There has been a lot of talk over the years about how Microsoft products are vulnerable to hacks. When I went through university many moons ago, Microsoft were certainly painted as the evil empire (not necessarily by individuals or as the university as a whole, more just an overall feeling), whilst we were the rebel alliance. We all had Linux boxes at home, running fvwm on X-Windows. And of course, one of the main arguments against Microsoft was that their products could be hacked. They were not secure, not reliable, not worth using in the real world.
Of course, I graduated from uni and got into the real world, and found that people actually did use Microsoft products (as well as others). I quickly got into both Oracle and SQL Server, and still there was a general feeling that Microsoft products (including SQL Server) were less secure than others. And it was easy to just accept this as probable fact.
I remember Jesper Johansson having a bumper sticker that said “My other computer is your Linux box”, which I thought was funny. It seems that Microsoft products are really only the most vulnerable simply because they have the word Microsoft on them. Seriously. This makes them a target, and because they are the most attacked, the net effect is that they are the most likely to suffer. Or something like that anyway.
So this morning, I came across an article which I found quite interesting.
Seems that Oracle has 3400% more (70, compared to 2) vulnerabilities. Of course, this assumes “proper execution”, and I imagine that lots of systems don’t do things that way. I think this gives even better arguments to grabbing some of the pre-built VHDs for applications like SQL Server, like this one. There are ones available through TechNet and MSDN subscriptions too.