|Vista One Year Vulnerability Report|
|Microsoft Issues One-Year Vulnerability Report for Windows Vista [windowsitpro.com] |
Microsoft this week issued a report analyzing the vulnerability disclosures and security updates for Windows Vista's first year on the market, comparing this information to similar first-year data for its predecessor, Windows XP, and contemporary competition such as Red Hat Enterprise Linux, Ubuntu Linux, and Apple Mac OS X. Not surprisingly, given the deep security improvements that the company made to Vista, Microsoft's latest OS came out well ahead of the other systems.
Windows Vista had 36 fixed vulnerabilities. This compared to 65 for Windows XP, 116 for Mac OS X 10.4, 224 for Ubuntu 6.06 LTS, and a whopping 360 for Red Hat Enterprise Linux 4.
As the article points out, this doesn't measure overall security. It just shows that there are fewer vulnerabilities affecting Vista over the period studied.
As usual, the vulnerabilities list includes the applications for Linux, but just the core OS for Windows - so the comparative figures for Windows versus Linux are at best meaningless, and at worst deeply misleading.
And what do they mean exactly by "fixed" vulnerabilities anyway? Does that mean that there could be a myriad of "unfixed" (and unpublished) vulnerabilities in Vista that they are not counting?
|And before Linux enthusiasts claim some sort of bias, Jones actually went to the trouble of discounting non-core components on the Linux systems tested. So vulnerabilities in open source products like OpenOffice.org, GIMP, and various development tools were not counted against those systems. "It is a common objection to any Windows and Linux comparison that counting the 'optional' applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS," Jones noted. |
I think this report has been criticized for including Linux applications in the past. It appears they tried to address that this time around.
|And what do they mean exactly by "fixed" vulnerabilities anyway? |
According to the report he analyzes the vulnerability disclosures and security updates offered for each platform. It would be hard to say how many unpublished vulnerabilities there are for any platform.
Number of vulnerabilities according to the report:
36 Windows Vista
65 Windows XP
116 Mac OS X 10.4
224 Ubuntu 6.06 LTS
360 Red Hat Enterprise Linux 4
So according to this report, Mac OS (based on FreeBSD) is more secure than Linux. Pretty logical, I think.
I wonder why users of free software have been so quiet about this report. If they have been so quiet, there should be something right about the report.
Am I wrong?
[edited by: bill at 2:37 am (utc) on May 10, 2008]
[edit reason] language [/edit]
Why does this report use different methodologies for calculating Windows vulnerabilities vs. OSX and Linux vulnerabilities (see under 'discovering unfixed vulnerabilities' on page 23).
This study never undertook to compare Linux vs Windows, it only sought to compare XP vs Vista (which is why those 2 are the only ones that share the same methodology and actually show data).
|While security improvement for Windows users is the key goal I am examining, it is also interesting to investigate how Windows Vista compares with other current operating systems. |
This is where the entire study becomes a bit of a joke, there is no data, just some graphs and a different way of counting bugs. How can you seriously compare 2 different things using different methodologies for reporting them?
I suppose it is no surprise that this marketing report was done by Microsoft for Microsoft.
Here is my scientific study proving that OSX and Linux are one million times as secure as Windows.
Windows viruses in the wild = billions
OSX viruses in the wild = 0
Linux viruses in the wild = 0
That means Windows is infinity less secure than any other OS.
It really doesn't matter what the report says because the Linux crowd (and yes I do run Linux in addition to XP and Vista) will always claim they are much more secure.
In fact, I recently read somewhere that Windows is infinitely less secure than any other OS out there today. So it must be true.
Page 17 contains Figure 9: Side-By-Side Comparison of First Year of Vulnerabilities For Windows Vista and Other OS Products.
Figure 9 compares Windows XP, Windows Vista, Red Hat, Ubunto and MAC OS X.
The author of the security report writes: "Figure 9 shows that the reduction in security vulnerabilities for Windows Vista is not just favorable as compared to its own predecessor [Windows XP], but is also favorable relative to other industry OS offerings."
Table 3: Summary Table for All Products Analyzed is quite revealing. Attention should be given to the row Vulnerabilities Fixed.
According to Table 3, it's clear the security offered by Windows Vista vs Red Hat's and Apple's. Ubunto is a free product so get a reliable nix Wizard to help you!
[edited by: bill at 5:14 am (utc) on May 20, 2008]
[edit reason] The original article has a direct link to the PDF already [/edit]
Two men are sitting at opposite ends of a beach. One is wearing full body armor and one is wearing bathers. One has a million dollar contract on his head and one doesn't.
Which man is safer, the one wearing body armor or the one in bathers?
Exactly right kaled, that's the price of popularity. The point is that many folks like to boast that Linux is much more secure than Windows.