Independent security analysis of operating systems/applications

[Vulpes Velox]

On Mon, 29 Oct 2007 09:14:23 -0500
"Doug Poland" <wisco.disco at gmail.com> wrote:

> Hello,
> 
> Recently some friends of mine have started to cite "studies" that
> assert Unix/Linux operating systems are now the most frequently
> attacked platforms.  My friends are not without bias, they work for
> a training firm that almost exclusively sells training for
> Microsoft-based platforms/applications.
> 
> Now my friends cannot cite the actual studies, and I am highly
> skeptical of their claims.  After about an hour of goggling, I could
> find nothing on the web to support such claims.  However, my friends
> are not liars, and I believe they have information from "somewhere".
> Is anyone aware of the existence of studies of this nature?  I would
> like to examine these data in an attempt to uncover bias or other
> obfuscation that may be present.  Conversely, if someone has
> pointers to independent security analysis of Operating
> Systems/Applications that does not clearly advocate one platform
> over the other, I'd like to know about that as well.

This really depends on how the study defined attacked. Does it have
to be rooted, attacked in any manner successfully, or does a failed
attack count as well? Depending on which is used, I can see it being
unix given the large number out there if it is defined as failed or
any successful attack counts. I know that at work I've seen a lot
more issues in regards to unix systems instead of windows, given the
large number of them compared to windows. Most of the time it is
crappy PHP code on shared hosting boxes or the like.