Page 2 of 2

Virus writers aren't interested in stomping on your boot table or BIOS anymore. This is organized crime out to steal people's financial information, and if you want to cast your net as wide as possible, you don't waste your time on a platform with less than 5 percent market share (according to IDC).

Don't delude yourselves into thinking the lack of malware on a platform equals security and solid programming. That was the gist of far too many letters: Windows has the most viruses because it's the most inferior. Wrong. You Mac and Linux users are being left alone because it's not worth it to bother with you.

If overnight 90 percent of Americans began using Macs, the explosion in malware on Mac would knock you off your feet. And given Apple's slow response time (63 days vs. 21 from Microsoft), you might find yourselves wanting. The same holds true for Red Hat Linux.

What really mattered to me was the turnaround time. It doesn't matter whether you have a sprained knee or a gunshot wound. Would you rather wait a few minutes or a few hours when you go to the emergency room? Speed at plugging the hole adds to an operating system's overall security, along with the number of holes found.

Therein lies what I felt was the most salient point. Charles King even backed it up to a degree in the story.

As a company under constant assault, Microsoft has gotten fairly skilled at fixing holes quickly. All of the companies listed in the report showed longer delays in fixing security issues, so no one really has bragging rights. This leads me to highlighting one of the better letters on the subject.

"Also the average turnaround days value you give is not useful at all, as you do not break it out into turnaround on severe versus turnaround on medium and low severity. Obviously any developer will prioritise and fix the most crucial issues first, before moving onto the low priority bugs. This then translates to low severity bugs taking longer to address, because they are just that - low severity."

LATEST NEWS

UCSD Plans First Flash-Based Supercomputer
Digging Into N.Y.'s Antitrust Suit Against Intel
Analyst: Sony-Ericsson's Android Bid Is Late
Coupon Site Targets Black Friday, Cyber Monday
Microsoft Sites Up Big in Time Spent Online

That's fair, but I would counter that all security issues should be dealt with at top speed. Just because it's not a buffer overflow leading to a remote execution of some kind of Trojan doesn't mean you can take your time. Symantec didn't go into the issue of how quickly companies responded to severe bugs vs. low-priority bugs.

Habits built over time will reflect in the response to severe issues. If the time comes that you must respond quickly and your responses are equally flabby, your customer base will not be happy.

Then there was the comedy. Here are two letters that are comparable to several others I received:

you talk about OS and why did you leave out BSD ? for once be a neutral person and dont take sides.. I believe OpenBSD and other would be in the top spot.

Did you check the BSDs? If not, that is a serious oversight, and if you did that is a serious omission.

Um, guys? I linked to the report in my original story. There was nothing on BSD in it. It's a marginal operating system at best.

The rest of the responses ranged from disagreement to outright insult. I won't even dignify the accusations of a Microsoft payoff for the story with a response. At least the letters settled for being merely obnoxious. Some netizens are behaving far worse these days.

Many people indicated they had never read internetnews.com before finding a link to my story in the blogosphere. Don't judge us by one inaccurate headline. And to all the open source folks, keep an eye out for the excellent reporting by my colleague Sean Michael Kerner. Thanks for reading.

Andy Patrizio is a senior editor in the San Francisco bureau of internetnews.com.