Linux, Unix safer than Windows? Take a look at figs from U.S. CERT

As I’ve written in previous newsletters, studies about Linux vs. Windows security and vulnerabilities must be viewed with a critical eye, since many are funded by those with either a very pro- or anti-Linux point of view.

Whatever your opinions of the U.S. government, it has thrown its own piece of opinion pasta against the wall on this issue, and the result is not so al dente for those who hold Linux/Unix systems in high-security esteem. According to the United States Computer Emergency Readiness Team (U.S. CERT), faults in Linux and Unix systems accounted for around 45% of the vulnerabilities the government IT security organization reported in 2005.

According to US-CERT, a combined 2,328 security vulnerabilities were reported last year affecting Linux and Unix systems, while 812 vulnerabilities were reported for Microsoft Windows-based systems. The safest operating system? Apple’s MacOS, which only registered 25 vulnerabilities on U.S. CERT’s list.

Observers say that the numbers attributed to Linux and Unix systems may seem high since U.S. CERT counts every update made after an initial vulnerability is reported towards that respective operating system’s score. Also, lumping together Unix and Linux system vulnerabilities is like saying there were more problems with transmissions in German and Japanese cars last year than Korean cars; whereas Germany and Japan have almost a dozen automakers and Korea has only Kia.

Still, the notion that Linux or Unix-based systems are inherently safer that Microsoft is challenged by the U.S. CERT findings.