Here is a classic case of bad reporting on CERT Security data not surprisingly by theRegister, the British IT equivalent of Jon Stewarts irreverent TV News Spoof Show- The Daily Report (see here the most recent hot water theRegister has managed to scald themselves in). Now to the quick business of setting the record straight.
If one just goes to the CERT report summaries – it is easy to see the problem. For the year 2005, indeed there were 812 Windows security incidence reports versus 2328 for Unix and Linux systems. One operating system versus all the reports for over 2 dozen Linux and Unix OS variants including Mac OS/X which is included in the group. One can clearly see the implications – more than 3/4 of the reported security incidents are updated variations as each version of Linux has different vulnerabilities. If one corrects for these repeated incident reports, eliminate the MacOS and Unix variants which overlap – then the true security reports for Linux are down in the 200-250 range depending on who and how the counting is done.
So if the Jokers at theRegister spread this mis-information – what do you think Microsoft PR will do ? Laugh all the way to the bank on it.