Linux or Windows: Which is more vulnerable?

Share this article:

After examining security vulnerability data over the last year, Forrester Research has determined that both Windows and Linux can be deployed securely, but vendors need to ensure they address several criteria to make this process easier.

Forrester collected and analyzed data on security vulnerabilities in Windows and in the four most widely-used Linux systems: Debian, MandrakeSoft, Red Hat and SUSE. In its report, "Is Linux More Secure Than Windows," the research firm said it is critical for vendors to be more responsive in providing patches to vulnerabilities, reduce the number of more highly severe holes, and be more thorough in offering fixes for all publicly disclosed vulnerabilities.

Bearing these requirements in mind, Forrester found that Red Hat Linux had the lowest percentage of highly severe vulnerabilities, while Microsoft placed first in responding to flaws by turning around fixes for publicly disclosed holes in 25 days. Among the Linux players, Debian's developer federation was tops in responsiveness among other Linux distributors, averaging only 32 days between the first fix for a given vulnerability from any source and Debian's own fix.

In regard to thoroughness, Microsoft fixed 100 percent of its vulnerabilities. RedHat patched 99.6 percent (all but one) and Mandrake, 99 percent (all but two).

The report also looks at platform security's future and how the likes of scheduled security update processes, responsible disclosure and more, will affect it.

www.forrester.com   

Share this article:

Sign up to our newsletters

More in News

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.