Summary: GNU/Linux is patching flaws very quickly (almost immediately), whereas Microsoft hides flaws and patches them a long time after their discovery, sometime patching them secretly or only once attacks strike

Mr. Pogson has just found this news about a vulnerability that affects Vista 7 and all of its predecessors. It took Microsoft no less than about half a year to patch this vulnerability. Yes, check it out:

The software company on Tuesday released MS10-049 to kill the bug in Windows Server 2008, Windows 7 and 12 other versions of Windows that are still under support. The patch updates a part of the operating system known as SChannel, or Secure Channel, which is responsible for implementing SSL, which is also referred to as TLS, or transport layer security.

This patch Tuesday was the worst ever recorded (but Microsoft admits bluffing with the numbers, so it's impossible to know for sure]).

Either way, compare that to the speed of Debian's patch for the same issue:

I read that M$ has just patched SSL to comply with RFC5746, five months after Debian GNU/Linux did it... on 12 architectures and several versions. Who are you going to call when you need software for your IT system? Debian GNU/Linux!

Microsoft still promotes the mythology that half of Windows PCs are claimed to be zombies just because Windows is ubiquitous. Maybe it has a lot to do with Microsoft's shoddy patching practices, not supposed "popularity" which Microsoft loves to rave about like a cheerleader. ⬆

"The trouble with you, Andy [Hill, Microsoft developer], is you aren't willing to listen to schedules. When I tell you what the schedule is, you try to twist my arm to sign up to a schedule that I don't believe in. You learned that at the Steve Ballmer cheerleading school too, didn't you? Well, he's nuts, and so are you."

--Microsoft manager