Linked by Thom Holwerda on Thu 10th Apr 2008 21:38 UTC, submitted by SReilly
"Symantec's comprehensive security report on the malware industry from July 1 to December 31, 2007, is now available in its 100+ page glory. Symantec broke down information on patch development time by operating system and by the type of vulnerability encountered. Surprisingly, Microsoft had the shortest time-to-patch over both halves of 2007. In the first part of the year, Microsoft released 38 patches (two of which involved third-party applications) with an average deployment time of 18 days. From July to December, Microsoft released 22 patches with an average patch time of six days. Red Hat came in second, at 32 days for the second half of the year and 36 days in the first half. That's quite a bit higher than Microsoft's average, but of the 227 vulnerabilities Red Hat patched in 2007, 226 of them involved third-party applications. Apple, Sun, and HP all lag well behind Microsoft and Red Hat, though the gap for each company differs significantly between the first and second halves of last year."
Thread beginning with comment 309123
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Hate to point out the obvious...
by gustl on Fri 11th Apr 2008 20:01
in reply to "Hate to point out the obvious..."
Member since:2006-01-19
Gnu/Linux as a whole is probably patched quicker than Microsoft patches the various aspects of Windows (including Office software and Web browsers).
Of course, I don't have data for that, it's a hunch. But the article is flawed.
Of course, I don't have data for that, it's a hunch. But the article is flawed.
That is the dilemma with security comparisons of any large GNU/Linux distro with Windows.
To be able to even make a comparison, one would have to look at the functions Windows provides, and exclude any security issues of programs from the GNU/Linux distro that have no functional match in the compared Windows installation.
Then the flaws have to be ordered by severity and how many days each flaw was unpatched and publicly known.
Then we can start a discussion if the numbers we see actually mean anything.
If one counts the numbers of cracked webservers per million installed servers, Linux comes off slightly worse than Windows. Nobody knows why, probably Linux machines are seen by their admins as "inherently safe" and are therefore left unpatched. On the other hand, there still does not exist a really successful virus for Linux, but Windows machines are cracked by the millions through viruses.
The answer to the question "which operating system is more secure" is hard to give as it involves sociological as well as technical aspects.
Edited 2008-04-11 20:07 UTC
Member since:
2007-05-16
...but RedHat doesn't have to patch everything themselves. That's the great thing about community software. It even says in the article that they patched 226 third party applications. Gnu/Linux as a whole is probably patched quicker than Microsoft patches the various aspects of Windows (including Office software and Web browsers).
Of course, I don't have data for that, it's a hunch. But the article is flawed.