home about us contact us

free scripts advanced scripts online tools great books web related tutorials contributed tutorials news archive geek toys!

help forum live chat help

Selected article

RSS feed   enewsbar Live Subscribe    Add to MyYahoo    Add to Google

Other HTMLfixIT articles:

by Franki

Secunia have reported that more flaws were found in Redhat Linux (633) than in Windows (123), but even a blind man can see it is nowhere near a fair comparison.

Redhat is made up of the core operating system, and thousands of third party applications that people can choose to install. (or not). 99% of the 633 security flaws found in Redhat Linux were in the third party applications, only 1% were in the core OS.

Windows however, only had 123 bugs, but 96% of them were in the core operating system. Since 3rd party apps are not supplied or supported by Microsoft however, all of their bugs did not get added to the total as they did in Redhat’s case.

Does anyone else think that this is perhaps not a fair comparison? I can tell you one thing, I’d rather have a core OS with 1% of 633 flaws (6.33), than one with 96% of 123 flaws 118.08. The OS results could just have easily been put “Windows had 118.08 more OS security flaws than Redhat Linux.”

With regards to Firefox, they also seem to be counting flaws that Mozilla have found themselves. We know they are not doing the same for IE, because Microsoft don’t announce flaws they find themselves. Again, not really a fair comparison.

Interesting however, is the patching statistics for IE and Firefox.

Out of eight zero-day bugs reported for Firefox in 2007, five have been patched, three of those in just over a week. Out of 10 zero-day IE bugs, only three were patched and the shortest patch time was 85 days.

(taken from here)

Microsoft’s best patch result was 85 days to release and only 3 out of 10 flaws patched, verses 5 out of 8 and just over a week for Firefox.

Statistics are all good and interesting, but taken in the wrong light, can paint a picture that is dangerously incorrect.

5 Responses to “lies and statistics.”

  1. Chris Lees Says:

    85 days for a security patch is pretty pathetic, but Apple has Microsoft beat in this department. A flaw was found in a piece of open-source software that transmitted passwords in cleartext over the internet. Within 2 weeks of discovery, it was fully patched in the open-source project. Apple took six months to release a fixed version in OS X.

    So I think it would be very helpful to see what the overall statistics would be for OS X!

  2. John Shelton Says:

    This issue illustrates once again how raw statistics can be manipulated to “prove” whatever the pollster wants to prove. Even the method of sample taking can be, and universally is, manipulated to “prove” the desired result.

  3. RedRat Says:

    Good analysis! I have not installed Red Hat in quite some time. While the OS itself is clearly much stronger than Windows, all of those extra apps that come with Linux ARE installed, particularly by the naive user. So you do get the flaws.

    However, you are correct that the serious problems are with the OS, better to have 6-7 flaws that were quickly corrected than 118 that might take 6 months to correct. Good reporting.

  4. Rob Says:

    No, it’s not really good reporting. This article as well as the original show where the devil is in the details. A little less pro-linux flavor in pointing out differences would make this good reporting (as well as someone who can at least write with proper grammar – MS “doesn’t” announce flaws, etc).
    For example:
    “Since 3rd party apps are not supplied or supported by Microsoft however, all of their bugs did not get added to the total as they did in Redhat’s case.”
    This means that RedHat does supply and is therefore is responsible for the third party apps provided with the distribution. Then, in fact the study is accurate enough. There are more bugs.

    It is important when relating “core OS” bugs, but remember, alot of what is considered “core OS” for Microsoft is covered by a third party app in Linux, since MS loves to hook all sorts of bloat into their distribution as the “core OS” to monopolise functionality.

    The original report by Secunia tries to be fair as best as it can. It is getting really old that Linux people cry foul anytime someone points out where their weaknesses are.

  5. Franki Says:

    Well, if we want to compare apples to apples, then Redhat would be compared to Windows server 2003, and to be fair, they would not count packages in Redhat that do not have a comparable application included in Windows, meaning no MTA for email and so on.

    I think the end result would be the same mentioned in my actual article..

    What do you mean by included in Windows anyway? IE, OE etc? They are included in Windows, but nobody uses them on servers anyway.

    Apart from which, we are talking about CORE OS flaws.. not those in paintbrush or IE etc… and in that standard, Windows loses.

    I do find it odd, that people (like the commenter above) think it’s fair to compare the dozen or so Microsoft apps included with Windows, to the thousands of 3rd party apps included in Redhat. If you do count bugs in Redhat as they appear to have, then you’d count (for example) all bugs found in Postfix and Sendmail MTA’s, but why? no server can run both anyway because they do the same job, they are offered there as a choice. (and standard Windows server 2003 doesn’t include an MTA at all.)

    I should also add, that if you choose server during install, Redhat doesn’t install the thousands of user apps.. so does that mean they should be counted or not? like verses like, you can’t have it both ways.

    Also I love the arrogance of some people (primarily yanks) to question the spelling and grammar of others without first checking where that person is from and what form of English is being written. (there is more than one people)



This site is totally free to use, you have absolutely no moral or legal obligations to help us continue.
There are however, some costs involved in running the site.

<random humor>
Plus Franki is trying to keep his boat floating.
</random humor>

So if this site helped you find your way, perhaps you could consider contributing to our costs. Whatever amount you feel this site was worth to you would be just wonderful.
Use PayPal if you do decide to share and help us with the costs and in appreciation for our time and attention, or alternatively buy a book from our Bookstore..

  Time  in  Don's  part  of the world is:   March 2, 2024, 9:53 am
  Time in Franki's part of the world is:   March 2, 2024, 10:53 pm
  Don't worry neither one sleeps very long!

privacy policy :: support us :: home :: live chat help
contact us :: forum ::tutorials :: bookstore :: Site Map

      Valid XHTML 1.0!             powered by Apache Server
Pic 3 Pic 3


CIGHTML Firefox Thunderbird ClamWin WordPress SpyBot S&D TheGIMP Apache for Windows Registry Cleaners More cool stuff:


HTMLfixIT Site Stats.

Browser Statistics
Internet Explorer 85.88%
IE 717.63%
IE 62.3%
IE 50.00%
IE other8.6%
Moz Firefox 3.x3.03%
Moz Firefox 2.x0.18%
Moz Firefox 0.x/1.x26.65%
Netscape 8.x0.00%
NS 6+/Mozilla2.73%
Moz Seamonkey0.00%
Netscape 4.x0.00%
Opera 9.x0.00%
Opera 8.x0.00%
Opera 7.x0.42%
Opera 6.x0.00%
Opera other0.42%
Safari Mac/Intel5.21%
Safari Mac/PPC0.06%
Safari Windows25.2%
Google Chrome1.51%

Resolution Statistics
640 x 4800.25%
800 x 60026.14%
1024 x 76836.55%
1152 x 8640.25%
1280 x 80011.68%
1280 x 8540.00%
1280 x 102417.01%
1400 x 10500.00%
1600 x 12001.02%
1920 x 12007.11%
2560 x 10240.00%

OS Statistics
Windows 741.55%
Windows Vista2.4%
Windows 20033.91%
Windows XP20.86%
Windows 20000.36%
Windows NT40.05%
Windows 98/ME0.05%
Windows 950.00%
Mac OSX8.03%
Mac Classic0.00%

New Windows Virus Alerts
also by sophos.

17 Apr 2011 Troj/Mdrop-DKE
17 Apr 2011 Troj/Sasfis-O
17 Apr 2011 Troj/Keygen-FU
17 Apr 2011 Troj/Zbot-AOY
17 Apr 2011 Troj/Zbot-AOW
17 Apr 2011 W32/Womble-E
17 Apr 2011 Troj/VB-FGD
17 Apr 2011 Troj/FakeAV-DFF
17 Apr 2011 Troj/SWFLdr-W
17 Apr 2011 W32/RorpiaMem-A

For details and removal instructions, click the virus in question.