A Microsoft security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP. In total, Microsoft has patched 12 out of 27 disclosed Vista vulnerabilities in the six months after it first shipped last November. During XP's first six months, Microsoft's security team patched 36 out of 39 known bugs. The data was published by Jeff Jones, a Microsoft security strategy director, who said that overall, Vista was doing better than XP. "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to its predecessor product, Windows XP," he wrote.
Jones didn't address the larger number of unpatched vulnerabilities, but he did note most of the unpatched Vista bugs were not critical. Microsoft had left only one high-severity Vista vulnerability unpatched during the period. At the end of XP's first six months, there were two high-severity bugs that were unpatched. Microsoft patched 23 high-severity XP bugs during its first six months, compared with only one high-severity Vista flaw. Jones argued that Vista had a lower number of vulnerabilities than competitive operating system products such as Red Hat Enterprise Linux and Mac OS X.
View: The full story
News source: InfoWorld
Jones didn't address the larger number of unpatched vulnerabilities, but he did note most of the unpatched Vista bugs were not critical. Microsoft had left only one high-severity Vista vulnerability unpatched during the period. At the end of XP's first six months, there were two high-severity bugs that were unpatched. Microsoft patched 23 high-severity XP bugs during its first six months, compared with only one high-severity Vista flaw. Jones argued that Vista had a lower number of vulnerabilities than competitive operating system products such as Red Hat Enterprise Linux and Mac OS X.
View: The full story News source: InfoWorld
Last edited by franzon on 23 Jun 2007 - 15:51
You see that 'First 6 months' on top of the OS chart, tell me, what do you think that means? After you figure that out, consider vista has sold more in the first 6 months than any other OS and 4-5 times more vulnerabilities [according to the document that graph was pulled from] are found today than in 2001, which means any particular OS should have five times the vulnerabilities. BUT GUESS WHAT, VISTA DOESN'T. You probably don't even know what I just told you.
OK, let's assume that is as big a factor as you want us to believe. How do you explain Mac OS X? Wasn't it supposed to be 'teh secure' as well?
Also, that one high severity bug in Vista wasn't really high severity, it is just listed as so. If you run IE 7 in protected mode, which is the default, the exploit can't do any harm. I haven't heard of the other ones this guy from MS listed.
Way to compare really old Linux systems (Ubuntu 6.06 was released in October and SLED10 was released years ago). Plus, these "high security" flaws in Linux apply to ALL of the software in the repositories (several thousand pieces of software) and not just to the kernel/select programs like on Vista. The two operating systems are totally different. Apples and oranges, people. You can make Linux totally secure if you want. On a server, they dont install anything but Apache, MySql, PHP, etc and there are no security flaws. There always is a risk when you run 3rd-party software.
Way to compare really old Linux systems (Ubuntu 6.06 was released in October and SLED10 was released years ago). Plus, these "high security" flaws in Linux apply to ALL of the software in the repositories (several thousand pieces of software) and not just to the kernel/select programs like on Vista. The two operating systems are totally different. Apples and oranges, people. You can make Linux totally secure if you want. On a server, they dont install anything but Apache, MySql, PHP, etc and there are no security flaws. There always is a risk when you run 3rd-party software.
Actually, you're mistaken. The reason the chart says "Reduced Linux Builds" is just that. Go read the original article and you'll see another chart for the full Linux builds. This chart actually shows Linux doing better because it doesn't have all the repositories included.
As for which systems were tested, when this test was done, Ubuntu 7.10 didn't have 6 months out yet. I don'y know about SLED, though.
Last edited by Ironman273 on 23 Jun 2007 - 17:03
[image deleted]
Way to compare really old Linux systems (Ubuntu 6.06 was released in October and SLED10 was released years ago). Plus, these "high security" flaws in Linux apply to ALL of the software in the repositories (several thousand pieces of software) and not just to the kernel/select programs like on Vista. The two operating systems are totally different. Apples and oranges, people. You can make Linux totally secure if you want. On a server, they dont install anything but Apache, MySql, PHP, etc and there are no security flaws. There always is a risk when you run 3rd-party software.
http://secunia.com/product/73/?task=statistics - 31 vulnerabilities in apache 2.0 from 2003-2007, so more will probably be found and the report is about vista which is a desktop operating system, so your comparison is apples and oranges and not even correct for that.
The reason all OSes were 6+ months old, is Vista has been around for 6 months as well. (Remember, it was released in the middle of November)
Sort of hard to show 6 months of statistics to a product that's only been out for 3-4 months, eh?
Further, a nix system with "only Apache, MySQL, PHP, etc"? Are you not planning to add a website? Because that alone opens the door to exploits'r'us.
The version I read (and posted) was "Vista more secure than OSX and Linux". http://www.neowin.net/forum/index.php?show...t=0&start=0
every Slashdot's news is modified in in order to spread FUD on Microsoft and Windows.
Slashdot is an untrusted source because it modified the original Jeff's report about the first 6 months OS vulnerabilities. The original Jeff's report says that Vista had a lower total and a lower high-severity vulnerabilities than XP, Linux and Mac OS X.
Last edited by franzon on 23 Jun 2007 - 16:06
Last edited by J_R_G on 23 Jun 2007 - 16:14
And actually, Linux has more disclosed bugs and the other OS's have more bugs, unpatched or otherwise than Vista.
Slashdot is retarded.
Windows RULES!!!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.