Geeks With Blogs

News Dave's Mug View David Oliver's profile on LinkedIn Add to Technorati Favorites Blog Directory for Guildford, Surrey
Dave Oliver's Blog Enterprise Technology Thought Leadership in a FTSE 100

Now there is lies, down right lies and statistics specially in I.T. (Oh you cynic Dave)

Statistics are the major weapon of spin, so it’s interesting when a US Government agency, CERT (Computer Emergency Readiness Team) publishes it’s stats for 2005 which can be found here.

And CERT says “This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities”

Now I don’t wish to have a religious war on my blog about which operating system is ‘better’ as I’m a firm believer in ‘horses for courses’ in that you choose the operating system that best suits your need but it does indicate that the argument that an operating system is 'more' secure than another is no longer a reason to dismiss a choice which is my belief. I think more so than ever that requirement should stir your choice than hear'say or statistics!

Posted on Thursday, January 5, 2006 1:26 PM Main | Back to top

Comments on this post: Windows experienced less vulnerability in 2005 than Linux/Unix.

# re: Windows experienced less vulnerability in 2005 than Linux/Unix.
Requesting Gravatar...
It has to be said that that you've just produced a definite example of statistics as spin with your title.

Looking the list, the UNIX/Linux list is a real mixed bag, and has all the MacOS X vulnerabilities from the last year mixed in. However, not all the UNIX/Linux vulnerabilities applied to MacOS X, nor did a number of those on the list, which apply to other UNIX and Linux variants. Using that list I could just pull out the vulnerabilities that only affected MacOS X, remove the ones that didn't and 'prove' that MacOS X experienced less vulnerability than Windows.

Of course the problem with the UNIX/Linux list is also present in the Windows list, which groups together all versions of Windows, and again, some of the vulnerabilities are specific to certain variants, specific drivers and so on.

The same is true of the Multiple Operating system list, they don't affect every single OS, just the ones that use the relevant bit of software with the vulnerability.

Essentially, you can spin the information in that list around to prove or disprove how vulnerable or not a particular operating system is or isn't. Ultimately it comes down to making sure that whatever OS you use you keep it up to date, and using firewalls and virus checkers whatever OS you use.

Left by Richard on Jan 05, 2006 7:17 PM

# re: Windows experienced less vulnerability in 2005 than Linux/Unix.
Requesting Gravatar...
The title being 'spin-like' is totally intentional. The point of the post is really an attempt to show that security is an important issue, but you should never gauge your OS choice on head-lines like this.

At home I run XP and Suse 10. I have placed the SUSE 10 box behind my hardware firewall (which semi auto-updates) and follow all the advised security info on the Novell site to the letter.

XP I've just let the auto update download with SP2 do it's thing.

Interestingly I've just changed my virus checker. I'm trying a few out before I find one I like.
Left by Dave Oliver on Jan 05, 2006 7:41 PM

Comments have been closed on this topic.
Copyright © Dave Oliver | Powered by: