mouse and screen at the same time), no such audio driver for my new sigmatel, and no such wireless card driver on my new work laptop. On windows? No question, a driver exists, is signed by the manufacturer, and it works fast as expected.

I have a lot more to say, but sadly I don't think people are even going to read this.

Thanks :)

It strikes me as funny that the one OS in the world who is most vulnerable to viruses can even claim to have less vulnerabilities. I have 5 computers at my house, 1 being ubuntu, 1 being Fedora, one having FreeDOS (yes, I like the oldie games) and 2 running windows (both registerd copies, one is XP Media center, and one XP Home). Can you guess which 2 I've had to remove trojan horses and spyware off of? Can you guess which ones I restart at regular intervals so they won't crash at a bad time? Both windows computers. My wife and I are working on a 3 year plan to be completely removed from depending on Windows. I refuse to move on to Vista. I tried it, and was so buggy that I couldn't run the simplest games (I like to game) for example--Everquest. I know, you can blame that on Hardware, rather than Vista, but be honest, who HASN'T had a problem with vista and hardware incompatibility? So, congrats on your findings, I guess the world seems right at Redmond.

Jon

P.S. Oh, what would you charge me to tell the world that sewage is a good facial cleanser?

Ooh, the graph makes unix like OSes look really bad. This survey is flawed. Umm, how many applications are available for Linux?? THOUSANDS. Of course the graph for unix type OSes will be much higher in comparison. I don't see Microsoft OS bundled with PHP, ORACLE, Snort or other trinket applications. The default installation of mac osx and other linux packages contain way more software.

On a level playing field, Windows XP is just a bare operating system with a hardware control, networking component and web browser and a few management tools. Now if you compare a linux distro with the same level of software, when was the last time there was a core network vulnerability on linux? How many times has there been a web browser update for Internet Exploder versus Firefox? How many critical kernel updates between the two?

The author of this article should do some more homework.

Vista's most-obvious fatal flaw is its baked-in DRM (what is DRM doing in a "business" OS anyway?), which can be turned against it as a weapon. What's to keep a Trojan or other malware from simply generating spurious tilt bits at random intervals to cause random resets-- or reboots-- or locking out system hardware altogether?

As has been pointed out in the past, the problem with DRM is simple. Sure, the content is in a "locked box"-- but the provider HAS to provide a key to open it, and sooner-or-later, somebody is going to make a copy of that key-- and in the meantime, dealing with the locks is a needless hassle. Not only that, the DRM keeps WinVista churning. No wonder laptops have seriously-reduced battery live vis-a-vis WinXP!

-- Michael

Thing is, the FOSS world openly reports its vulnerabilities and issues a fix for each asap. Microsoft acknowledges only the issues that are either extremely public or those they decide to fix. In many cases, a Microsoft patch will not only fix a known issue but several nonpublic problems as well. However, for a given patch Microsoft will typically only acknowledge the public issue. In this case, your graph isn't about security vulnerabilities and their fixes, but the open-ness of the groups' dealings with vulnerabilities and fixes. In other words, your graph is exactly what Microsoft wants you to believe, but couldn't be further from the truth.

Are there any similar figures available for the first five years of xp vs redhat enterprise 4?
imho that would give a pretty accurate view of how confidently one could deal with each company based on track record.
After all, not many people use any OS for only 6 months?

Those are the ones that Microsoft KNOWS about but may or may not fix, and in their own good time. With that metric on the graph I suspect that the VISTA column will blow off the top of the chart.

Comparing vulns between an OS that keeps MOST of theirs secret and FOSS distros which make public ALL of their vulns is a disjoint from the beginning. And, Jeff, unless you have access to Microsoft's internal bug database your graph represent ONLY the ones Microsoft is willing to tell the world about. Given their past behavior they are NOT trustworthy.

However, I understand where you are coming from. IF you told the truth you'd have to look for another job.