Original URL: http://www.channelregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/
It might not feel like it, but Windows suffered fewer security vulnerabilities than Linux and Unix during 2005.
Linux and Unix experienced more than three times as many reported security vulnerabilities than Windows, according to the mighty US Computer Emergency Readiness Team (CERT) annual year-end security index.
Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.
CERT found more than 500 multiple vendor vulnerabilities in Linux and Unix spanning old favorites such as denial of service and buffer overflows, while CERT recorded 88 Windows-specific holes and 44 in Internet Explorer (IE). For a complete list of vulnerabilities, you can visit the CERT site here (http://www.us-cert.gov/cas/bulletins/SB2005.html).
The annual poll does not include the Windows MetaFile (WMF) vulnerability, which has become the most widely (http://www.pcworld.com/news/article/0,aid,124179,00.asp) reported attack on Windows according to security and antivirus specialist McAfee since being reported on December 28.
News of Windows' relative security will prove little comfort to millions of computer users now bracing for the latest attack of the Sober worm variant due this week (http://www.infoworld.com/article/06/01/04/HNnextsoberworm_1.html?9809798).
CERT's data underlines the scale of the challenge faced by Microsoft on security, four years into the company's highly publicized Trusted Computing initiative.
Despite posting fewer vulnerabilities than its Unix and Linux challengers and Microsoft going out its way to talk up its "progress" (http://www.microsoft.com/presspass/features/2005/dec05/12-21Security2005WrapUp.mspx) in security in 2005, it is attacks on Windows that still cause more concern and generate most headlines.
The reason is that, unlike Linux, Windows has greater potential to cause harm because of its presence on desktops in the hands of users who receive self-propagating worms, click on email attachments and download malicious code. And while it seems just as each hole is fixed, a new vulnerability is unlocked elsewhere in the vast Windows code base.®
X marks the bug (3 May 2006)
http://www.channelregister.co.uk/2006/05/03/x11/
Patches released for zero-day IE threat (29 March 2006)
http://www.channelregister.co.uk/2006/03/29/ie_patches_released/
'Critical' IE bug threatens PC users (27 March 2006)
http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/
Linux worm targets PHP flaw (20 February 2006)
http://www.channelregister.co.uk/2006/02/20/linux_worm/
Microsoft details Windows anti-virus pricing (8 February 2006)
http://www.channelregister.co.uk/2006/02/08/windows_antivirus_protection/
Windows support program bent to fit (12 January 2006)
http://www.channelregister.co.uk/2006/01/12/windows_support_security/
More cracks appear in Windows (11 January 2006)
http://www.channelregister.co.uk/2006/01/11/ms_january_patch_tuesday/
Security flaws on the rise, questions remain (9 January 2006)
http://www.channelregister.co.uk/2006/01/09/computer_security_flaws_on_the_rise/
Zero-day holiday (5 January 2006)
http://www.channelregister.co.uk/2006/01/05/secfocus_zeroday/
Sober up as Christmas viruses spiral (4 January 2006)
http://www.channelregister.co.uk/2006/01/04/electric_sober/
Windows users waiting for serious fix (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/windows_meta_file_hack/
World+dog scrambles to fight Windows flaw (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/wmf_workaround/
Data security moves front and center in 2005 (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/secfocus_2005_review/
Trojan alert over unpatched Windows flaw (29 December 2005)
http://www.channelregister.co.uk/2005/12/29/wmf_trojan_alert/
Sober worm prompts net perv confession (20 December 2005)
http://www.channelregister.co.uk/2005/12/20/sober_worm_nets_criminal/
MS releases IE überpatch (14 December 2005)
http://www.channelregister.co.uk/2005/12/14/ie_uberpatch/
Sober worm plans 5 January attack (8 December 2005)
http://www.channelregister.co.uk/2005/12/08/sober_attack/
Worm fears over MS October patch batch (12 October 2005)
http://www.channelregister.co.uk/2005/10/12/ms_october_patch_tuesday/
Worm spoofs Google on infected PCs (19 September 2005)
http://www.channelregister.co.uk/2005/09/19/google_spoof_worm/
Microsoft's delay to patch fuels concerns (14 September 2005)
http://www.channelregister.co.uk/2005/09/14/secfocus_patches/
© Copyright 2008