Windows

Microsoft says Vista logged fewer flaws than other modern OSs

Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista. His conclusion: Vista logged less than half the vulnerabilities that Windows XP did in the same period of time and has fewer flaws overall than other modern OSs in his study.

Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista. His conclusion: Vista logged less than half the vulnerabilities that Windows XP did in the same period of time and has fewer flaws overall than other modern OSs in his study.

His report pits Windows Vista against Windows XP and other modern workstation operating systems, such as Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 in their first years.

comparison.jpg

Jones writes in his blog:

The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.

Jones notes that this report is definitely not an analysis of "the security," and makes no judgment on actual security factors, such as software quality, administrative controls, etcetera. It is not an attempt to prove if one piece of software is "more secure" than another. Rather, it is more of a vulnerability analysis.

Elsewhere, Vista received some kudos for the report. Excerpt from Dark Reading:

Vista underwent more quality assurance and security testing than any other OS, Mogull [founder of Securosis LLC] says, and it paid off. "The Trustworthy Computing Initiative has resulted in material improvements in the operating system, and other OS vendors should adopt similar practices."

Having said the above, how are the results of the report relevant to you? Does it influence you to opt for Vista, or at least to seriously consider its merits? Do share your thoughts with us.

In the meantime, you can download the report here. (PDF)

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

68 comments
Laura
Laura

Not to be a Smart"A**" but it's only sold half as much, a true test of security and reliability is only possible after broad use and exposure in the real world.

Tony Hopkinson
Tony Hopkinson

actually. Aside from an obviously and perfectly understandable bias, self serving justifications, and serious ass covering, I see no value in what they are reporting at all. XP -> Vista, anything considered in this report would be a bonus (to Vista) once you'd made that decision for other reasons, which may or may not make technical or financial sense. As for including other OS's read distros, open vs closed source is a consideration as is maturity. Most issues with vista upto press have been it won't run on my hardware or my software won't run in the OS. Other's existed in the code base already and were copied in, I bet none of them were logged as Vista issues. Technically sound but perception wise, the guy's XP box did work properly, the vista box doesn't, the distinction is irrelevant to Vista's main market, appliance users.

jdclyde
jdclyde

After all, MicroSoft would NEVER sit on a known exploit, would they?

Jaqui
Jaqui

1) they take a "collection of separate software packages" and count the exploits for all the packages as being against the OS. When they post counts for exploits against GNU-Linux they should ONLY count the software detailed in the package listing for Linux From Scratch and Do It Yourself Linux. that is the OS itself. 2) until Vista has at least the same number of users as GNU-Linux, they are effectively secure through obscurity, not enough installations out there for exploits to be found.

norb_houston
norb_houston

I remember using 98SE and loving it because it was so stable and not wanting to move up because it was going to force me to either A) upgrade or B) learn to live with a new OS that is more resource hungry.... Seems with every iteration of Windows they force you to live with something that requires more and more resources. I dont mind upgrading to a better machine, I do it these days just for fun. But imagine how great an OS would be if it just focused on performance reliability on average PC parts rather than "top of the line" hardware. Oh wait I think then we would have LINUX. Time and time again Linux proves its more realiable with the hardware you have than windows.

paulmah
paulmah

Do share your thoughts with us on this.

normhaga
normhaga

Check some of your facts please. Sometimes this is true, sometimes not. The flaws in Windows Media Player are counted against Windows but WMP is a separate add on product; ditto with Outlook Express, Notepad. Many claim that IE has seperate flaw counts but it is a part of Windows, in Linux FireFox, Evolution, Epiphany all have seperate flaw counts that do not count against Linux. The assertion that flaws in all the packages included with the typical Linux distro is misleading and usually the cry of the evangelist.

Oz_Media
Oz_Media

But reading the article, it is clear that this is intended to support the question between XP and Vista. The age old "why upgrade" issue is what they are trying to answer or prompt people to. Linux was included to keep teh Linux fans happy, If it wasn't listed, Linux junkies would be spouting about how "If they included linux things would be different!" So they did and, of course, the Linux junkies still complain as it is a pro MS conclusion, not pro linux. Defensive bunch really. Especially seeing as nobody has a worthy or relevant stake in either. It's just your pride in your personal choices that you feel are being challenged.

The Listed 'G MAN'
The Listed 'G MAN'

have been digging through Vista since RC1 to find exploits. It has nothing to do with the user install base as the general 'user' does not know where to look. The number of 'Experts' looking at Vista and any other OS would be around the same.

pccoder28
pccoder28

It pains me to say this as a Windows developer, but, yes, Linux is better, way better. I spend lots of time on a five-year-old Compaq 1.6 GHz, 512 MB, Suse 10.2 P4...the thing runs forever without incident, for months on end, without reboot or crashes, no matter what I run on it. I wish Microsoft Vista or XP worked like that!

The Listed 'G MAN'
The Listed 'G MAN'

your point is completely irrelevant to that of the subject. Why are you trying to steer the conversation away from the main subject?

normhaga
normhaga

that Vista logged fewer flaws in its first year than other OS's. Thats a fine claim, however the real issue should be how many flaws are there compared to other commonly used OS's today. After all was not Vista intended to be a replacement for those OS's, therefore the proper question is not the flaws of other OS's in their first years. Is there silence here?

jiw433
jiw433

Visa is a 100% worse on the frustration scale I hate it and wish I had never installled it. It is a pain in the ass from networking to simply getting programs to work with it. I give up getting vista to install drivers for my ipod.

mschoenberg
mschoenberg

I bought a new laptop with Vista Home Basic and it is running well I am a technician and have experimented with it and have few problems with it no more than with XP so I do not know why all the critisism as it is not Microsoft as much as it is the vendors who had 5 years to revise their software to work with it and the security it much better as far as new things it does have some new features but not enough to upgrade to it as for business I do not think they should be so afraid to go to it

pccoder28
pccoder28

I earn my bread in the Windows world, so it's in my interest to see MS do well over the long haul...I'm not an Apple or Linux evangelist at all. As someone who works with all flavors of Windows and with a few Linux distros daily as a developer, I have to admit that Linux wins hands down (Mac OS 10 beats Linux, IMO). Vista, when you really use it in a deep way, can always be counted on to lay an egg, as it were--as you delve into its 'power features,' you will find that this OS chokes about a third of the time (try it and you'll see!). Vista is starting to calm down where its mainstream feature set is concerned, but I find that it hiccups now and then (file downloads, file copies, and IE7 tend to lay an egg). I can beat my old SUSE Linux 10.2 box to death without incident...it works better than any OS I've tried (and I've tried dozens over the decades). An F-Secure Internet Suite install sent Vista into a tailspin, the system did its screen of death thing but to its credit, Vista's recovery tools worked way better than XP, so I never had to do a reinstall. Vista is probably just XP 2003 Server with new eye-candy, so I think we are really not getting a new OS at all with Vista. Window 7, or whatever they choose to finally call it, will probably be just MS's knockoff of Leopard. Let's just ask Jobs to release Leopard for the PC now and move forward!

Jaqui
Jaqui

it's only had fewer flaws.. BECAUSE NOBODY USES IT!!! [ the old MS fan cry about linux ... turnaround time ]:) ]

meb3v3
meb3v3

Although I'm very weary of ANY study done by companies that have a stake in the outcome of that study, I must say that my experience with Vista thus far has been a positive one. Way less vulnerability problems than I had with Windows XP when it came out.

debnmick
debnmick

Is this another one of those "studies" where they pile every vulnerability found in every available application together and count them as a single linux distribution while comparing it against a stripped down Windows with no other applications installed at all? Even with such a blatantly uneven comparison, both RHEL and UbuntuLTS have less unresolved vulnerabilities at the end of the listed term. Secure product? Would you like fries with that?

shady108
shady108

that microsoft made the majority of modern day o/s its about time they did something right :) still more than 10 years on and they still have buggy code!

jmgarvin
jmgarvin

Windows Media Play is bundled as well as OE and Notepad. IE flaws DO count as part of Windows because IE is so ingrained in Windows it's impossible to remove without breaking things. Firefox, Evolution, and Epiphany are bundled only with some distros. That's the difference. My assertion is that MS has embedded their software so deeply into the OS, that it is part of the OS.

jmgarvin
jmgarvin

Linux was included, but the results were wrong or screwed with so that it made Windows look more secure. The reality is that, while Vista isn't quite as bad as ME, it's just not Enterprise ready nor is it as capable as XP in the Enterprise.

pccoder28
pccoder28

Have to disagree again...I work in both worlds...MS OSs are just too complex, too buggy, and yes, they are not as secure. Window 7 amounts to an admission by MS that this is true...what I've heard about it is that they are going the Unix derivative (aka Linux, OS 10) route with a smaller and cleaner kernel, etc. Hey, anyone for Microsoft Leopard?

Jaqui
Jaqui

it's more that they used the same criteria that Secunia did in their recent report, where an Open Office or Firefox or MySQL or PHP .. [ ad nauseum ] exploit was counted against the OS. Linux would "show better" if they didn't include 3rd party software in the exploit count, specially when most of the 3rd party software runs on both windows versions and would increase the exploit counts for both if the same criteria was used.

Oz_Media
Oz_Media

Whether you can run your OS on an old transistor radio or Mickey Mouse watch is not the topic at hand. If you can't afford new hardware or just get off on running your daily chores on an old PII, then stick with what works for you, but that's not what is beig discussed.

norb_houston
norb_houston

Is it possible that this chart/stats could be skewed? As it was done by Microsoft?s Trustworthy Computing group.... Also can Microsoft and Trustworthy be put in the same sentence?

norb_houston
norb_houston

If theyre posting a chart of bugs vs fixes and Linux/windows/mac os is on the chart how is stating the flaws of Vista irrelevant? I mean the incompatabilities from games/applications only put out a year or two ago when tried to install or run on vista is endless. Then there's little window comes up telling you what Microsoft "recommends" you to do for incompatabilities or crashes of programs, this is about as useless as anything Ive ever seen. They either tell you to install the latest patch from the vendor and when done still crashes. So tell me the irrelevancy of an OS that crashes due to these reasons?

pccoder28
pccoder28

It's all about the underlying quality of code...that's why the post really is relevant...I don't believe that you can write a buggy and unstable but secure OS...I've been a developer for far too long to fall for that!

Forum Surfer
Forum Surfer

Now you know everyone is going to bash Vista for being resource intensive, forcing them to buy new equipment, not user friendly and full of flaws/security holes. This thread has no hope of staying on course. It's another Linux vs Windows thread in the making and after about 20 posts someone with a Mac while chime in, lol.

Oz_Media
Oz_Media

Having a new notebook preinstalled with Vista, I can say I have had a COUPLE of issues, Windows update hangs, but if you reboot I find it has finished and installed the updates no problem. It simply doesn't finish the install and reboot itself, somethign I am sure they will fix in time and not a working issue that hinders my day to day use. I prefer the way it recovers from potential disaster too, it seems to sort itself out very well. All in all, from supporting XP yet avoiding it entirely myself, I am quote surprised with how stable Vista is, and I run everything from 3D graphic design tools, AutoCad (lightweight), office and business tools, audio mixing (Cakewalk and CueBase) and even my vehicle diagnostic software for ODBII, of course a plethora of cool games too. It was great, right out of the box (noting that it did pull a lot of initial security updates right away, but at least they wre available and installed without issues.

The Listed 'G MAN'
The Listed 'G MAN'

just flaws found by the IT world. A world that has been digging for the last year or so now.

Oz_Media
Oz_Media

"Jones notes that this report is definitely not an analysis of ?the security,? and makes no judgment on actual security factors, such as software quality, administrative controls, etcetera. It is not an attempt to prove if one piece of software is ?more secure? than another. Rather, it is more of a vulnerability analysis" All you have to do is read carefully, before your hat gets too red.

The Listed 'G MAN'
The Listed 'G MAN'

you tell me? - you posted the allegation. Also please explain the analogy between 'Secure Product?' and 'Would you like fries with that? To me this implys that it is common, easy and fast - somthing you spent your post saying it is not.

normhaga
normhaga

It is also what the EU courts were told. The EU courts were shown different by many firms and as a result the EU courts ordered that MS release an IE free version within six Months. Six days after the ruling MS released a European version without IE integrated while MS payed the fine the same day. This was 5-6 years ago. Most users, it seemed, preferred the version with integrated IE and so it remains the most popular. IE 7 on the other hand really does integrate into the OS. The other issues, I can not answer at this time. I am willing to look into them, but I now have Emphysema and it chews into a lot more than my breathing.

Tony Hopkinson
Tony Hopkinson

File And Printer Sharing must be installed and enabled in order to install MSDE. C'est tres bizarre.

jmgarvin
jmgarvin

I've never understood that. So many freaky things are required to do tasks that are unrelated. Back in the Win2k/.Net 1.1 days, I had to use eventlog.dll to use Media Player and Powerpoint in an app I was writing...WTF!!?? What does eventlog have to do with that that is REQUIRED?

jmgarvin
jmgarvin

You'd have to ask one of the European folks on the board. However, in the US version, Windows Explorer still requires bits and pieces of IE. Look in your Windows folder and tell me that's not true.

seanferd
seanferd

Isn't that what MS told the DOJ about IE? Can't be removed because it is part of the OS. Ever since IE4, I believe, especially after the "Desktop Update" was installed. In anything after Win 98 it was built right in. My personal favorite example of MS-style integration is that sendmail.dll is required to use the Send to Desktop as Shortcut function. C'est bizarre.

Tony Hopkinson
Tony Hopkinson

It put's a whole slew of stuff under the windows folders. The suff in the IE directory is just the gui and some wrapper calls, the functionality is in the OS. Media Player will still dial out, you can still get HTML based emails in outlook.....

normhaga
normhaga

did run Windows without IE, that is until I had to access MS web sites. Do not believe me, first uninstall IE with the Windows add/remove Windows components, then go to the dllcashe and delete IE or if you wish move it to an external media and ignore the warning. Then delete IE from the Windows directory. Now reboot. Exluding IE 7, Windows runs fine.

normhaga
normhaga

On the other hand, have you ever used the European versions in which IE is not part the the OS? There is a difference between Windows Explorer and IE Explorer.

Tony Hopkinson
Tony Hopkinson

If you wipe out IE from windows, windows won't work, therefore IE is Windows and winmdows is IE. They are indivisible, while no one short of cross platform fanatics would argue that you should be able to run IE without windows, anyone with a functioning brain must question why you can't run windows without IE.

pccoder28
pccoder28

What's important to users is what matters here, not a Ballmer-sponsored report that mimics what the tobacco companies did concerning the safety of their products. What's important to users is a solid operating system for their personal computer: stability, feature-completeness, security and responsiveness are provided by Linux and the Mac, but Vista and XP fall far short. You can't smokescreen the truth with a dubious and flawed MS-disinformation report: Vista already has had more security and performance patches than an old hippie has patches on his old blue jeans.

Oz_Media
Oz_Media

Of course you do, that's why you are here. Scrolling down the posts, that's all you've done. You just disagree and parrot the same old same old each time someone posts a comment. as for using the new kernel, Novell did that nearly 10 years ago. So? It still doesn't detract from the report, which you haven't even read yet.

The Scummy One
The Scummy One

It does appear that they removed non default installed apps, and server apps and still came out higher. They also did both a server distro (without svr functions) (red hat), and a user distro (ubuntu) in the comparisons. P.S. -- I am not biased, I just hate MS....

pccoder28
pccoder28

I'm a MS man, not a Linux evangelist, and I've got more years experience than I want to count with the MS stuff. You're obviously not a programmer, because if you were you'd get it: the report you are so on about is pure bunk because buggy code (which is what Vista and XP really is) can never have less vulnerabilities--there must be more that are uncounted and undocumented. Any programmer knows that you can't get a silk (secure) purse from a buggy sow's ear (Vista/XP). Given MS's buggy code, it's idiotic for the report to claim what it does...it has to be MS propaganda. Don't blindly believe every report you read.

Oz_Media
Oz_Media

The original topic ISN'T sellign it. Either you need better comprehension or you at least need to read the report befor eggoing off half cocked. You have simply run through this whole thread looking to add your two cents for linux and argue anyone not shooting down Ms over Linux. It's an old game, one played on thise loser kiddie forums where they spend three weeks having a pissing contest over the same old, irrelevant argument. In forum terms it is called trolling.

pccoder28
pccoder28

Nope, I included the hardware stuff just to show that the code behind Linux is more sound...don't believe that buggy MS code that doesn't work even on new PCs is more secure than Linux...I ain't buyin' it and the original topic shouldn't be sellin' it!

pccoder28
pccoder28

Regarding the comment: "The bottom line, is READ THE FIGGIN REPORT! It's not locked in a safe under Gates' bed."...that's not sweetening the deal! I did, it's another piece of MS-sponsored trash. Do you want me to pick it apart for you or should I leave it to the reader as an exercise?

norb_houston
norb_houston

Before you have an aneurysm, its really not worth it.

pccoder28
pccoder28

Just wondering...you're comment hit the nail on the proverbial head.

norb_houston
norb_houston

You seem to have an issue with someone stating whats on their mind? So much for free speech and people wanting to speak their mind. Im certainly glad not everyone thinks like you otherwise we would all be drones. Dont assume you are smarter or better than all the rest of us. My training and certification has no bearing on how I feel about a certain OS. Ive read more than one report on OS bug/fix ratio's and comparisons.

Oz_Media
Oz_Media

It states exactly how and what was tested, what considerations were taken and that this is NOT a security comparison. When teh Os is incompatible with given software, it does suggest ways to resolve this. In your case you find it useless. To a new user it may be foundhelpful to at least know what it THINKS the resolution is, and that's EXACTLY what was taken into consideration for the report. Again, read it yourself before suggesting it is flawed. http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx How you guys got all your certs and degrees without the ability to read, comprehend and research is beyond me. No wonder it's so easy for untrained people to acquire such jobs over the 'trained' canidates.

pccoder28
pccoder28

Oz_Media wrote: "As a driver, these issues do nto effect me unless they effect the day to day performance of my car."....well, that's flat-out wrong, as any programmer ought to know--the soundness of the underlying OS greatly affects the "performance of the car," as it were. You also say that Visual Studio flaws are irrelevant to you...well, no, that is just technically wrong. The reliability and security of your applications rests on the reliability and security of the operating system and developer tools and frameworks: if those are bad, your apps will be bad, whether you personally have found the bugs/issues or not. You can't build a solid house on quicksand. I don't expect you to become a coder overnight, but before you attack fellow posters with a long and successful programming background, you'd do better if you took some basic programming courses yourself--you are really way off the mark with your comments.

Oz_Media
Oz_Media

I can pull any car apart and discover an endless host of flaws, engineering issues, manufacturing shortcuts, inefficiencies causing wasted fuel energy etc. As a driver, these issues do nto effect me unless they effect the day to day performance of my car. The same goes for an OS, the cases I cited were examples of what MY notebook is used for and what issues I've had, personally. as for Visual Studio 2005 having flaws, irrelevant to me. So perhaps yuo should find a real argument if you are determined to start one, and believe me, I am not the best to choose for it, ask anyone here. I have been seasoned to guys such as you who try to make something otu of nothing and dwell on irrelevant issues. Stay on topic, this is not a security thread or a debate on Linux vs MS.

pccoder28
pccoder28

I'm not just talking about application compatibility, I'm talking about the power features in Vista itself--try it out, you'll see! But as for app compatibility woes, Vista still produces 'funny bugs' when you test deeper, I mean really test! For example, Visual Studio 2005 is supposedly fixed in Vista, but that's not how it works in the real world (I'd know!). http://www.betanews.com/article/Visual_Studio_Incompatibility_Hits_Vista/1159382996

The Listed 'G MAN'
The Listed 'G MAN'

Sound like a lunchtime TV show! Today on Flaw Finders.... They roll in, pimp your security and then leave.

Jaqui
Jaqui

flaw finders, aka crackers, find more of them and start exploiting them than the IT Pros find. The crackers are working for their own interests more than the IT Pros are in finding them, and will put in far more hours than the Pro will. The larger the user base, the more criminal types will look for ways to exploit the os. edit, missing l in wild

pccoder28
pccoder28

Who here claimed anything was 100% secure? But IBM's i5/OS is to Volvo as Win XP is to a Ford Pinto....MS tends to err on the AMC Gremlin side of things.

pccoder28
pccoder28

This line from the original post should have given you a clue: "Jeff Jones, Security Strategy Director in Microsoft?s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista."...it's Pravda and Isvestia, MS-style! Did you read the pdf cited in the original post??? I almost died laughing; it was so transparently flawed, I cannot fit all I want to say about it in this little textbox--the most glaring issue is one of overall code 'footprint'...another blogger called MS out on that one in this thread. Most laughable, from your reply: "Linux does not make it as easy to secure, update, and fix issues with the OS, whereas Vista is quite easy to work with."...more FUD spreading re: Linux....my Suse 10 distro updates automatically, is more secure and it doesn't have a quarter of the "issues to fix" as does Vista. I'm running both side-by-side now: I'm doing my real work in Suse 10, and I play around on the web on my Vista toy, which is what Vista really is.

Oz_Media
Oz_Media

It was quoted directly from the article, not myself. You two questions are answered at the end of this post. "Microsoft?s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista. His conclusion: Vista logged less than half the vulnerabilities that Windows XP did in the same period of time and has fewer 'flaws' overall than other modern OSs in his study." I didn't write it, but perhaps I can help explain it, after reading the actual report. Firstly form Wiki: Examples of vulnerabilities (which I assume are included in the Vulnerability Analysis) include: Memory safety violations, such as: Buffer overflows Dangling pointers Input validation errors, such as: Format string bugs Improperly handling shell metacharacters so they are interpreted SQL injection Code injection Directory traversal Cross-site scripting in web applications Race conditions, such as: Time-of-check-to-time-of-use bugs Symlink races Privilege-confusion bugs, such as: Cross-site request forgery in web applications User interface failures, such as: Warning fatigue or user conditioning Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it Race Conditions Blue Pill (malware) So as you can see, there are vulnerabilities taken into consideration beyond simply how secure the system is against hackers. But again, if you need details on how this test was conducted, it would be up to MS to appease you, not I. You can read the full report of Jeff Jones' blog (http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx) , it states: [i][b]If it was possible to measure ?security? in one metric[/b], it would have to encompass a complex combination of factors including (but not limited to) the software quality, administrative controls, physical controls, and much more ? and even then, it would all be in the context of whatever security policy was defined for the systems in question. So, [b]this is not an analysis of ?the security?[/b]. I don?t look at protective mechanisms and see how they might protect in certain scenarios. [b]Nor do I look at security features[/b] and see how they might enable better privacy or help secure business process. And I certainly don?t look at how easy it is to manage the security policy for these products. [b]Is there anything in this analysis which will prove one piece of software is ?more secure? than another? No, that is not my intention."[/i][/b] Don't tell me you are one of those IT guys who did all his homework by asking for answers on TR. I'm sure you are intuitive enough to find this info for yourself if you question it. YOU ASKED: [i]Can you explain exactly what you mean by "vulnerability analysis"[/i] No, as I don't mean anything by it, I was simply quoting the aurthor. HIS explanation is shown above. [i]...and most important, of what use that is to the end-users of the OS in question?" The report is focused on teh users ability to run a stable OS. How easy it is to update, how intuitive the OS is for the user. As a user, this would mean it is easier to manage, update and work with without issues. something Linux is not, is user friendlt. certainly for IT staff it is great, I like Linux myself. For a newbie or common home user, Linux does not make it as easy to secure, update, and fix issues with the OS, whereas Vista is quite easy to work with. I hope that answers your concerns, should you need further answers, try posting on Jeff's blog. Again, http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx

The Listed 'G MAN'
The Listed 'G MAN'

Name it. 100% secure? Did not think so. Therefore not a Secure Product.

pccoder28
pccoder28

It seems to me what really matters, to the user, is what OS is the "secure product." Can you explain exactly what you mean by "vulnerability analysis" and most important, of what use that is to the end-users of the OS in question?

Editor's Picks