security.itworld.com
  Search  
Security Home Page Security Webcasts Security White Papers Security Newsletters Security News Security Topics Careers ITworld Voices ITwhirled The Security site of ITworld.com

Microsoft: Vista more secure than XP and open source

 Techworld.com 1/24/08

Matthew Broersma, Techworld.com

Windows Vista was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years, according to a report from Microsoft.

On this topic
Spreading worm hits Nokia handsets
2008 Internet Security Trends Report
The Software Vulnerability Guide
Reputation-Based Mail Flow Control: Blocking Extreme Spam and Reducing "False Positives"
Get practical tips, IT news, how-tos, and the best in tech humor.

The report, written by Jeff Jones, a security strategy director in Microsoft's Trustworthy Computing group, is part of Microsoft's effort to show that its work on redesigning the security architecture and adding new security features to Vista have paid off.

Jones also found that changes to the way Microsoft handles patching has resulted in less work for system administrators on Vista compared to Windows XP.

The report comes on the heels of figures from Secunia, which reported fewer vulnerabilities for Windows in 2007 compared to open source operating systems in the same time period. However, Microsoft's report compares the way each OS fared in its first full year of supported distribution.

Comparisons between different types of operating systems on the basis of numbers of public bug reports are often downplayed by security experts, who say they are only part of the picture. For instance, Linux-based OSs are composed mainly of third-party components whose bug reports are all known publicly, whereas third-party components play a small part in Windows and many bugs may be uncovered but not made public.

However, Microsoft's main interest with the new report is in convincing users that Vista - which has received heavy criticism over bugs and usability issues - is more secure and more easily managed than XP.

"The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor," said Jones in the report. "Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor."

In its first year Microsoft released 17 security bulletins and patches affecting Vista, compared to 30 for XP in its first year, Jones said.

Microsoft fixed 36 bugs in Vista compared to 65 in XP, and there remained 30 unpatched bugs in Vista, compared to 54 for XP in their first years.

The number of vulnerabilities fixed in Mac OS X and in Linux-based operating systems was higher in their first years, Jones said: 360 in Red Hat Enterprise Linux 4 Workstation, 224 in Ubuntu 6.06 LTS and 116 in Mac OS X 10.4.

The figures for Red Hat and Ubuntu apply to a reduced set of components, which Jones used in order to make the figures more comparable to those of Windows.

"It is a common objection to any Windows and Linux comparison that counting the 'optional' applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS," Jones wrote.

Jones compared the number of "patch events" during the year for each operating system, indicating the number of days out of the year that administrators needed to deal with patches for each OS.

"My analysis found that administrators were required to mobilize much less often for Windows Vista than any other product examined," he wrote.

Vista had nine patch events, XP had 26, Red Hat had 64, Ubuntu had 65 and Mac OS X had 17, Jones found.

Jones admitted that the figures do not indicate which operating system is "more secure" than the others, saying any such analysis would need to look at software quality, administrative controls, physical controls and other issues.

However, he said the figures were nonetheless important within their context. "This report is a vulnerability analysis, which may provide some elements that could be part of a broader security analysis," he wrote.


Sponsored Links

Web Penetration & App Testing
Web Penetration Security Services. 300+ Clients. Free, Quick Quotes!
SOLVE SUPPORT ISSUES on the First Call!
REMOTELY CONTROL AND CONFIGURE SYSTEMS. Easily install applications, updates. All from your Desktop!
FREE network scan for VoIP, IM, Games & More
What’s on your network? Use the Sophos Application Discovery Tool to find out!
Protecting the Enterprise Network Through Web Security
New focus is being placed on securing Web-based threats.
Experience The Benefits Of Intel® vPro™ Technology
Get Built-In Security And Remote Management Capabilities. Meet Critical Business Challenges.
» Buy a link now

Advertisements
Sponsored links
Bring harmony to your mix of UNIX-Linux-Windows computing environments
KODAK i1400 Series Scanners stand up to the challenge
Locate Hidden Software on business PCs with this free tool
Top 5 Reasons to Combine App Performance and Security
Home  Vulnerabilities
www.itworld.com    open.itworld.com     security.itworld.com     smallbusiness.itworld.com
storage.itworld.com     utilitycomputing.itworld.com     wireless.itworld.com

 
Contact Us   About Us   Privacy Policy    Terms of Service   Reprints  

CIO   Computerworld   CSO   GamePro   Games.net   IDG Connect   IDG World Expo   Infoworld   ITworld   JavaWorld   LinuxWorld  MacUser   Macworld   Network World   PC World   Playlist  

Copyright © Computerworld, Inc. All rights reserved

Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.