Linux

Linux and OS X More Buggy Than Windows?

By EAN ⋅ January 17, 2008 ⋅  Email this Post ⋅  Print this Post ⋅ Post a Comment

According to a new study by Secunia, the amount of security related bugs in Red Hat Linux (not including Fedora) and Firefox outnumbered the amount in comparable Microsoft products. Red Hat had a massive amount of vulnerabilities, amassing 633 security flaws. Solaris came in second with 252 bugs and Mac OS X followed closely behind with 235 bugs. Windows, amazingly enough, only had 123 bugs reported. Unlike Red Hat, Solaris, and OS X, where the major security bugs were found in third-party components, 96% of the bugs reported in Windows were built right in to the operating system itself while only 4% came from third-party components.

As far as web browsers are concerned, Safari and Opera were the the two “safest” browsers with only 14 security flaws each. Firefox had the most bugs, with a total of 64 while Internet Explorer had 43 bugs. Now if only Microsoft would concentrate as much effort on making their browser standards compliant. On a positive note, however, Mozilla’s Firefox team was able to release security updates and bug patches much more rapidly than Microsoft. Patches for Firefox were released in as less than a week on average. Patches for IE, on the other hand, were released much later and much less frequently.

The review also went on to evaluate the number of vulnerabilities found in popular anti-virus and other security related programs. Symantec, makers of Norton anti-virus, was one of the leaders, not surprisingly. We’ve all known their products are garbage for some years now. While it may be easy to blame the widespread use of Symantec’s products for the plethora of vulnerabilities, Secunia declared that quite a few vulnerabilities can be attributed to “highly critical flaws” in their code.

So does this study really show that Microsoft’s products are better from a security standpoint? Not at the least. The amount of bugs is only the first part of the problem. What we should really be looking at is the speed at which those bugs are patched–and Microsoft is far beyond the crowd. Letting zero-day exploits last longer than a week, like Microsoft does, is simply ridiculous. You end up with a product that does not have as many bugs, but the ones it does have never get fully patched, making for less secure software. I, for one, would much rather use a program that is patched more frequently–even if it is full of flaws.

Read the full article here.