New study says Linux is the MOST VULNERABLE Operating System?!?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody it's your friend and your guy who wears shirts that are just lovable gardener so today we're going to talk about a an article that I've seen pop up a couple times through all of my different news feeds the title of this thing oh wait what is the title of this windows10 isn't the most vulnerable operating system it's actually Linux Wow alright this I've seen this across a whole bunch of different news outlets TechRadar a couple others that is probably one of the most disingenuous and just completely wrong titles I've ever seen so the whole premise of this is the National Institute of Science and Technology or NIST just released they've they've ranked vulnerabilities reported last year for for operating systems and other software and a bunch of people did some math and figured out that apparently Linux is the most vulnerable operating system I just find that to be absolutely hilarious I mean it might sound counterintuitive to people who actually understand how vulnerabilities work how open-source software works but let's let's get into this because I think this is a kind of an insane proposition for people to be putting out there like what the what the heck so I found the best VPN com had some infographics that I'm gonna actually borrow for this video there's a link in the description to that post if you want to see the full thing with all the infographics I'm just looking at the ones that I think are most interesting and relevant to this topic so the first infographic we're gonna look at is breaking down vulnerabilities by vendor number one on the list is Microsoft with 6814 vulnerabilities and that's a lot that breaks down to twelve point nine vulnerabilities per product next we have Oracle with six thousand one hundred and fifteen and that breaks down to 9.5 issues per product and as we scroll down the list we eventually find our way to Linux now I wouldn't really consider Linux to be a software vendor the Linux kernel is its own thing but let's talk about this this number is very interesting because up until this point we've been looking at a software company the number of vulnerabilities they have and the like the average number of vulnerabilities per product that's listed on NIST's website but here's Linux this is this is the Linux one 2,370 reported vulnerabilities and that breaks down to an average of one hundred and thirty nine point four vulnerabilities per product okay this is a very nebulous I don't understand where like this number is coming from like what what is a Linux product right so we scroll down a little bit because I'm like trying to figure out like this I'm walking you through my whole process here as I'm reading this article because I'm like what what is this even meaning right I'll quote the article Linux was identified in the NIST national vulnerability database as experiencing the most reported vulnerabilities per product at one hundred and thirty nine point four which is likely because get this the software company is relatively young and has fewer products what are we talking about what are we talking about Linux is not a software company are you talking about like the Linux Foundation so I went to the Linux Foundation News website and I looked at the list of projects that the Linux Foundation actually lists on their website right so I actually so I count the number of things well I don't count because you know if you're a programmer you don't have to count I used the console to look up how many projects are listed on the page and apparently there are a hundred and seventy projects listed on the Linux foundation's website and so if you do the math that breaks down to thirteen point nine vulnerabilities per project on the linux foundation's website now obviously 139 point four is not thirteen point nine in fact that's a hundred times less than what NIST is reporting here so that would make me think that there are seventeen products listed according to NIST Vanar ability database that are coming from Linux the company whatever bro so I did I did a little digging a little bit I go onto their website and I find that indeed there are actually only 17 projects software products coming from Linux most of them seem to be either different versions of Linux for different hardware architectures or different tools for developing Linux or system deep so what is going on over there anyway so this this infographic needless to say is kind of bunk and that number really doesn't make any sense like if you understand Linux at all if you understand the Linux kernel the Linux Foundation how any of this works that is a completely arbitrary and meaningless number when you compare it to the output of software product there's software companies right like it just is a completely meaningless number alright so let's look at the next one and the the top 20 products over the last 20 years with the most technical vulnerabilities so number one on this list over the last 20 years is Debian Linux now Debian was actually released in 1996 it has remained a consistently updated and maintained project and in fact Debian is one of the oldest distributions out there it's one of the oldest Linux based operating systems in the world so it's no wonder that in the last 20 years it tops the list of vulnerabilities reported for it that's fine okay whatever number two is Android now Android is based on the Linux kernel but in every other way shape and form it has nothing to do with Linux just about every other piece of software that's built on top of the Linux kernel for Android is Android only and it really there's no comparison between Android and a desktop Linux operating system but it also is the number one most popular operating system in the world so it makes sense again that it's in the top two number three over the last twenty years is the Linux kernel the Linux kernel again that makes sense the Linux kernel has been in development since 1983 I think and so in that time there have been a lot of problems reported with it it's it basically runs the entire world except for the desktop operating system so it makes sense again that there would be a lot of development a lot of security research following the Linux kernel over the last twenty years we go down the list we have Mac OS and a bun two rounds out the top five with 2007 vulnerabilities reported now what's unclear here is if problems that affect both the bun 2 and Debian are reported separately I don't know the answer to that question but as we go down the list we have the iPhone iOS with 1600 vulnerabilities Windows Server 2008 with 1,400 windows 7 with 1200 Windows 10 with 1100 and Windows Server 2012 rounding out the top 20 products with 1050 over the last 20 years fair ok that's that's fair enough now what's interesting to me is that over the last 20 years we've gone through several different versions of Windows being the dominant we have Windows 2000 Windows XP Vista 7 8 and 10 and that's not counting server versions and so that's 6 that's 6 different desktop operating systems coming from the Windows product family and all of the reports for those things are separate because they're separate products whereas in the the Linux world Buford's go on forever and ever I mean there's very little end in sight in terms of Debian and so then the different versions of Debian aren't being broken down like the different versions of Windows seem to be so that might be the reason that there are artificially high or comparatively high vulnerabilities being reported for Debian and Linux whereas with it when it comes to Windows the the numbers seem artificially low but this infographic also has the the number of vulnerabilities reported in the year 2019 so let's talk about the hosts in 2019 Android was the number one most vulnerable operating system or I guess piece of software with four hundred and fourteen varner abilities reported that's a lot but also keep in mind again Android is the most popular operating system in the entire world the next is Debian with 360 again Debian is one of the most popular Linux distributions out there abun two is built on top of it there are many other distributions that are built on top of it so I think that makes quite a bit of sense that Debian has a huge number of reported vulnerabilities but let's talk about the actual total number of vulnerabilities per I don't know what you would call it operating system architecture you have the Linux based ones and you have the Windows based ones or let's call them NT base because kernels if you total the number of vulnerabilities per platform per architecture for Linux versus Windows you end up with one thousand one hundred and forty eight for Linux and 2,286 for Windows and that's just on this list this isn't counting anything else besides what's on this list right here in front of you right now now obviously there are many vulnerabilities that are going to be shared between products again something that affects the bun two is probably also going to affect Debian at least on the surface of it and the same goes for Windows I mean something affects Windows 10 is probably going to affect Windows Server 2019 so I think it's kind of a moot point but the fact is there are more windows Molnar abilities on this list then there are linux vulnerabilities on this list and that's when you even include android which is hardly linux right at worst I think this list is is misleading and at best it's providing an incomplete picture especially for people who do not understand any of this stuff it's not taking into account the longevity of some of these problems either while there are a few bugs that have spanned decades when it comes to Linux Microsoft kind of takes the cake here they are focused on legacy support they're focused on making sure that old software written for Windows 3.1 still works for Windows 10 I'm being a little hyperbolic here but you get the picture I'm trying to paint right the fact is open-source software is more secure by its very nature the fact that these small bugs and these big bugs are all being reported and all being fixed so long as there's a healthy development community around the project it makes for better software all around where on Windows there are so many old bugs that span decades I mean in 2014 Microsoft patched a bug that affected Windows all the way back to Windows 95 okay in 2016 they plugged a watering hole attack that allowed printers to install malware on the Windows system and just last year a Google researcher found a vulnerability in Microsoft's text service framework that affected Windows all the way back to Windows XP I don't really know how to end this video but don't believe the hype Windows is far more insecure than Linux it is far more insecure the Linux there's no comparison here if you do the math if you look at the facts Linux is the most secure operating system even with all these vulnerabilities being reported I just wanted to say thank you to everyone who watches this video you guys are the reason I continue to do what I do I love it here I love being able to talk to you guys and talk about like all the cool stuff that happens in the linux world and so yeah thank you so much if you believe in the work that I do you can support the show on patreon there's gonna be a link in the description you can get your name plastered here I'm sorry it's not there right now but I'm having server issues I've got to fix those server problems but it should be back by next time and if you want to see the latest videos that I produce before they go live on YouTube I have my videos now going live on library lb ry dot TV slash @thelinuxgamer and I've resolved the issue with the double uploads that was happening thanks to everybody at library for being awesome and working with me on that but yeah that's gonna do it for this video thank you so much for watching I'll see you guys in the next one bye

Info

Channel: Gardiner Bryant

Views: 128,514

Rating: undefined out of 5

Keywords: linux, gaming, The Linux Gamer, steamos, gnu/linux, steam os, Gardiner Bryant, linux overview, satire, critique, commentary, criticism

Id: KAXRlzr1u8g

Channel Id: undefined

Length: 14min 20sec (860 seconds)

Published: Fri Mar 13 2020