Bink.nu Services

Subscribe to our feed 
Alerts 
 


Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 81 guest(s) online.

There are 0 member(s) online.

Sponsors



Popular Tags

Vista is still the most secure OS to date.
Posted by Sumeeth Evans June 21, 2007 8:10 PM with 3 comment(s)
Filed under:
 was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista - 90 Day Vulnerability Report.  It was about the earliest span of time I thought might give us some indicators, and the indicators did look good.  (Though, I did not give us an "A+", in spite of some of the attributions ;-)

Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain.  Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:

  • Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
  • Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
  • A comparison view that combines both of these

For the full details, or to print the report, you can download the report in pdf.

For those that only want the executive summary, here is a key chart that shows the publicly disclosed High severity vulnerabilities during the first 90 days of availability, broken down by vulns fixed and vulns unfixed.  Note that this chart is showing the reduced Linux builds that exclude non-default and optional components without equivalents on WIndows.  (clicking the chart also gets you to the full report.)

 High Severity Vulns, Fixed and Unfixed in First 6 Months of Windows, Red Hat, Novell SUSE, Ubuntu, Apple Mac

Continue At Source

Send via e-mail | Submit to Digg | Add to Live Favorites
2413 Views
Source: blogs.csoonline.com

Comments

 

lsproc said:

I don't think we can fully trust this report, as it was performed by a Microsoft employee. These kind of reports should be performed by an independant organisation that has no relationship with the companies mentioned for it to be fully trustable.
June 22, 2007 8:19 AM
 

Mike Dimmick said:

The disclosed vulnerability data comes from NIST, not from Microsoft themselves. The 'fixed' data comes from the vendors. All the MS employee has done is to collate and summarize it. Of course Microsoft could be, indeed probably are, withholding information on vulnerabilities disclosed to them but not publicly disclosed - but then so are the other vendors. He's also filtering out components that typically ship in a Linux distribution but for which there are no equivalents shipped in Windows, so that actually tends to make the Linux numbers look better.
June 22, 2007 12:18 PM
 

GP007 said:

I agree, many components that ship will linux and are either installed by default for some distros or manually by some users also have their fair share of bugs/security holes.  Not counting those does make the linux numbers look better. 
June 22, 2007 2:19 PM
Powered By IIS 7 Powered by ASP.NET
Bink.nu 3.0. Copyright © 1999-2010 Steven Bink. All Rights Reserved.
Microsoft and Microsoft logo's are trademarks of Microsoft Corporation.