In a new report, Is Linux More Secure Than Windows? from Forrester Research Inc., based in Cambridge, Mass., Computing Infrastructures Senior Analyst Laura Koetzle finds that both Windows and Linux can be deployed securely. Microsoft Corp., however, fixes security problems the quickest—which is a good thing, since it also has the most major security holes. Forrester found that many IT professionals believe that Linux is more secure than Windows, but Koetzle found that the real-world answer is more complicated than that simplistic analysis.
Koetzle believes, based on a survey of past security vulnerabilities, that security vulnerabilities follow a timeline—in other words, that they have a lifespan. In this lifetime, real vulnerabilities to attack are usually born with a public disclosure of the problem in a form like the Bugtraq security mailing list. Next, the ISVs or open-source developers prioritize the vulnerability and build a stable fix for it. Lagging behind these developers, unscrupulous hackers then start exploiting the vulnerability. However, it's only after one of them builds an automated script tool for unskilled vandals (aka script kiddies) that the number of attacks really takes off.
News source: eWeek