Technology news and Jobs arrow Information Technology News arrow Vista more secure says MS director
Vista more secure says MS director E-mail
by Stephen Withers   
Monday, 25 June 2007
Windows Vista has an improved security profile compared with XP, and a significantly better profile than popular Linux distributions and Mac OS X, according to a study published by Jeffrey Jones, security strategy director in Microsoft's trustworthy computing group.

According to Jones' "Windows Vista 6-Month Vulnerability Report," Microsoft released updates to correct 12 vulnerabilities in its new operating system in the first six months after Vista shipped to business customers. A further 15 known vulnerabilities remained unfixed, with NIST rating one as high severity, four as medium and ten as low.

He compares this with 36 fixed and three unfixed vulnerabilities in XP, 214 fixed and 59 unfixed in Red Hat Enterprise Linux (counting only those in a "reduced component set" that he feels is comparable to Windows), 74 fixed and 11 unfixed in Ubuntu 6.06 (similarly reduced), 123 fixed and 20 unfixed in Novell SLED 10, and 60 fixed and 16 unfixed in Mac OS X 10.4.

"In all four cases studied for the 6 month period after ship, Windows Vista appears to have a lower vulnerability fix and disclosure rate than the other products analyzed, including the reduced Linux installations," concludes Jones. "This affirms the early results that we found after 90 days and provides a supporting indicator that the Microsoft Security Development Lifecycle process and heightened focus on security is having a positive impact on Microsoft Windows in terms of fewer vulnerabilities."

There seems to be general agreement among commentators that Vista has benefited from Microsoft's increased emphasis on security compared with XP, but various holes are being picked in Jones' methodology when it comes to comparisons with other operating systems.

Should so-called silent updates (where neither the existence of the fix nor the vulnerability are disclosed by the vendor) have been included?

Should Microsoft's record be compared with those of specific Linux development teams rather than particular distributions?

Do the reduced component sets for the various Linux distributions actually provide a meaningful point of comparison with Vista?

Does counting disclosed patched and unpatched vulnerabilities provide a sufficient measure of an operating system's security profile?

Has Vista been around long enough for researchers to gain a true view of its level of security?

It is perhaps significant to note that Jones issued the report under his own name, not as a Microsoft document. While he did mention it in his TechNet (ie, Microsoft) blog, the main discussion and the report itself is hosted at CSO Online.{moscomment}

Please enable JavaScript in your browser to post your comment!

Tags See All Tags


Linux  Macintosh  Security  Stephen Withers  Vista  Windows 

Get stories like this delivered daily - FREE - subscribe now
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire