Debian vs Windows and security, what is the truth?

Dimitris from our iGuRu.gr team presented an analysis of TheBestVPN and states that the operating system Debian has been the most vulnerable in the last two decades.

The same analysis states that in 2019 the Debian was in second place.

Below we will see some that are not mentioned in TheBestVPN analysis (really who are they?). The analysis, published by TheBestVPN, is based on data from the National Institute of Standards and Technology National Vulnerability Database (National Database of the National Institute of Standards and Technology) USA, but I think the way and the title that presented them is biased.

Why;

Take a look at the image below and count how many different versions of Windows there are:

You will find them Windows 10, 8, 7, τον Windows Server in all versions 2008, 2012, 2016, 2019, while the operating system Debian it is presented as one, while one is only its core Linux. Perhaps of course one could say that among all its versions Windows there are some common vulnerabilities. But why not say it too Linux;

According to the analysis, Microsoft founded in 1975 remains a very attractive target for attacks in 2019 as 668 vulnerabilities have been reported.

As of 2009, Microsoft had 6,814 vulnerabilities, which makes the company's operating system the most vulnerable in recent years. Oracle (6,115), IBM (4,679), Google (4,572), and Apple (4,512) are in the top five.

The Linux according to the same analysis it had reports of 139.4 vulnerabilities per product (?), because the "software company" is new and has fewer products!

What did the man say?

We quote the screenshot so that it does not change from one day to the next… Which software company is it talking about? and what does it mean that 139.4 vulnerabilities were reported per product since the "product" is one, if it speaks of Linux Kernel;

The above analysis does not seem to clarify exactly what happens to vulnerabilities, which does not make it so "scientific" and credible.

For example: In 2019 it reports 321 vulnerabilities in cPanel, a web management panel, and software. This application works on both systems (Windows και Linux). However, the total number (321) does not indicate where the vulnerabilities occurred, or whether some of them "stepped" on vulnerabilities in the operating system.

Respectively the vulnerabilities of the Fedora and Ubuntu distributions that existed? The list of 2019 does not mention anywhere Linux Kernel, have distribution vulnerabilities been measured separately while talking about a product?

Here we must add that distribution Debian is one of the constants that exist. It is no coincidence that many other distributions use it as a basis to create their own. See: Ubuntu, Mint, MX Linux, antiX, elementary OS, Zorin OS, Peppermint OS, Trisquel GNU /Linux, Bodhi Linux and does not cluster.

Due to the wide adoption of the distribution, the packages available to the public are many (it has more than any other distribution). A vulnerable package from an application, however, can not characterize an entire operating system as insecure. See Adobe packages at Linux και Windows.

Another point that we should stop at is the point where this particular analysis states what counts as a vulnerability:

“Denial-of-service (DoS) attacks were only responsible for about 10% of product vulnerabilities in 2019, but they outnumbered all other vulnerabilities in 2017. However, GitHub experienced the largest DoS attack ever seen in 2018 when its website went offline for about five minutes. Perhaps that's why there were only 919 DoS attacks in 2019 - companies took note and fit their products with necessary defenses. "

DDoS - Causes vulnerabilities: Do we know what we are writing here?

So, for better or worse, the data published by TheBestVPN seems to be missing the fine print, which would give us a more complete view of what is really going on.

More practical now: I use it debian years on my personal computers, without any antivirus. Each of my systems is upgrading normally, like any other operating system, and without the risk of returning after a reboot requested by the upgrade (I do not say names, nor do I show the Windows).