LinuxUNIX More Vulnerable Than Windows says CERT !! 7367

On Sunday 01 January 2006 19:43 boson

I really do wish that some of your people would read around subjects like this a little before posting.

e.g. note that "2328 Unix-Linux".

"AIX and Apple and FreeBSD and Solaris and Linux and SCO OpenServer and UnixWare vulnerabilities are all lumped together, for a total of 2328, making a direct comparison between Microsoft and anyone else nearly impossible" "Second, the Unix-Linux list duplicates items, counting a vulnerability more than once in the list. For an example, note that it lists Eric Raymond Fetchmail POP3 Client Buffer Overflow (Updated). However, the same vulnerability is listed, under the same breastle, four times. That's because it was reported in the week of August 10-15, again in the week of August 17-23, in September 6-13, and the week of November 9-16. Worse, for any comparison purposes, the same vulnerability is also reported as Fetchmail POP3 Client Buffer Overflow, so in reality one vulnerability is listed 5 times, making the total of 2328 meaningless unless you carefully comb through it to weed out duplications"

"All the links take you to the same description of the same vulnerability, CVE-2005-2335, which tells you that there are no known exploits for this vulnerability. So another issue with the list is that there is no distinction made between truly widespread issues that caused real-life damage and vulnerabilities someone noticed but no one ever exploited. There is a difference"

Same thing goes for the Windows list, in that it isn't accurate either.

As I say, do try to read around your subjects a little, and try not to be so gullible:-)