Linux or Windows: Which is more vulnerable?

Share this article:

After examining security vulnerability data over the last year, Forrester Research has determined that both Windows and Linux can be deployed securely, but vendors need to ensure they address several criteria to make this process easier.

Forrester collected and analyzed data on security vulnerabilities in Windows and in the four most widely-used Linux systems: Debian, MandrakeSoft, Red Hat and SUSE. In its report, "Is Linux More Secure Than Windows," the research firm said it is critical for vendors to be more responsive in providing patches to vulnerabilities, reduce the number of more highly severe holes, and be more thorough in offering fixes for all publicly disclosed vulnerabilities.

Bearing these requirements in mind, Forrester found that Red Hat Linux had the lowest percentage of highly severe vulnerabilities, while Microsoft placed first in responding to flaws by turning around fixes for publicly disclosed holes in 25 days. Among the Linux players, Debian's developer federation was tops in responsiveness among other Linux distributors, averaging only 32 days between the first fix for a given vulnerability from any source and Debian's own fix.

In regard to thoroughness, Microsoft fixed 100 percent of its vulnerabilities. RedHat patched 99.6 percent (all but one) and Mandrake, 99 percent (all but two).

The report also looks at platform security's future and how the likes of scheduled security update processes, responsible disclosure and more, will affect it.

www.forrester.com   

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.