On UrbanBaby: Nanny vs. Daycare. Discuss!
BNET Business Network:
BNET
TechRepublic
ZDNet

June 15th, 2007

Windows v Linux - Days of risk in 2006

Posted by Ryan Naraine @ 9:56 am

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, McAfee, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Linux, Operating System, Jeff Jones, Microsoft Windows, Microsoft, Ryan Naraine

Microsoft’s Jeff Jones has released his “days of risk” comparison of security vulnerabilities fixed in the major workstation operating systems in an attempt to prove his controversial argument that Windows users are arguably safer than those using Linux, Mac OS X or Solaris.

I recently wrote about Jones’ presentation this year’s TechEd conference where he discussed the metrics and techniques used to keep track of OS vulnerabilities and offered an early glimpse at his ongoing 2007 report card.

On his CSO blog, Jones is providing more data, including this chart showing the average days-of-risk in 2006.

days of risk
“We see in this first chart of the average Days-of-Risk that during 2006, Microsoft provided fixes for publicly disclosed vulnerabilities the quickest on average at about 29 days and Sun came in at the far end with the highest average DoR,” Jones writes.

He has not yet released the promised data for the patch count during the first six months of commercial availability of each operating system. These numbers, Jones argues, will show Windows Vista has the best security profile when compared with the major Linux distributions.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 111 Talkback(s)
Bad eye = Bad view
Musta forgot about the ones they found
but didn't report for several months or
in some cases several years.

This article has EVERYTHING to do
with "number of patches"
and "vulnerabilites". You talking about
a game of marbles?... (Read the rest)
Posted by: Ole Man Posted on: 06/29/07 You are currently: a Guest | | Terms of Use
So Microsoft?s Jeff Jones really said that? Really?  WiredGuy | 06/15/07
Never fault anyone for lack of integrity  intrepi@... | 06/17/07
Ordinarilly I'd let this one go  Badgered | 06/15/07
Why not?  James T. Kirk | 06/15/07
the numbers may be accurate  mdsmedia | 06/15/07
Um Because he works for Microsoft?  Suicida| | 06/17/07
Number are misleading.  Rick_K | 06/17/07
Numbers aren't misleading - users are happy  Himagain2 | 06/20/07
Numbers?  Sagax- | 06/21/07
i'm a clown  admin@... | 06/18/07
I thought I would share...  ninhead79 | 06/15/07
Not really sure what to make of that  Badgered | 06/15/07
Anonymity  ehwood | 06/18/07
Roger A. Grimes is right for Vista's and WS Longhorn's Security.  Grayson Peddie | 06/15/07
I'd question that "28.9" number  CobraA1 | 06/15/07
I am going...  cashaww | 06/18/07
They already did  Freebird54 | 06/18/07
too much cash  admin@... | 06/18/07
(nt)Using one metric to evalutate anything is idiotic  toadlife | 06/15/07
Seems to be apples to oranges  shis-ka-bob | 06/15/07
Join the ZDnet/MS lovefest  Richard Flude | 06/15/07
If it's a MS press release Ryan passes it on as holy writ  TtfnJohn | 06/18/07
The issue is the user and one other thing  letranger66 | 06/18/07
Sorry...  cashaww | 06/18/07
Just don't get it  admin@... | 06/18/07
why its a flawed metric  doh123 | 06/15/07
Good point.  gotitright | 06/18/07
When does the clock start?  Yagotta B. Kidding | 06/15/07
No, that is not what he said  Qbt | 06/15/07
Windows vs Linux  xyz10_z | 06/15/07
They either fooled quite a few people here  Ole Man | 06/16/07
ole man  xuniL_z | 06/16/07
Zealots and religion  Rick_K | 06/16/07
You Apple Zealots are the most amusing!  John Zern | 06/16/07
LOL  Rick_K | 06/17/07
Not to nit pick  maldain | 06/18/07
Another thought about zealots.  yokwetahoe | 06/19/07
Another thought  Ole Man | 06/19/07
ROFL!  Chad_z | 06/18/07
Unfortunately...  ke_xtian@... | 06/18/07
Touche!  Ole Man | 06/18/07
Chad_z.. shocking  dolph0291 | 06/18/07
Just a few couter-points  JJQ1000 | 06/18/07
So let's see...  cashaww | 06/18/07
Abraham Lincoln  galileon | 06/18/07
windows vs. linux  warpuck@... | 06/22/07
The death of truth.  trentreviso | 06/16/07
Boom! Bam! Biff! Bop! Whoom! Kaboom! Kaplooey!  Ole Man | 06/16/07
The only thing that ever got stretched beyond the breaking point  John Zern | 06/16/07
And yet...  zkiwi | 06/16/07
DOH!  gotitright | 06/18/07
this article and most of zdnet isn't journalism  stevey_d | 06/16/07
A sad commentary on todays computer users  John Zern | 06/16/07
When someone claims to be...  Rick_K | 06/17/07
A sad day indeed.  gotitright | 06/18/07
Not really the fact is the numbers were  maldain | 06/18/07
finally some sense  admin@... | 06/18/07
Bush  joe@... | 06/21/07
I see...  Rick_K | 06/16/07
If this were true then why did I get trojans ?  intrepi@... | 06/17/07
Because you're a moron?  butler360 | 06/18/07
Well..  zkiwi | 06/24/07
Microsoft just doesnt get it  Suicida| | 06/17/07
It's called cherry picking.  Rick_K | 06/17/07
What's compared here?  scott1329 | 06/18/07
wait a second  patibulo | 06/18/07
OS Holes vs. Bundled Apps.  filker0 | 06/18/07
Not True  joe.smetona@... | 06/18/07
not true  sjaaxken | 06/21/07
MS...the GM of the OS world  ke_xtian@... | 06/18/07
lies  cdytcktt@... | 06/18/07
windoze vs. Linux  ator1940 | 06/18/07
windowz  admin@... | 06/18/07
Thanks for reporting on this...  8string | 06/18/07
In reality it's called consider the source  TtfnJohn | 06/18/07
Not True.  joe.smetona@... | 06/18/07
While some rants are childish  maldain | 06/18/07
Yeah, right  dolph0291 | 06/18/07
Why is this even a STORY??? ZDNet credibility dying  critic-at-arms | 06/18/07
Making a living...  gigaferz | 06/18/07
Agreed  mbabuskov | 06/22/07
Headline Poisoning  fireman949 | 06/18/07
DoR? This is basic TAT!  mjauneau@... | 06/18/07
The chosen numbers  ehwood | 06/18/07
The true test.  joe.smetona@... | 06/18/07
What emerges from Mr Naraine's article  mhenriday | 06/18/07
"What emerges from Mr Naraine's article"  Ole Man | 06/18/07
Average number of days before a production server needs to be rebooted  fakher@... | 06/18/07
lol lets test this out  Linux uSer | 06/18/07
Planned v Spontaneous Downtime  Jambalaya Breath | 06/23/07
Sure, and...  joe6pack_z | 06/18/07
Counts start at different points. BOGUS  gordon@... | 06/18/07
More ZDNet bs  dolph0291 | 06/18/07
lol lets test this out myself.  Linux uSer | 06/18/07
That doesn't pan out in my experience.  OKJoe | 06/18/07
He's not counting the big one.  Resuna | 06/18/07
Here is the problem  joe6pack_z | 06/18/07
You gotta be kidding!!  Barry.L.Smith@... | 06/19/07
linux  6jason6 | 06/20/07
For the love of all mankind use a spell and grammar checker.  maldain | 06/20/07
And, reality goes against the "information"  Dr-T | 06/20/07
Children  PinnacomX | 06/21/07
Yep, if they'd only add WGA (make that LGA) to Linux  Ole Man | 06/22/07
A diffrent view of the data.  jeff@... | 06/21/07
A bad view is more like it.  FatherJ | 06/21/07
Bad eye = Bad view  Ole Man | 06/29/07
Misleading Numbers  hanoveral@... | 06/21/07
Microsoft's logics  sjaaxken | 06/21/07
'Days of Risk' is an irrelevant term. It means nothing.  OKJoe | 06/22/07
Wrong Metric  rreinhold058@... | 06/22/07
I agreed with Wiredguy  nbc7321@... | 06/22/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here