Windows beats Linux / Unix on vulnerabilities

windoze is in the integrated MS apps, like Outlook and Excel.

IMHO.

See the thing is, this is based on reported vulnerabilities. (Also worth mentioning is that this comparison is based on the single Windows OS contrasted against three distinct OS's, one of which has multiple variations.) Since Linux in particular is OpenSource, the security vulnerabilities are detected *and* patched at a much faster rate than those in proprietary OS's like Windows. In addition, Windows itself almost never reports flaws that are not deemed, by itself, as critical. OSS developers report every little thing. For example, I got an update today for an obscure little program I have on my system that had the ubiquitous buffer-overflow flaw. This is a security vulnerability, one deemed by most standards critical. Of course, the worst that could happen is that the program involved would crash, but that's still critical if I depend on it. And I'll note once again in case it was missed ... it was patched today.

Windows and its associated apps have severe security flaws that have been known for months, in some cases years, that have not even been addressed in work-arounds, much less fixed. The currently hot story about the problem with .wmf files has been a flaw since the inception of that file format, and it is only now even being discovered by the public at large.

This is the benefit of closed source to those who market it. It allows the developers to keep their secret flaws until they are in the exploitation phase, and so they can truthfully go to the public and say we have fewer "known" flaws than this other OS.

1) Some truth: http://trends.newsforge.com/trends/06/01/05/1627242.shtml

2) More truth: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=364x66796

...

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorised," Mark Cox, consulting software engineer at Red Hat, told ZDNet UK.

"For example, Firefox is categorised as a Unix/Linux operating system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics," Cox claimed.

...

Secunia thought that the nature of the reported vulnerabilities also made it difficult to compare security on the platforms, as Linux/Unix researchers concentrate on vulnerabilities in local privilege separation, while Windows researchers look at possible remote vulnerabilities.

"Generally, many of the vulnerabilities in Linux/Unix based products are classified as local vulnerabilities, including privilege escalation, local denial of service and local exposure of sensitive data. These kind of vulnerabilities are not regarded as particularly critical, but Linux/Unix researchers tend to focus quite a lot on this category, probably because of Unix's long history of proper privilege separation. This has only recently become more relevant in Windows (NT, 2000, and XP), but many Windows researchers still focus more on remote issues."

http://news.zdnet.co.uk/software/linuxunix/0,39020390,39245889,00.htm