Thursday, March 20, 2008


Hi Folks, today I gotta observation about the current defacements per Operative System.
It's still a fashion saying that Microsoft machines are insecure if compared to Linux machines, but what I figured out from the following diagram is the opposite.

From authoritatve zone-h statistics seems that Linux Server machines have been defaced more times then Windows ones. The numbers are so clear; (2007) 139502 machines have been defaced in windows domain and 306076 on Linux domain. In average one windows machines for 2,.. Linux ones. That's cool, and what I wanna say so far is that windows isn't insecure by default, some time.... is only a geeky fashion.
On the other hand, it dues to say that the major vulnerabilities are platform independent, they don't depend from Web Server or from the platform but they are depending from the distracted software implementation which is often the principal vulnerability cause.

Everybody needs to watch out about WebServices' security issues, for instance checking OWASP guideline and designing software keeping in mind the security aspect that every project must have. I believe we'll never know what is the securest system, because the most spread vulnerabilities (actually) come out from bad user applications, so in this case Microsoft seems to be more secure then Linux but again, it depends on the total number of user's applications that were running on the tested machine. So makes this graph sense ? I mean,... do you think that this graph is really useful to judge the current security scenario ? What it needs to be really useful ?


Lee Hinman said...

Do they have normalized statistics, where the bar is #-defaced divided by #-in-production? I'd be curious to see how the ratios stack up then.

Marco Ramilli said...

I hope so !! Else the stats is totally useless ....