Today’s issue of Paul Thurrott’s WinInfo newsletter/column (read “Microsoft: Vista More Secure than OS X, Linux” on WinITPro.com) served as a reminder of the stuff I missed at TechEd in Orlando – my first year with exhibitor and staff (yes, they actually issued me one of those as well) badges. Subject: Jeff Jones’ Vista 6-month vulnerability report.
Jeff Jones is a Strategy Director at Microsoft’s Security Technology Unit. This is an update to Jones’ earlier 90-day report on Vista vulnerabilities. In this updated report, Jones outlines vulnerabilities announced and patches released for Windows Vista in the first 6 months since its release, and compares it with that of other “modern” operating systems like Mac OS X 10.4, and some Linux distributions like Red Hat Enterprise Linux 4 Workstation (RHEL4w), Novell’s SUSE Linux Enterprise Desktop 10 (SLED10), and Ubuntu 6.06. The Linux distributions reported on include the full distributions and a “reduced component set” consisting of essential/default components. The categorization of a vulnerability as high, medium and low severity is from the National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD).
The score-card looks interesting to say the least.
Reportedly, Windows Vista had the least number of vulnerabilities – and patches released in its first 6 months post-RTM. Jones drives home the point that Microsoft’s Secure Developoment Lifecycle initiative is paying off.
Draw your own conclusions from the score-card below.
Of course, the Linux crowd and the Mac fanatics will quickly dismiss this report on one pretext or the other, and this will do nothing to the endless runs of the Apple security commercials lampooning Vista’s User Account Control feature. (I love the Mac commercials – they’re funny, and very well done. However, given these numbers, the general tone and implications of Mac OS X being more secure than Windows Vista couldn’t be further from the truth. What’s more, Apple’s claims like “Apple engineers designed Safari to be secure from day one“, come off sounding like little more than the collective imagination of Apple’s marketing machine, given the security flaps it faced with it. Come to think of it, Mac OS X 10.4 does come close to Windows Vista as far as security goes.)
Read the complete report (PDF) on CSOOnline blog.
{ 1 comment… read it below or add one }
Hackers will feed on Vista in 2008, says McAfee
As Vista grows in popularity and surpasses the 10 percent market-share milestone, McAfee expets more hackers to start targeting the OS.
By Gregg Keizer, Computerworld, IDG News Service
November 26, 2007
Microsoft will face more than 40 vulnerabilities in Windows Vista next year as the operating system climbs past the 10 percent market-share milestone and malware authors really start to find flaws, a McAfee analyst said today.
“Most of the current malware has ignored Vista,” said Craig Schmugar, a threat researcher at McAfee’s Avert Lab — but that’s not because the operating system has been frustratingly secure. In fact, Schmugar argued, Vista has been a worthwhile target in the first year of its release.
“These people make their living writing malware or attacking users,” he said. “They’re driven by financial motivation, and only when market share has an impact will they really work on Vista.”
…………..