Windows Vista was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years, according to a report from Microsoft. The report, written by Jeff Jones, a security strategy director in Microsoft's Trustworthy Computing group, is part of Microsoft's effort to show that its work on redesigning the security architecture and adding new security features to Vista have paid off.
Jones also found that changes to the way Microsoft handles patching has resulted in less work for system administrators on Vista compared to Windows XP. The report comes on the heels of figures from Secunia, which reported fewer vulnerabilities for Windows in 2007 compared to open source operating systems in the same time period. However, Microsoft's report compares the way each OS fared in its first full year of supported distribution.
View: The full story @ PCWorld
Jones also found that changes to the way Microsoft handles patching has resulted in less work for system administrators on Vista compared to Windows XP. The report comes on the heels of figures from Secunia, which reported fewer vulnerabilities for Windows in 2007 compared to open source operating systems in the same time period. However, Microsoft's report compares the way each OS fared in its first full year of supported distribution.
View: The full story @ PCWorld
The source report: http://blogs.technet.com/security/attachment/2772991.ashx (24-page pdf file)
It is not really the first year. It may be the first year as being branded Vista, but the most of Vista is derived from other products. Vista, like OSX, was not coded from scratch. I also don't like "publicly disclosed" as a qualifier. Also, are they comparing just the OS, or are they also lumping in shipped software. Bottom like, these are not facts but marketing.
The "publicly disclosed" caught my eye too. One of the greater strengths of open source is that it is difficult to hide flaws. Everyone knows that MS is notorious for withholding information about security holes... they have their legitimate reasons, but that doesn't mean we have to like it.
They include tons of extra software such as Open Office or server software that may or may not be enabled by default on your installation but any security flaw in them gets marked as a "minus" for the distribution or Linux in general. Vista ships with practically no productivity applications to speak of - once you start adding Microsofts own software such as the Office suite or other server and application software the "numbers even up".
I could release a nigh inpenetrable Linux distribution that ships with nothing but a browser much like Vista - then I could put out pretty PR releases too. I can smell millions here.
/rant.
If I recall, in the past, Mr. Jeff Jones had done a "sum total" count on Linux, and got royally criticized for a shoddy analysis. He actually does take time to level the comparison. However, as I pointed out earlier, he glosses over the "unpatched" flaws. Primarily beating the "look at the numbers" drum.
It is just one aspect of security that must be considered. The time-to-patch, severity and so forth are not compared at all in this report.
Also, you've spelled kernel with an 'a', which makes me doubt you actually know what a kernel is, or 'shellcode', or anything else, really.
This should come as a surprise to no one since Vista is XP's successor and, as far as Open Source, just add it to the "Get The Facts" campaign.
I'm thinking also, it's SUPPOSED to work that way, isn't it? Duh!!
Unfortunately,
Vista fits right in under Windows Me, for all around crap OS, IMO.
Windows Vista was hit by significantly fewer publicly disclosed security flaws
Oh, so they do the count by checking how many flaws MS discloses publicly. Not by how many flaws exist, are found by 3rd parties we don't know about (and why would a botnet op disclose how they did it and let anyone else get the cash or close the holes?).... you know, this isn't exactly a scientific proof...
If it's so easy then find one. Find a bug in Linux code and show me.
Also Windows source is available. But only to smart people who really need it.
Not saying any OS is more secure than any other, but 7.04 of Ubuntu half way through it's '6 month lifecycle' had over 100 patches that needed to be applied. That's on par with WinXP SP2 which was out years ago.
And don't forget people that Vista includes a browser, media player, web server, mail client and various other apps (calender, address book, sidebar/gadgets, fax/scan apps, sharing/collaboration tools, image editor etc)
Whilst it doesn't include Office, it does include a lot which is sometimes included with OSS distro's too. With IE7, WMP and IIS on one box and with their reputation and the market penetration, it's harder and harder to state that Windows is a poorly secured platform compared to the rest of the market.
The fact is, the NSA find Open Source a better model for security, as you can see in their own distro SELinux: "Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system."
It's frankly impossible to imagine a day in which the NSA start using Windows as their OS of choice for critical spying and monitoring systems, and that is saying something.
Windows seems secure enough for the London Stock Exchange, British Navy Submaries, Accenture, BAE Systems Dubai Islamic Bank, Alliance & Leicester (including online banking), Boeing, Israeli Navy, Scandinavian Airlines, Virgin Megastores, HDFC Stock Brokers and hundreds of thousands more.
If Linux is the right choice for the NSA then that's fine. Linux is the right choice for various projects I undertake - but simply stating that one platform is more secure than another just becuase the NSA uses one over another proves nothing.
And as a British reader of Neowin, I have so little faith in the US Government's intellegence of late I take what platform they use to gather intellegence with a pinch of salt anyway.
I can argue that becuase Microsoft has more secuirty fixes then its more secure... as you could say, on average all new software to begin with has the same number of secuirty flaws (proportional to the lenght of the code).
Then... as OSX I believe contains twice as many lines of code as Vista, then OSX in theory would contain twice as many flaws. That is presuming both companies equally look into security.
Microsoft makes more money than Apple and so in theory can spend more on security so they would iron out more security flaws than Apple on release of a new product.
Also as OSX has a much smaller user base it will "find" a proportionally equally small number of flaws.
I have no idea where anyone comes up with this bo****ks about certain pieces of software being more secure than others.
It would be like me using 100 people and finding 10 needles in a hay stack. A haystack that had been cleared by 10 people before the 100 people looked.
Then comparing it to... 5 people and finiding 1 needle in a hay stack. A haystack that had been cleared by 3 people before the 5 people looked.
Its so complex to compare as you have to start looking at other facts such as people will look at the same parts perhaps and also that people are better and finish them etc. etc. There is no good method to date looking at which is the best in security of any of the top products.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.