Seen this on WinInformat.com: “For at least the first 8 months of 2001, open-source poster child Linux was far less secure than Windows, according to the reputable NTBugTraq, which is hosted by SecurityFocus, the leading provider of security information about the Internet.”“(The company’s 2001 statistics are available only through August 2001 for the time being.) According to NTBugTraq, Windows 2000 Server had less than half as many security vulnerabilities as Linux during the reported period. When you break the numbers down by Linux distribution, Win2K had fewer vulnerabilities than RedHat Linux 7.0 or MandrakeSoft Mandrake Linux 7.2, and it tied with UNIX-leader Sun Microsystems Solaris 8.0 and 7.0. A look at the previous 5 years–for which the data is more complete–also shows that each year, Win2K and Windows NT had far fewer security vulnerabilities than Linux, despite the fact that Windows is deployed on a far wider basis than any version of Linux. So once again, folks, you have to ask yourselves: Is Windows really less secure than Linux? Or is this one of those incredible perception issues?”
We would like to suggest caution when reading the table with the vulnerabilities. When an operating system has a very small number of vulnerabilities it may be because it is not a widespread OS, not because it is more secure, eg. BeOS or AIX. The more popular/used the OS is, the more vulnerabilities are uncovered. Linux holds around 25% of the server market and around 1% of the desktop market, both numbers significantly smaller than the Windows line of OSes, which makes the statistics discussed here today, even more gloomy for Linux’s security.