via Gizmodo (http://gizmodo.com/348437/microsoft-says-vista-more-secure-than-xp-osx-and-linux)


http://cache.gizmodo.com/assets/resources/2008/01/Picture%206.png

Uh oh. You've done it this time, Jeff Jones. As the security strategy director in Microsoft's Trustworthy Computing group, you've just made the bold claim that Vista, from a first year on the market comparison, has been more secure than Windows XP, Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4.

Your argument seems to break down the difference between researcher-reported vulnerabilities, the number of released patches and the amount of actual vulnerabilities left standing by the end of one year. And you gave us this sexy chart to examine.

http://cache.gizmodo.com/assets/resources/2008/01/Picture%208.png

In every category, Vista is either the lowest, or tied for the lowest. And since your argument seems to boil down to the logic: the less vulnerabilities, the less fixes, the more secure, Vista wins. Of course, from what our tiny brains make of the case, such an argument doesn't take into account factors like just how many people are trying to exploit a particular platform/vulnerability, or just how damaging each exploit can be. But from that strategic commander chair, you seems to think that these issues balance themselves out. Maybe you are right.

But I'm not waiting in the open to find out. I have an emergency bunker prepared specifically for such occasions because pissing off the Mac and Linux communities at the same time is a funeral I'm not attending...like that time you said Firefox was less secure than IE. Things got messy and someone cried.

Thats believable, they have done alot to secure the system.

just because ms didnt fix that many bugs doesnt mena there arent, im a vista user and i know lol even though it may be "secure" as far as malware goes, its screwed up in so many other ways.

Im also a vista user, and I really haven't come across any problems that would cause the system to crash on me.

It's secure, but not completely stable.

it's just from the viewpoint of a virus writer if you try to infect mac and linux computers you'll run into a dead end sooner there are so many computers using xp (or that CAN execute xp code) that it's what you will write for

also I'd say only 60-70% of xp or vista users even know what an OS is much less how to keep their computer secure whereas probably 95% of linux and 99% or so of MAC users do.

with a more informed user base an os becomes 10X as secure and 10X less likely to be targeted and it's 10X harder to spread viruses because of the smaller user base. so if you were to write a trojan to steal bank account numbers who would you target.....

mosat of the problems with vista are in general use, like file copying speed and time displays, lag when opening jpeg files (a particular anoyance for me), and its tendancy to denounce a program as not responding even if its just loading something.

I just recently had to repair a friends brand new Compaq with Vista Home Premium...Why? Because it had a virus xD!

I call b/s.

I have seen nothing but instability (another issue) and irritations from Vista. Its irritations are its insecurity. "Are you sure you want to run that" type of messages that can be turned off or blown through without reading are a very simple way to get an official looking named virus/malware up and running on a Vista machine. Disputing this by saying "I would never do something like that" is pretty secluded from the actual root user base, who is a 20 - 55 year old person whose computer knowledge is not far outside of "I can make a grocery list in Word" or "myspace is cool". Social engineering takes care of the rest. Remember LOVE-LETTER-FOR-YOU.TXT.vbs? Round 2 is coming.

There are a few important things to look at here:

1) Ratio of fixed to unfixed vulnerabilities. Although the number of vulnerabilities is much smaller, with Vista it seems that the ratio of fixed to unfixed is about 50/50 as opposed to 75/25 or below for all the other OSs.

2) Obscurity. In multiple ways. First, there are so few users (relatively) on Vista that it's not surprising that they wouldn't be able to uncover many vulnerabilities. On the flip side, those looking to exploit systems don't look first to Vista, because their victim base would be relatively small. A similar attitude would go for Redhat having so many vulnerabilities found, as it was designed to be used in a server environment, and as such would be a high target for attack.

3) The thing purposefully makes linux look ridiculously insecure. I would claim however that in large part the number of vulnerabilities exposed in the two linux distributions are inflated in large part to 'white-box' vulnerability searches. That is to say, as opposed to vulnerabilites being discovered by proding from the outside, users simply pour over the source code looking for things to fix. At the same time this explains why the amount of fixed vulnerabilities for the two linux systems are so high. As well as the fact that with source code being publicly availbile, all vulnerabilities reported and fixed end up being counted, whereas we only have M$' and Apple's word as to the actual number of vulnerabilities fixed.

One last note. Don't confuse vulnerabilities with bug. Although many vulnerabilities are bugs, many others are just poor planning or oversight. In the reverse, many bugs are not vulnerabilities. Things you can do to crash your system are often seperate from vulnerabilities.