Monday, July 5, 2004

Lies, Damn Lies, and Statistics

Yet another my-OS-is-better-than-yours rant. Feel free to join in at
the chorus.

Computer
Weekly
has an article discussing the number of vulnerabilities discovered last year for each of the major OS's. Unfortunately, this kind of statistic fails to clear up anything.

MS had 46, Suse had 48, Sun had 60, etc.

You should notice that they gave you numbers but didn't enumerate the vulnerabilities. What's normally done is limit MS products to just those in the default install (usually just those that MS wrote). However, Linux and Sun includes other peoples programs on their disks. See the problem?

(Chorus)It's not which one is better, it's which one is managed worse!

If you're going to compare products, do it on a case-by-case basis. Mail client vs mail client. Browser vs. browser. Core OS vs. core OS. Exploit which takes the Internet down vs. Exploit which takes the Internet down. Ad nausium.

Any report which just spouts numbers makes me think that the source of the report suddenly has additional funding from somewhere, as we've seen this before.