| |  |
Vista Security – The First 90 Days | Category: | Editorials (Computer News) | | Published Date: | 01/08/2007 | |
Comments
By Solutions Center WDP Staff
During the first 90 days after Vista's release, Microsoft made five vulnerability disclosures but fixed only one of the five flaws, according to a report issued by Jeff Jones, security strategy director for Microsoft's Trustworthy Computing arm. Whether these results speak well or not for Vista's overall security depends on how you look at things.
Jones' report has made for lively debate, though. In a posting on CSO Online , a resource site for security pros, Jones maintains that vulnerability and fix rates over Vista's first three months place the new OS several notches above some other operating environments, including Microsoft's own Windows XP.
In measuring Vista's vulnerability, Jones uses Vista's shipment to business users on November 30, 2006 as his jumping-off point, as opposed to its release to consumers in January of this year. According to Jones, the first public disclosure of a vulnerability in Vista didn't happen until December, after Vista was already out the door.
How did other OSs do over their own first three months, in comparison? Using the figures that Jones provides, Vista does seem to look better on paper than either XP, Red Hat Enterprise Linux 4 Workstation, RHEL4WS – Reduced Component Set, Ubuntu 6.06 LTS, Novell SUSE Linux Enterprise Desktop, or Apple Mac OS X V10.4.
For Mac OS X V10.4, there were 10 vulnerabilities already publicly disclosed prior to the shipment date of April 29, 2005, according to Jones. Apple fixed four of these during the first 90 days of ship. Also during the first 90 days, Apple issued patches for a total of 20 vulnerabilities affecting the release. But at the end of that period, there were still 17 publicly disclosed vulnerabilities that remained unfixed in Mac OS X V10.4.
But readers' responses, also posted on the CSO Online site, showed a range of different reactions. "There are lots of ways to manipulate security statistics," retorted one reader.
"From a marketing point of view, it seems to make perfect sense for Microsoft to hold back a few things in order to give Vista a good start and [to be able] to publish analyst reports like this, which [are] good advertising for Vista," wrote another.
On the other hand, Jones could be making some very valid points in his posting. Microsoft did slip its deadline for Vista. But the OS seems to have gone out with no known vulnerabilities. Did extra time spent on bug fixes, in advance of product release, actually result in a more solid product?
As previously covered in this space, another recent study, Symantec's 11th Annual Security Threat Report, found Windows as a whole to be more secure than any other competing OS, based on vulnerabilities and fixes during the last six months of 2006.
It'll be fascinating to see how Windows fares in Symantec's 12th Annual Threat Report. How many more security bugs will appear in Vista by then – and how long will it take for Microsoft to squelch them?
|
|
|
Back
|
Edit
|
| | | |
-
No Frills (ON, AB, BC): Campbell’s Soup is $1, Hungry Man Dinners are $2, Tropicana is $3/1.89 L
-
Toronto Hydro Will Pick Up Your Old Fridge or Freezer For Free (GTA)
-
September Specials at Well.ca: 90 Vitamins For $9, Mascara For $7 and Free Shipping On Every Order
-
Daily Deals: Tommy Hilfiger Tote Luggage for $37.49 & More
-
Free .Biz Domains (1 year) From 1and1 *credit card information required*
-
Today Only at WestJet.com: 50% Off Fall Travel in Canada, US, and The Tropics Before Dec. 17
-
IKEA, September 4-7: Twin, Queen, and King-Size Quilts Are $29 (Down From $39-$59) (GTA)
-
Dell Days of Deals, Day 3: Dell 19” Widescreen LCD $130, Westinghouse 1080p 42” HDTV $799 (Hot!)
-
NCIX Weekly Sale: Acer 18.5” LCD $130, AspireOne 1GB, 6 Cell, XP $390
|
| |
18.5% 
74.6% 