HarborFront

Level 55
Verified
Content Creator
Surprising reports paints Linux and Android as less secure than Windows


Which operating system has suffered the most vulnerabilities since around the turn of the millennium? That would be Linux, not Microsoft’s Windows, at least according to a freshly released report.

An analysis of the National Institute of Standards and Technology’s National Vulnerability Database, compiled by Thebestvpn.com, tracked ‘technical vulnerabilities’ in popular pieces of software between 1999 and 2019.

And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apple’s macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.

All of the top five places were taken by operating systems, although Firefox and Chrome filled the next two positions with 1,873 and 1,858 vulnerabilities respectively.

As for Microsoft’s operating systems, Windows 7 bore 1,283 vulnerabilities, and Windows 10 carried 1,111. If you add those together, you get a total of 2,394 for the past decade, roughly – given that Windows 7 came out in 2009, and handed the baton to Windows 10 in 2015.

Read more here




 
i have wondered about this in the past. my friend deleted a ton of system files and killed windows dead on her laptop. anyhow, she wanted linux on it now instead. but it wouldn't take linux unless i modified several security features in the bios or something. apparently, as i researched it, those were to stop kernel-level rootkits or something, but they also prevented the installation of other operating systems. basically, they had to be deactivated for linux to be installed. all the other computers i've put linux on didn't have this. but her's did. essentially, i had to make her laptop less secure to run linux.

the article is a bit sketchy on details on the linux stats though. those details are likely important, particularly in statistics, so we can see specifically what is being compared with what (only a passing reference to debian). and kinda amusing, but in search of that missing detail, i clicked the report compiler's site link (" compiled by Thebestvpn."), and my yandex browser flagged that site as a security threat, lol. so maybe not the most reputable? dunno. but interesting :)
 

shmu26

Level 85
Verified
Trusted
Content Creator
Every operating system complex enough to serve modern needs has as many holes as swiss cheese. But that doesn't mean that in real life, the user is at high risk. It all depends whether those holes are actively exploited, and whether the user is targeted. Linux is security by obscurity, meaning that since home users of linux systems are not targeted by malware peddlers to a significant extent, they are relatively safe.
 

security123

Level 28
Verified
Number's of fixed vulnerabilities doesn't mean anything but Linux is more insecure then Windows. Linux lack important security stuff which Windows use for years.
I read that Linux even miss stuff like ASLR which is ridiculous if it's true.

Also I highly recommend reading this:
 

shmu26

Level 85
Verified
Trusted
Content Creator
Linux was only really thought to be the safest because it owns like 2-10% of the pc market while Windows owns about 50-70% of the market.
Right. The real numbers of linux home users are extremely low. Surely not even near 10%.
The standard malware techniques of weaponized documents and powershell scripts will not run on linux systems. It simply does not make financial sense to target linux home users.
 

TairikuOkami

Level 29
Verified
Content Creator
The real numbers of linux home users are extremely low. Surely not even near 10%.
9 of 10 linux users go to IoT devices and they are actively being hacked, but it does not make the news so much, because no real users are affected.

 

shmu26

Level 85
Verified
Trusted
Content Creator
9 of 10 linux users go to IoT devices and they are actively being hacked, but it does not make the news so much, because no real users are affected.

What's the deal with hacking IoT devices? Someone wants to turn on the lights in my living room against my will, or what?
 

monkeylove

Level 5
One might also consider the points that operating systems are generally vulnerable but such isn't known unless malware creators discover and exploit them, that malware creators will focus more on popular operating systems because those gives them higher returns, and that those systems that are attacked are patched, which might make them safer.
 

Spawn

Administrator
Verified
Staff member
Linux servers are not a solution to security and still do need protection.

 

Bonorex

Level 1
What a stupid comparison in this article. They are comparing 20 years of Debian vulnerabilities (1999 - 2019) to only 4 years of Windows 10 vulnerabilities (2015 - 2019). If we calculate the number of vulnerabilities per year, then anybody can see how many new vulnerabilities are discoeverd each year for each operating system:
Windows 10 (2015-2019): 1111/4 = 278 vulnerabilities/year
Windows 7 (2009-2015): 1283/6 =214 vulnerab./year
Debian (1999-2019): 3067/20 = 153 vulnerabilities/year

So, even Windows 7 has less vulnerabilities/year than Win10.
A totally useless and misleading article. If the author wants to compare the number of Windows/Debian vulnerabilities since the turn of the millennium, than vulnerabilities of windows 98 and XP (or Vista) should be added to the statistics, to cover the years from 1999 to 2009.
Beside that, I don't think that the number of vulnerabilities is the most important parameter, when it comes to security. Their severity should also play a role in deciding which software is the most secure
 

monkeylove

Level 5
What a stupid comparison in this article. They are comparing 20 years of Debian vulnerabilities (1999 - 2019) to only 4 years of Windows 10 vulnerabilities (2015 - 2019). If we calculate the number of vulnerabilities per year, then anybody can see how many new vulnerabilities are discoeverd each year for each operating system:
Windows 10 (2015-2019): 1111/4 = 278 vulnerabilities/year
Windows 7 (2009-2015): 1283/6 =214 vulnerab./year
Debian (1999-2019): 3067/20 = 153 vulnerabilities/year

So, even Windows 7 has less vulnerabilities/year than Windows 10.
A totally useless and misleading article. If the author wants to compare the number of Windows/Debian vulnerabilities since the turn of the millennium, than vulnerabilities of windows 98 and XP (or Vista) should be added to the statistics, to cover the years from 1999 to 2009.
Beside that, I don't think that the number of vulnerabilities is the most important parameter, when it comes to security. Their severity should also play a role in deciding which software is the most secure

That and more were mentioned in the article (even the point that Debian has been around since 1993), which is why the writer stated that "no users should be complacent, no matter how secure they believe any particular product might be."
 

Thales

Level 9
This article is ridiculous.
Linux get updates and fixes very often because a very good and large community is behind linux. Sometimes they fix issues within hours. That's how linux works.
What about Windows? sometimes we have to wait weeks or months for updates.
 

security123

Level 28
Verified
This article is ridiculous.
Linux get updates and fixes very often because a very good and large community is behind linux. Sometimes they fix issues within hours. That's how linux works.
What about Windows? sometimes we have to wait weeks or months for updates.
That's not fully true. Even 15 years later security bugs are still open.

Also the large community destroy itself with too many distris, too much hate to other distris and lack of maintaining these.

Windows has much more user's and monthly updates are totally fine. Android does the same but Windows also fix important problems at fast as possible instead of monthly but this is rare.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Thankfully for linux users, linux has failed miserably in its attempt to woo the general public. If a billion people were using it, we would need all sorts of security measures that would waste our time and energy, and degrade the general experience of freedom that you usually have in linux.
 

SeriousHoax

Level 32
Verified
Thankfully for linux users, linux has failed miserably in its attempt to woo the general public. If a billion people were using it, we would need all sorts of security measures that would waste our time and energy, and degrade the general experience of freedom that you usually have in linux.
This is correct. No matter which article says what, for an average user Linux is far more secure than Windows. You can't run FreeDownloadRam.exe in Linux 😄