Sign up for the Security newsletter

Windows has fewest security holes

But beats Red Hat and Mac OS X on number of critical flaws, says report

By Andy McCue on 23 March 2007 15:10

NEWS

Microsoft Windows has the lowest number of vulnerabilities and the fastest turnaround time for patches of all commercial operating systems - but it also has the most serious flaws, according to Symantec.

Despite having the fewest security holes, Windows was hit by more critical flaws than either Red Hat Linux or Mac OS X, Symantec found.

Symantec's latest Internet Security Threat Report reveals 39 security holes were discovered in Windows during the second half of 2006, with an average patch development turnaround time of 21 days, up from the 22 Windows holes found in the first six months of the year.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Red Hat Linux had 208 vulnerabilities for the same period with an average patch time of 58 days, a huge increase on the 42 patched vulnerabilities for the first half of the year.

Apple's Mac OS X had 43 vulnerabilities - more than double the number for the first half of 2006 - and an average patch time of 66 days.

But almost one-third of the 39 Windows holes were high severity and 20 were medium severity. Just two of the 208 Red Hat Linux security holes discovered were high severity, with 130 medium severity and 70 low severity. Only one of the Mac OS X holes was considered high severity, with 31 classed as medium and 11 as low severity.

The report found that Windows also had the most vulnerabilities with exploit code and exploit activity in the wild, which Symantec claims may be one explanation why Microsoft has been pressured to develop and issue patches more quickly than other vendors.

Mozilla web browsers, such as Firefox, are also more secure than Microsoft's Internet Explorer (IE), according to the report.

It found 54 holes in IE during the second half of 2006, with one of these being of high severity, compared to 40 holes in Mozilla browsers, which had no high-severity vulnerabilities. Only four holes were found in the Safari and Opera browsers over the same period.

The latest Symantec threat report, which covers the six-month period from 1 July to 31 December 2006, also reveals the number of 'zombie' PCs hijacked by hackers and used to launch denial of service attacks or send out spam has risen by almost 30 per cent in the last year.

Arthur Wong, senior VP for Symantec Security Response, said attack methods used by cyber criminals are becoming more complex and sophisticated in order to escape detection.

Comments

There are 5 comments. Join the discussion

  1. 1. anonymous

    I just do not believe this article :-(

    • 25 March 2007 18:34
    • Add comment

  2. 2. Michael Fischer

    While not wanting to minimize the issues with Linux and Mac OS X, I really have to wonder about Symantec's system of classification. Surely the 'severity' of a security flaw must somehow be related to the empirical consequences of the flaw.

    In the same article we hear that the number of 'zombie' PCs has risen by 30% over the past year, while the percentage of zombie Macs and Linux machines has risen from near zero to near zero.

    Why bother with articles based on distorted company info just trying to raise alarm by using distorted measures to increase their sales. The charity could be put to better use.

    • 26 March 2007 09:32
    • Add comment

  3. 3. Dom

    Comparing OS with OS + applications
    What this article fails to say and is often
    overlooked is that most Linux distributions
    come with not only the OS but with several applications like Open Office, mail clients, etc.
    Therefore one must consider that when 200 + flaws are found in RedHat Linux this includes the applications bundled with it.

    A fairer comparison would be something like comparing RedHat Linux with Windows + something at least like Microsoft Office

    • 26 March 2007 11:16
    • Add comment

  4. 4. Graham Coles

    39 serious windows flaws versus 2 serious linux vulnerabilities, therefore windows has fewest security holes.

    Never in the field of reporting has such a stupid comparison been summed up by such a misleading headline ...

    • 26 March 2007 14:44
    • Add comment

  5. 5. anonymous

    Huh? Windows has fewest security holes.

    Below are quotes from your article:

    "But almost one-third of the 39 Windows holes were high severity. Just two of the 208 Red Hat Linux security holes discovered were high severity. Only one of the Mac OS X holes was considered high severity."

    "The report found that Windows also had the most vulnerabilities with exploit code and exploit activity in the wild."

    How about changing the title?

    • 26 March 2007 16:17
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters