When a reader forwarded me the BugTraq link about OS vulnerabilities last week, I knew it was fascinating information that had to be discussed here in some capacity. But given that BugTraq's 2001 data was still incomplete, and some curious disclaimers about skewed results, I felt it was best to stick a mention of it in Short Takes, an admittedly irreverent end-of-week send-off that we've been publishing here for a couple of years in a blatant attempt to have a little fun. Maybe it shouldn't surprise me (though it did), but last week's Short Takes made the Slashdot forums yesterday, causing hundreds of responses from a bitter Linux crowd, eager to pick it all apart.
And that, folks, is what happens when you challenge assumptions. I'm not really trying to make a blanket statement here at all. For example, generalities (like "Windows is more secure than Linux") are barely defensible. But then WinInfo Daily UPDATE readers know how I feel about Microsoft security--heck, I made it my top story of 2001--but Slashdot readers, seeing that one blurb, do not. What I am trying to say is that Linux is not more secure than Windows. It's impossible.
What I'd like to know is why people can so blindly accept these generalities. There's nothing but anecdotal evidence to support Linux security and reliability claims ("my Linux server has been running non-stop for two years," a typical Linux hacker will gush). But Linux is not used on nearly as many real world systems as Windows. It's not the obvious target that Windows is, day after day. And yet, somehow, Windows, this most insecure of operating systems, boots up every day and just works. It gets the job done, and companies are betting their entire businesses on it. If it was really that insecure, that wouldn't be the case.
And you should see my mail. I've been told that the FBI has warned consumers not to use Windows XP, which of course never happened. I've been told that Red Hat Linux actually beat out Windows, vulnerability-wise, in 1997 and 1998 (You know, back when RH Linux had about 6 actual users). It goes on and on, but for every flawed argument I was somehow able to make in a one-paragraph blurb, I received about 100 insane, frothing emails containing dozens of equally wrong counterpoints.
Look, Microsoft needs to do a better job about security, as I've said before. But I refuse to believe that Linux would be any better than Windows if it was in use in the same number and variety of places. Why? Because I think with my head, and not with my heart.