[LINK] By the numbers: Windows vs Linux security
Wed, 3 Oct 2001 08:37:09 +1000
If you look at web servers, the Netcraft results are:
Apache 60.86% market share
Microsoft IIS 30.00%
So the MS argument that there are more security incidents with IIS because
it has dominant market share is not consistent.
Am I missing something here?
From: Rick Welykochy [mailto:firstname.lastname@example.org]
Sent: Tuesday, 2 October 2001 3:42
Subject: Re: [LINK] By the numbers: Windows vs Linux security
Tony Barry wrote:
> - By the numbers: Windows vs Linux security
> Linux and Microsoft enthusiasts have argued for a while now as to which
> is most secure. Are Linux vulnerabilities in the news less often because
> Linux code is so well-written, or because the Linux market share is so
> smaller? One way to get to the bottom of this dispute is to look at
> the numbers.
Well then, look at the numbers. First let's look at server numbers:
MS O/S servers approx 50%
Linux approx 20%
Other Unix approx 16%
Now let's look at the damage of latest worm: Code Red
(same link as above)
"At least 150,000 active sites spread over 80,000 ip addresses worldwide
have been taken down since the Code Red II worm was released."
Staggering numbers. I have *never* seen similar numbers for *nix systems
The numbers quoted in the ZDnet report mean little unless we look at the
of hosts infected. Once you do that, a picture of an entirely different
(a) most of the exploits on *nix systems are narrow in reach, often
cracking techniques to affect; none of the known exploits on *nix
systems are spread in
a worm/virus fashion as is seen on Windows systems; and their effects
(b) most of the exploits on Windows systems are broad-reaching, and are
easily spread by
script kiddies who simply copy old exploits, shake and stir, and release
them into the
wild in new more virulent forms;
(c) the stats discussed do not even touhc on Windows work stations (we are
here) ... once you enter that realm, all bets are off: Windows users are
Keep in mind that *every* exploit that has made big news in the mass media
over the past
three to fours years has been soley Windows based, at times wreaking
"billions of dollars
of damage" (their words, not mine).
Given that there is almost a 50-50 split between Windows and other systems
in the server arena,
one would expect to see similar numbers of attacks and machines brought down
in both camps,
other numbers like the "number of exploits" being equal.
This is clearly not the case.
Rick Welykochy || Praxis Services Pty Limited
"Yes means No and No means Yes. Delete all files [Y]? "
This message and its attachments may contain legally privileged or
confidential information. It is intended solely for the named addressee. If
you are not the addressee indicated in this message (or responsible for
delivery of the message to the addressee), you may not copy or deliver this
message or its attachments to anyone. Rather, you should permanently delete
this message and its attachments and kindly notify the sender by reply
e-mail. Any content of this message and its attachments which does not
relate to the official business of News Limited or its subsidiaries must be
taken not to have been sent or endorsed by any of them. No warranty is made
that the e-mail or attachment(s) are free from computer virus or other