The general customer perception related to the Linux and Mac OS X operating systems is that they both offer security as a default characteristic. By contrast, Windows is at the opposite pole, and a platform synonymous with lack of security, and the prevalence of vulnerabilities, exploits and attacks. This is why Microsoft has poured a consistent amount of effort into bulletproofing Windows Vista, making security the backbone of its operating system. Jeff Jones
, a Security Strategy Director in Microsoft's Trustworthy Computing group analyzed
four different platforms in 2006 in order to establish how each respective vendor responded to security vulnerabilities. Windows XP, Red Hat Enterprise Linux 4 WS, Novell Linux Desktop 9, and Apple Mac OS X 10.4 Tiger are the four Client OS products used by Jones in the comparison. You can also access two graphics with Jones' conclusions by clicking on the thumbnail at the bottom.
Defining days-of-risk as the exposure attack window between the moment when a vulnerability is publicly disclosed until a security patch is available to resolve the flaw, Jones measured the average time period Windows XP, Enterprise Linux 4 WS, Linux Desktop 9, and Tiger users were at risk during 2006.
"During 2006, the four client OS products had the following number of fixes: Windows XP SP2 had 90 fixes, of which 44 were High severity; Red Hat rhel4ws had 301 fixes, of which 91 were High severity; Novell nld9 had 232 fixes, of which 74 were High severity and Mac OS X 10.4 had 129 fixes, of which 35 were High severity," Jones revealed.
The actual receipt of security designed to deliver a safe operating system heaven is a combination of an obscure market share and limited attacks. Judging strictly by the volume of vulnerabilities patched by Microsoft, Apple, Red Hat and Novell in 2006, security is not inherent to the code in either Windows or Linux or Apple, and a simple risk assessment based on Jones' statistics reveals that Windows is exposing its users just as much - and even less than rival products - to attacks.