There are far too many variables (and far too many distributions!) to make a simple comparison between security on various distributions. Additionally, security is only one of the considerations you need to factor in when deciding on a particular distribution. Cost, ease-of-use, administration and performance are all other factors that should be considered.
Obviously, some distributions (both commercial and not) offer features that others don't. For example, SUSE's support for AppArmor or SELinux support in many distributions. In comparing the security of distributions, some of the factors I'd recommend considering are:
- Default installation security, i.e. how secure is the host when installed. For example, whether a firewall is enabled or are a minimal number of packages installed, etc.
- Availability and frequency of patches and updates. It's also worth reviewing previous security vulnerabilities that the distribution has had.
- Availability of features such as SELinux, GrSecurity, PaX, ExecShield
This was first published in April 2007