stop using linux, windows patches security holes faster than linux

[µT6]

"Vulnerabilities in the Linux kernel fixed in 2012 went unpatched for more than two years on average, more than twice as long as it took to fix unpatched flaws in current Windows OSes, according security firm Trustwave.

Zero-day flaws — software vulnerabilities for which no patch is available — in the Linux kernel that were patched last year took an average of 857 days to be closed, Trustwave found. In comparison zero-day flaws in current Windows OSes patched last year were fixed in 375 days.

The gap in time between the patches being issued can partly be explained by the differing structures of open-source project communities and proprietary software vendors, according to John Yeo, director of TrustWave SpiderLabs for EMEA."

http://www.zdnet.com/linux-trailed-windows-in-patching-zero-days-in-2012-report-says-7000011326/

i will wait another 2 years to decide if go back to windows or not 

[AndrzejL]

interesting...

[rastus]

Microsoft Windows

    CVE-2010-5082 detailed by independent researcher on Sept. 14, 2010 and not fixed until February 14, 2012. Affected Microsoft Windows Server 2008 SP2, R2, and R2 SP1.
    CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012. Affected Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1.

Linux kernel

    CVE-2012-2100 is a correction to the fix detailed in CVE-2009-4307, which did not fully work on the common x86 platform. Trustwave considered this a zero-day due to availability of exploit information from the time of the original patch.
    CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.

The Trustwave report says the number of critical vulnerabilities, as determined by the Common Vulnerability Scoring System (CVSS) assessment of factors like potential impact and exploitability, identified in the Linux kernel was lower than in Windows last year, with nine in Linux compared to 34 in Windows. The overall seriousness of vulnerabilities was also lower in Linux than Windows, with Linux having an average CVSS score of 7.68 for its vulnerabilities, compared to 8.41 for Microsoft.

Windows had 34 zero day exploits versus 9 in Linux. One of the Linux exploits was considered by Trustwave to be a zero day as it was actually a flawed patch for a known vulnerability, at least it was a patch. A patch which partially works should be considered better than sitting on you a*** for 375 days and leaving your unpatched OS a big fat target. Another Linux exploit concerned the HFS filesystem used by a microscopic number of people. HFS is Apple closed source with all the attendant delays which go with fixing something like that; how many of the Windows exploits were slow in being fixed because Microsoft engineers were denied access to the source code?

[BubbaBlues]

Patches shmatches! Linux always has been and always will be 10 times more secure than Winders.

[µT6]

no!  read the facts, we are insecure here, run back to windows!!!   

[BubbaBlues]

I might have many insecurities, but Linux isn't one of them. 

[µT6]