Feeds

Windows beats Linux - Unix on vulnerabilities - CERT

Good news and bad news

Providing a secure and efficient Helpdesk

It might not feel like it, but Windows suffered fewer security vulnerabilities than Linux and Unix during 2005.

Linux and Unix experienced more than three times as many reported security vulnerabilities than Windows, according to the mighty US Computer Emergency Readiness Team (CERT) annual year-end security index.

Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.

CERT found more than 500 multiple vendor vulnerabilities in Linux and Unix spanning old favorites such as denial of service and buffer overflows, while CERT recorded 88 Windows-specific holes and 44 in Internet Explorer (IE). For a complete list of vulnerabilities, you can visit the CERT site here.

The annual poll does not include the Windows MetaFile (WMF) vulnerability, which has become the most widely reported attack on Windows according to security and antivirus specialist McAfee since being reported on December 28.

News of Windows' relative security will prove little comfort to millions of computer users now bracing for the latest attack of the Sober worm variant due this week.

CERT's data underlines the scale of the challenge faced by Microsoft on security, four years into the company's highly publicized Trusted Computing initiative.

Despite posting fewer vulnerabilities than its Unix and Linux challengers and Microsoft going out its way to talk up its "progress" in security in 2005, it is attacks on Windows that still cause more concern and generate most headlines.

The reason is that, unlike Linux, Windows has greater potential to cause harm because of its presence on desktops in the hands of users who receive self-propagating worms, click on email attachments and download malicious code. And while it seems just as each hole is fixed, a new vulnerability is unlocked elsewhere in the vast Windows code base.®

Beginner's guide to SSL certificates

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Torvalds CONFESSES: 'I'm pretty good at alienating devs'
Admits to 'a metric ****load' of mistakes during work with Linux collaborators
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.