>Even before that it's already unfair to compare a closed-source product to an open-source system. Bugs are much easier to find in an open-source system
Ironically, wouldn't that make it even more unfair for Windows? Shouldn't all the 'millions of eyeballs' looking at the linux code be making it more secure?
>If you look at the big picture, it's not like Windows is known for it's security.
True, but security bugs are easier to reason about, than feelings.
We can't measure the number of security bugs, we're measuring how many get fixed. Fewer eyeballs on Windows would imply fewer discoveries, and fewer bugfixes as a result.
>We can't measure the number of security bugs, we're measuring how many get fixed.
The number of bugs found should be trending towards zero since millions of people have the opportunity to improve the source code and prevent the bugs from being introduced in the first place. There are ofcourse other advantages to having the source be open, but if there is no security advantage to open source, that's going to put a dent in some of its marketing.
>Fewer eyeballs on Windows would imply fewer discoveries, and fewer bugfixes as a result.
Why would fewer people be looking at Windows compared to Linux? Security Researchers don't really discriminate. Or did you mean just the MS developers? Hmmm, I don't know how many windows bugs were found through external sources vs internal. Perhaps someone has already done that analysis..
> Why would fewer people be looking at Windows compared to Linux?
As I wrote in the original post, this is because Linux is open-source. There are few people looking at Windows, simply because there is no source to look at, and as a result there are 10 times less people in the world who potentially even can look at it and check for bugs. That's why.
With Linux you need basic systems programming skill and ability to code simple exploits. With Windows you either need to be working there (and be assigned to this task) - or reverse-engineer, which is a much rarer and complicated skill.
> Shouldn't all the 'millions of eyeballs' looking at the linux code be making it more secure?
Yes, this is exactly what happens, from my experience.
-> more people look at code
-> they find (and fix) more bugs
-> the system is more secure, because all bugs are found and fixed, instead of being kept inside the code and being sold on hacker forums and agency surveillance projects.
You also know that Linux is not just one codebase from 20 years ago, it constantly changes and adds new features? Of course there will be new bugs (like any other recent OS).
Where is the evidence that this happens? Do you have data (Open vs closed) showing more security bugs were found through developers, versus external sources?
>-> the system is more secure, because all bugs are found and fixed, instead of being kept inside the code and being sold on hacker forums and agency surveillance projects.
Why would a hacker fix a linux bug for free, but chose to sell a windows bug? That doesn't make sense to me.
Ironically, wouldn't that make it even more unfair for Windows? Shouldn't all the 'millions of eyeballs' looking at the linux code be making it more secure?
>If you look at the big picture, it's not like Windows is known for it's security.
True, but security bugs are easier to reason about, than feelings.