Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista. His conclusion: Vista logged less than half the vulnerabilities that Windows XP did in the same period of time and has fewer flaws overall than other modern OSs in his study.
His report pits Windows Vista against Windows XP and other modern workstation operating systems, such as Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 in their first years.
The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.
Jones notes that this report is definitely not an analysis of "the security," and makes no judgment on actual security factors, such as software quality, administrative controls, etcetera. It is not an attempt to prove if one piece of software is "more secure" than another. Rather, it is more of a vulnerability analysis.
Elsewhere, Vista received some kudos for the report. Excerpt from Dark Reading:
Vista underwent more quality assurance and security testing than any other OS, Mogull [founder of Securosis LLC] says, and it paid off. "The Trustworthy Computing Initiative has resulted in material improvements in the operating system, and other OS vendors should adopt similar practices."
Having said the above, how are the results of the report relevant to you? Does it influence you to opt for Vista, or at least to seriously consider its merits? Do share your thoughts with us.
In the meantime, you can download the report here. (PDF)
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.