Coffeehouse Thread

57 posts

Vista More Secure then Linux and OSX

Back to Forum: Coffeehouse
  • User profile image
    eagle
  • User profile image
    Sabot

    "Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain.  Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:

    • Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
    • Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
    • A comparison view that combines both of these

    For the full details, or to print the report, you can download the report in pdf.

    For those that only want the executive summary, here is a key chart that shows the publicly disclosed High severity vulnerabilities during the first 90 days of availability, broken down by vulns fixed and vulns unfixed.  Note that this chart is showing the reduced Linux builds that exclude non-default and optional components without equivalents on WIndows.  (clicking the chart also gets you to the full report.)

     High Severity Vulns, Fixed and Unfixed in First 6 Months of Windows, Red Hat, Novell SUSE, Ubuntu, Apple Mac

    The results of the analysis show that Windows Vista continues to show a trend of fewer total and fewer High severity vulnerabilities at the 6 month mark compared to its predecessor product Windows XP (which did not benefit from the SDL) and compared to other modern competitive workstation OSes (which also did not benefit from an SDL-like process).

    If you share the opinion that Windows and applications ported to Windows get a higher level of researcher scrutiny than other OSes, then the 6-month results are even more positive.  If you don't share that opinion, then they still stand on their own ...

    Read, Enjoy, Forward.

    Best regards ~ Jeff

    Full Disclosure:  I work for Microsoft - read my previous blog post, Exactly how biased am I?.

    "

    Source

    Please lets not have a flame war about this!

  • User profile image
    Larry​Osterman

    uriel wrote:


    That particular report is rather flawed (they consider that Vista's anti-virus technology is no better than XPs even though neither Vista OR XP has anti-virus technology in the OS).

    Absent the headline, Ars article does a pretty good job of ripping the report to shreds.

  • User profile image
    Rossj

    eagle wrote:


    I am not questioning the findings (I still don't intend to jump to Vista yet), but why does he wait until the last page of the report to disclose that he works for Microsoft?  It's things like that which will have the zealots jumping on it.

  • User profile image
    julianbenja​min

    Rossj wrote:
    
    eagle wrote:
    Windows Vista 6-month Vulnerability Report


    I am not questioning the findings (I still don't intend to jump to Vista yet), but why does he wait until the last page of the report to disclose that he works for Microsoft?  It's things like that which will have the zealots jumping on it.


    It's not a news article, it's a blog post.  Anyone familiar with his blog will know he works for Microsoft.  The only people who will be "surprised" are those who don't read his blog, or people who come to one particular post (like this one) from a link from another site.

    Besides, most articles list the credentials (company) of the author at the end of the article.

    Edit*:  Also, the zealots will be jumping all over it even if it wasn't a MS employee.

  • User profile image
    eagle

    As if any zealot could be swayed by a paper or report.

  • User profile image
    phreaks

    LarryOsterman wrote:
    
    uriel wrote:
    

    Report: Windows Vista is no more secure then Windows XP



    That particular report is rather flawed (they consider that Vista's anti-virus technology is no better than XPs even though neither Vista OR XP has anti-virus technology in the OS).

    Absent the headline, Ars article does a pretty good job of ripping the report to shreds.


    Let's not forget who the parent company of CRN is, "United Business Media", hardly experts in security/vulnerability testing.

    They are basically a marketing company.

    it's like having your postman examine your automobile and him blaming your tires being bald on your Auto manufacturer. Perplexed

  • User profile image
    Sabot

    I think the whole concept of whether an OS is more secure than another is flawed now-a-days.

    The whole point of good security is now to train developers and users it's not just about the OS these days. Just pointing the finger at an OS is not good enough.

  • User profile image
    Stebet
  • User profile image
    Ray6

    Rossj wrote:
    
    eagle wrote:
    Windows Vista 6-month Vulnerability Report


    I am not questioning the findings (I still don't intend to jump to Vista yet), but why does he wait until the last page of the report to disclose that he works for Microsoft?  It's things like that which will have the zealots jumping on it.


    That's where everyone puts their disclosures. On the last page. Let's face it; no matter what he did, the zealots are going to jump all over it.


  • User profile image
    Ray6

    Stebet wrote:


    I think your problem was the slightly-less exciting headline .. Big Smile

  • User profile image
    Rossj

    Ray6 wrote:
    
    Rossj wrote:
    
    eagle wrote:
    Windows Vista 6-month Vulnerability Report


    I am not questioning the findings (I still don't intend to jump to Vista yet), but why does he wait until the last page of the report to disclose that he works for Microsoft?  It's things like that which will have the zealots jumping on it.


    That's where everyone puts their disclosures. On the last page. Let's face it; no matter what he did, the zealots are going to jump all over it.




    Unless it supported their POV in which case they'd be shoving it down everyone's throats Smiley

  • User profile image
    jamie

    re: urinal

    so you are comparing linux servers to... windows desktop clients?  or - thousands to millions?

    yes - the millions will have more problems than the thousands..

    ..hey look!  math!

  • User profile image
    Bas

    uriel wrote:
    How many viruses are there for Windows? How many for Linux? How often does a Linux computer get infected by spyware or a virus? I've never seen it. And Linux is of course, the #1 server OS, so many network connected boxes are running Linux right now.

    And the amount of hackers/zombies PC targeting Linux boxes is huge - I got to delete my SSH logs weekly because they get so big due to the brute forcing attacks.
     
    I'll admit I've seen Linux boxes get comprimised but it's usually because some stupid mistake by the admin (like giving root SSH access). Vista not having many patches is nice and all, but does that really mean it's more secure? Vista is more then just what people run on an OS, and until the Bonzi Buddys, "FREE SCREENSAVERS" of the Windows world disappear it's not going to happen.


    You're really annoyed that you can't simply dissmiss this blog post with a one-liner, aren't you? Smiley

  • User profile image
    Ray6

    uriel wrote:
    How many viruses are there for Windows? How many for Linux? How often does a Linux computer get infected by spyware or a virus? I've never seen it. And Linux is of course, the #1 server OS, so many network connected boxes are running Linux right now.


    The number of viruses on any given platform has nothing to do with how secure it is. Windows is popular, so it has more viruses. There is more money to be made from raiding an insecure home PC, and little chance of finding a Linux box in the home.

    uriel wrote:
    
    And the amount of hackers/zombies PC targeting Linux boxes is huge - I got to delete my SSH logs weekly because they get so big due to the brute forcing attacks.


    uriel wrote:
    
    Windows tends to be used by ordinary people who have live outside of the server room. They are more likely to be compromised because they are less likely to be experts in computer security administration.

     
    uriel wrote:
    
    I'll admit I've seen Linux boxes get comprimised but it's usually because some stupid mistake by the admin (like giving root SSH access).


    Thank you for making my point. The problem is usually a human one. An admin user leaving a box insecure. A user running some piece of junk software he found on the internet.


    ... is anyone else seeing a really weird looking page here?

  • User profile image
    jamie

    "since 1998"  to 2005 - or 7 years.  a whole million!

    thats still 1000's per year..

    millions to billions?

    the point is your comparing servers to desktops.. are you saying there are more linux servers than windows desktops?

  • User profile image
    PaoloM

    uriel wrote:
    How many viruses are there for Windows? How many for Linux? How often does a Linux computer get infected by spyware or a virus? I've never seen it.

    Well, ignorance is not an excuse. I saw many Linux boxes compromised and most of the time the user has no idea what's going on.
    uriel wrote:
    And Linux is of course, the #1 server OS,

    Er... no. Say hi to Windows Server ("outinstalling" Linux by 2 to 1 Smiley
    uriel wrote:
    And the amount of hackers/zombies PC targeting Linux boxes is huge - I got to delete my SSH logs weekly because they get so big due to the brute forcing attacks.

    Sorry, doesn't this go against your claim that there are no viruses for Linux? What are those attacks for?
    uriel wrote:
    I'll admit I've seen Linux boxes get comprimised but it's usually because some stupid mistake by the admin (like giving root SSH access).

    And this is different from a Windows user willfully installing malware... how?
    uriel wrote:
    Vista not having many patches is nice and all, but does that really mean it's more secure?

    Yes.
    uriel wrote:
    Vista is more then just what people run on an OS, and until the Bonzi Buddys, "FREE SCREENSAVERS" of the Windows world disappear it's not going to happen.

    I have no idea about what you're trying to say.

  • User profile image
    Harlequin

    uriel wrote:
    How many viruses are there for Windows? How many for Linux? How often does a Linux computer get infected by spyware or a virus? I've never seen it. And Linux is of course, the #1 server OS, so many network connected boxes are running Linux right now.

    And the amount of hackers/zombies PC targeting Linux boxes is huge - I got to delete my SSH logs weekly because they get so big due to the brute forcing attacks.
     
    I'll admit I've seen Linux boxes get comprimised but it's usually because some stupid mistake by the admin (like giving root SSH access). Vista not having many patches is nice and all, but does that really mean it's more secure? Vista is more then just what people run on an OS, and until the Bonzi Buddys, "FREE SCREENSAVERS" of the Windows world disappear it's not going to happen.


    Try this once in a while:

    --> Make a point

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.