RE: Use of closed source software

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Mon Feb 04 2002 - 12:59:07 MST


hal@finney.org wrote,
> There is a debate this morning on slashdot at
> http://slashdot.org/article.pl?sid=02/02/04/1629246 about an article
> claiming that Linux has more security holes than Windows

This story is bogus. SecurityFocus (specifically, ryan@securityfocus.com)
themselves denied the story and said that their stats were totally
misinterpreted or misrepresented.

1. The numbers combined all different Linux systems together (Mandrake, Red
Hat, Debian, SuSe, etc.) but split all different Windows systems apart
(Windows NT, Windows 2000, Windows ME, Windows 98, Windows 95, etc.) For
example, Mandrake Linux had only 9 more bugs reported than Windows 2000.
Debian Linux had fewer bugs than either Windows OS.

2. The Linux numbers include all applications that run under Linux. The
Windows numbers do not include Outlook bugs, Internet Explorer bugs, IIS
bugs, etc. Combining all thesee buggy apps with the Windows operating
system as they did with Linux gives Windows many more bug reports than
Linux.

3. The article excluded the second half of 2001 when there was a dramatic
increase in bug reports for Windows.

When using the same criteria for both system, Linux clearly has many fewer
bugs than Windows. The author of this article clearly was playing with the
numbers. Even the source he is quoting is saying that he is misinterpreting
the statistics from their page. Besides, Microsoft's own advertising claims
that they fixed 63,000 bugs in Windows 2000.

--
Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:12:11 MST