Debian vs Windows and security, what is the truth?

Dimitris from our iGuRu.gr team presented an analysis of TheBestVPN and reports that the Debian operating system has been the most vulnerable in the last two decades.

The same analysis states that in 2019 Debian was in second place.

Below we will see some that are not mentioned in the analysis of TheBestVPN (really who are they?). The analysis, published by TheBestVPN, is based on data from the National Institute of Standards and Technology National Vulnerability Database (National Database of the National Institute of Standards and Technology) USA, but I think the way and the title that presented them is biased.

Why

Take a look at the image below and count how many different versions of Windows there are:

You will find Windows 10, 8, 7, Windows Server in all versions 2008, 2012, 2016, 2019, while the Debian operating system is presented as one, while only one is the Linux kernel. Of course, one could say that there are some common vulnerabilities between all versions of Windows. But why not Linux?

According to the analysis, Microsoft, founded in 1975, remains a very attractive target for attacks in 2019 as 668 vulnerabilities have been reported.

As of 2009, Microsoft had 6,814 vulnerabilities, making it the company's most vulnerable operating system in recent years. Oracle (6,115), IBM (4,679), Google (4,572), and Apple (4,512) are in the top five.

Linux according to the same analysis had reports of 139.4 vulnerabilities per product (?), Because the "software company" is new and has fewer products!

What did the man say?

We quote the screenshot so that it does not change from one day to the next… Which software company is it talking about? and what does it mean that 139.4 vulnerabilities were reported per product since the "product" is one, if it talks about the Linux Kernel?

The above analysis does not seem to clarify exactly what happens to vulnerabilities, which does not make it so "scientific" and credible.

For example: In 2019 it reports 321 vulnerabilities in cPanel, a web management panel, and software. This application works on both systems (Windows and Linux). However, the total number (321) does not indicate where the vulnerabilities occurred, or whether any of them "stepped" on operating system vulnerabilities.

Respectively the vulnerabilities of Fedora and Ubuntu distribution that existed? The Linux Kernel is not mentioned anywhere in the 2019 list, have distribution vulnerabilities been measured separately while we are talking about a product?

Here we must add that the Debian distribution is one of the constants that exist. It is no coincidence that many other distributions use it as a basis to create their own. See: Ubuntu, Mint, MX Linux, antiX, elementary OS, Zorin OS, Peppermint OS, Trisquel GNU / Linux, Bodhi Linux and does not combine.

Due to the wide adoption of the distribution, the packages available to the public are many (it has more than any other distribution). A vulnerable package from an application, however, can not characterize an entire operating system as insecure. See Adobe packages for Linux and Windows.

Another point we need to make is where this analysis states what counts as a vulnerability:

“Denial-of-service (DoS) attacks were only responsible for about 10% of product vulnerabilities in 2019, but they outnumbered all other vulnerabilities in 2017. However, GitHub experienced the largest DoS attack ever seen in 2018 when its website went offline for about five minutes. Perhaps that's why there were only 919 DoS attacks in 2019 - companies took note and fit their products with necessary defenses. "

DDoS - Causes vulnerabilities: Do we know what we are writing here?

So, for better or worse, the data published by TheBestVPN seems to be missing the fine print, which would give us a more complete view of what is really going on.

More practical now: I have been using debian for years on my personal computers, without any antivirus. Each of my systems is upgraded normally, like any other operating system, and without the risk of reverting after a reboot requested by the upgrade (I do not say names, nor do I show Windows).