Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Virus Report Problems
by Jason Lotito on Mon 6th Oct 2003 23:14 UTC

People make many claims with regards to viruses on different OS's, and it's interesting that open source software is usually lumped together as a "Linux" problem. For example, if someone breaks into a Linux server through a hole in SSH or a default password of some software they are using, is this really a Linux problem?

What no one has done (at least, none that I have read) is a comparison of Microsoft products, and how they compare to open source products, and the resulting impact. For example, just because a report says that Linux is the most attacked doesn't mean it's the OS at fault. The same goes for Windows. Most of the time, it's not the underlying OS that is the problem, but rather, the applications that are run on top of it.

So when you look at the number of potential security holes on "Linux," would it be fair to compare it with the potential security holes in products that run on Windows?

What I mean is just because something runs on an OS doesn't make the OS a vulnerable. If the applications is broken, the applications is broken. But most reports tally up the number of holes in various software that can run on Linux or BSD, and compare it to Microsoft products only.

If a report counts the number of holes in, let's say, sendmail, and qmail, and various other MTA's, will it also count the number of holes in various Microsoft software and total them up?

I remember one report about a year ago (can't remember the link, sorry), and they were tallying up the results on various open source OSs. When the numbers were finished, the report made it look as though Microsoft was more secure. But when you actually looked at the numbers, they were counting and totaling all popular MTA's bugs, as well as various other software of the same type, and using all those numbers against the Microsoft numbers.

Anyways, I really went off topic here. The point, I guess, is that you need to look at a platform, and the products, and entities. Linux v.s. Mircosoft bug count wars are useless. Comparing direct products to other products is what really matters. Apache v.s. IIS, and not just the number of virii/bugs/holes/etc. The response time is also important, as well as the impact. And the ability to solve the problems yourself, if need be.

my 2cents