UPDATED: Security company defends Linux-is-vulnerable survey

By Matt Whipp

Posted on 8 Nov 2004 at 18:03

mi2g told us: 'Your point is a good one, However we are constrained by the OSs which
are deployed in the mainstream real world on 24/7 online machines at present. These are primarily Linux, Windows, BSD + Mac OS X. Based on all the feedback we received for our previous study, we felt that the security by obscurity argument could not be applied if there were at least 10,000 successful attacks against a computing environment.'

mi2g argues that it does not agree with the 'classical safety approach of breach percentage divided by market share percentage' to derive figures of absolute security. It suggests in an article that a higher market share and highly-targetted platform does not equate to a lack of security.

It prefers what it calls a 'relativistic' approach, where it factors in downtime over the 12-month period of the study, along with the availability of expert admins to keep a system running.

'In simple terms, all we are saying is that the probability of getting manually hacked for real, over one year, in the world in which imperfect computers and malicious humans exist is greater for Linux than Windows and lowest for Mac OS X and BSD. On the other hand, if the threat is from malware then it is a big concern primarily for Windows users and not other computing environments at this stage,' said DK Matai, Executive Chairman, mi2g.