Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Vista more secure than XP and open source

Fewer reported flaws than all the others, says Redmond.

Article comments

Windows Vista was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years, according to a report from Microsoft.

The report, written by Jeff Jones, a security strategy director in Microsoft's Trustworthy Computing group, is part of Microsoft's effort to show that its work on redesigning the security architecture and adding new security features to Vista have paid off.

Jones also found that changes to the way Microsoft handles patching has resulted in less work for system administrators on Vista compared to Windows XP.

The report comes on the heels of figures from Secunia, which reported fewer vulnerabilities for Windows in 2007 compared to open source operating systems in the same time period. However, Microsoft's report compares the way each OS fared in its first full year of supported distribution.

Comparisons between different types of operating systems on the basis of numbers of public bug reports are often downplayed by security experts, who say they are only part of the picture. For instance, Linux-based OSs are composed mainly of third-party components whose bug reports are all known publicly, whereas third-party components play a small part in Windows and many bugs may be uncovered but not made public.

However, Microsoft's main interest with the new report is in convincing users that Vista - which has received heavy criticism over bugs and usability issues - is more secure and more easily managed than XP.

"The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor," said Jones in the report. "Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor."

In its first year Microsoft released 17 security bulletins and patches affecting Vista, compared to 30 for XP in its first year, Jones said.

Microsoft fixed 36 bugs in Vista compared to 65 in XP, and there remained 30 unpatched bugs in Vista, compared to 54 for XP in their first years.

The number of vulnerabilities fixed in Mac OS X and in Linux-based operating systems was higher in their first years, Jones said: 360 in Red Hat Enterprise Linux 4 Workstation, 224 in Ubuntu 6.06 LTS and 116 in Mac OS X 10.4.

The figures for Red Hat and Ubuntu apply to a reduced set of components, which Jones used in order to make the figures more comparable to those of Windows.

"It is a common objection to any Windows and Linux comparison that counting the 'optional' applications against the Linux distribution is unfair, so I’ve completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS," Jones wrote.

Jones compared the number of "patch events" during the year for each operating system, indicating the number of days out of the year that administrators needed to deal with patches for each OS.

"My analysis found that administrators were required to mobilise much less often for Windows Vista than any other product examined," he wrote.

Vista had nine patch events, XP had 26, Red Hat had 64, Ubuntu had 65 and Mac OS X had 17, Jones found.

Jones admitted that the figures do not indicate which operating system is "more secure" than the others, saying any such analysis would need to look at software quality, administrative controls, physical controls and other issues.

However, he said the figures were nonetheless important within their context. "This report is a vulnerability analysis, which may provide some elements that could be part of a broader security analysis," he wrote.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *