Slashdot Mirror
More Than Half of Known Vista Bugs are Unpatched
MsManhattan writes "Microsoft security executive Jeff Jones has disclosed that in the first six months of Vista's release, the company has patched fewer than half of the operating system's known bugs. Microsoft has fixed only 12 of 27 reported Vista vulnerabilities whereas it patched 36 of 39 known bugs in Windows XP in the first six months following its release. Jones says that's because "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to ... Windows XP," but he did not address the 15 unpatched flaws."
announce something like that? That's not exactly the best PR for Vista. Then again Vista isn't exactly good PR for Microsoft.
In a world of acronyms, the words are the real victims.
First, the author of the submission doesn't know the difference between a bug and a vulnerability. Second, the title ought to read: "Vista Vulnerabilies are Less Serious than in XP" (and there are fewer vulnerabilities in Vista than in XP in total).
That's the reason why only half of them were fixed while in XP most of them.
I've got two older brothers, I don't think that makes me stupid. ;)
http://twitter.com/onion2k
What if the Hokey Pokey really is what it's all about?
Big deal. The VA has been trying fix VistA since 1985.
The previous comment is purposely vague and generalized, but all of the facts are completely true.
Why would anyone bother putting out security patches for an OS that nobody uses yet? Security through obscurity and all of that nonsense.
What I'd really like to know is why critical vulnerabilities in IE7 are thoroughly ignored, even though it's available to install on XP (and yes, hard as it is to believe, people are actually using it _instead_ of Firefox/Safari/Your Favorite Flavor here...)
Jones says that's because "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to ... Windows XP,"
So, they're not fixing the bugs because Vista is less buggy than XP? Whatever happened to fixing it because it was broken?
When our name is on the back of your car, we're behind you all the way!
So naturally his IQ is 3 points lower than his older brother XP.
Apparently the developers of Vista are following that trend too!
I know our hobby is slagging of microsoft, but hey, copying Linux seems to be working out for them.
Oh, damn. My carefully crafted, pro microsoft reply, slipped into the usual M$ bashing. They are such an easy target. I can't help my self. Just like women drivers. I don't mean to joke at their expense, but sometimes the jokes, they slip out. I mean, I asked my girlfriend if my indicators were working and she said 'Yes. No. Yes. No.'
An oldie but a goldie. Feel free to use that one.
monk.e.boy
Open source, flash charts
The simple fact is, there are still more XP loaded systems than Vista. Vista isn't yet a target except in areas where XP and Vista share the same flaw. ...I kinda hope it stays like that for a while too.
http://www.engadget.com/2007/06/22/report-vista-mo re-secure-than-os-x-and-linux/
An article on engadget that is pointing to the EXACT same data...yet the title there most certainly provides a seriously different outlook does it not? I do not blame anyone, however, as if I had seen an ACTUAL nuetral title along the lines of 'microsoft employee posts dubious data of questionable usefulness to anyone except PR departments' I would without doubt have just scrolled on...
They have made the underlying security model so damned complex that it takes 6 months to figure out how to patch a bug/whole.
Those 27 disclosed vulnerabilities cover some or all of the 237 patents that Microsoft has. Dont you dare fix any of them with a third party tool. You will be violating the patent rights of MSFT!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
so I might as well as say it, use linux.
I wonder exactly what the data would be like if you compared vulnerabilities in 3rd-party software AND Microsoft issues vs. security problems in Linux distributions?
XML is like violence. If it doesn't solve the problem, use more.
Film at 11.
Our new Botnet Overlords.
Cheers,
Kilgore Trout
What I would like to know is what the guy actually said. The article starts by saying that half the BUGS were fixed and then starts talking about half of the vulnerabilities and then uses the two words interchangeably.
Did the guy say half the bugs or half the vulnerabilities? Half the vulnerabilities seems bad to me. Half the known bugs is not bad at all- in fact I would consider that somewhere around par for software development.
Either way I agree it sounds bad.
oh my!!!
CTRL + F Funny ---> I had you!!!
The little girl who got paid to write this article needs to keep doing whatever physical favors she is performing for the publisher to keep her job. Obviously, writing factual articles is not her cup of tea.
Vulnerabilities aren't bugs and bugs don't always get fixed. Note how nothing in her FUD-laden drivel there's nothing about anything actually impacting her. It's all about the things that don't affect her, she doesn't understand, and shouldn't be spewing forth on the internet in paid fashion.
You are so good at it.
It's not that it brings nothing new to the table, it just doesn't bring anything new that I need. The interface is pretty, but that alone is not worth the cost.
XP works for me. It does everything I need it to do, runs all the software I need it to run. Maybe in the future that will change, but seeing as I am only 6 months into my typical 2 year upgrade cycle, I don't see me needing Vista for at least another 18 months. Maybe by then it will have matured a bit and the vulnerabilities will be patched adequately. Then again, maybe XP will support the new tech that I will upgrade to, and I can milk this XP license a while longer
-----
Übergeek Necktie T-Shirt
Funny Shirts @ ProStoner.com
About their patch time being 29 days to OSX's 46 and hundreds for linux?
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Jones argued that Vista had a lower number of vulnerabilities than competitive operating system products such as Red Hat Enterprise Linux and Mac OS X.
Microsoft has acknowledged that they include secret undocumented patches in hotfixes, patches that would count against their "score" if they were required to count them... open source software doesn't have the luxury of hiding their dirty laundry like that. And it's not just Linux that suffers from that "disadvantage", OS X has an awful lot of open-source components, and many of Apple's updates have been patches rolled in from them.
Microsoft's gaming the system here. Statements like this should be granted no credibility.
... who exactly is surprised by this? I mean, they could be not addressing the issues because the slow pickup of the OS or maybe due to some other patent issues, but the fact that M$ would push out a bugged OS and then not expediently address the bugs can't possibly surprise anyone. I would assume they just patch enough to keep the user base quiet and then figure "we'll get it right on the next one." Seems that many hardware and software developers have adopted this stance of instead of taking the time to refine and perfect one thing, they push out a bunch of crappier things in the hopes that they get it right on the next iteration. Infuriating!
Future indie game developer of America (and possibly Canada)
First sentence is correct. Author didn't distinguish bug/vulernability.
The second sentence, while double-plus-good Microsoft PR speak, is critically flawed reasoning.
If the parent said "Known Vista vulnerabilities..." I would agree, but that still glides over many fundamental liabilities that Microsoft products push onto the customer like:
1. The concept of security in Microsoft products means protect Microsoft's intellectual property.
2. No one can reasonably predict the scope or scale of Microsoft vulnerabilities.
3. Given Microsoft's history of producing "secure" operating systems, it is reasonable to assume there is no evidence end-user security features makes it through to the end product. Note carefully, Microsoft has *very* talented programmers who can code securely after all their monopoly status affords them this luxury. I'm saying that their work doesn't make it all the way through the management gauntlet. UAC is a perfect example. It is not a security boundary. http://blogs.zdnet.com/security/?p=175
The Vista train will pull out of the station eventually because Microsoft's monopoly makes this a sure thing. As every other Microsoft OS has shown, there will be critical vulnerability surprises. It's a matter of when, not if.
Got Trader Joe's? friendwich.com RSS feeds work now!
Glad you set me straight on that one. I guess this means I woun't have to tell my office mate I 0wn3d his system late yesterday then. Didn't happen because that would be virtually impossible now wouldn't it? Must have just been my active imagination watching his reaction to his new Folding@home screensaver a minute ago. EAL4? Yea, right.
Care to give some details on what you did? I'm not going to hold my breath!
One failed product does not damage a monopoly.
Got Trader Joe's? friendwich.com RSS feeds work now!
No, this is not Slashdot spin. It's a direct report of the original source, Security World:
So that's the journalist's opinion.
You can also note the direct carry over of M$'s laughable position that Vista is doing better than XP. Windoze has never been and never will be a safe and secure place for your data and this shows, even if you accept the M$ numbers. They've wasted all their effort making life suck for the end user with digital restrictions and competitor sabotage instead of addressing fundamental security issues. Vista is more of the same from a company that does not care and lies through it's teeth about it every time. There can't be more than fifty people in the world ready to believe Vista is going to be any better than any other version of Windoze.
Friends don't help friends install M$ junk.
Hindsight is getting blurry, but I seem to remember the world seeing XP as simply an 'upgrade' to 2000. People expected it to have vulnerabilities, be buggy, etc, but wanted the newness of it.
Vista was _supposed_ to be a total rewrite. A completely new animal, basically immune to XP's flaws.
Patching a ton of vulnerabilities right out of the gate would invalidate a TON of marketing effort.
Seems like not patching them (in public) is a good business decision for them. Not so very ethical, but it _IS_ MicroShaft we're talking about here.
Their GDI privilege escalation (non-bug, non-vulnerability, buried topic, never mentioned anywhere at MS) started with NT 4.0 and was not "patched" until the GDI was rewritten for Vista. It was never "patched" because the design was fundamentally broken and could not be patched in any practical way. All you needed to exploit it was to get some application running at the SYSTEM privilege level to create and display a window and then the system was toast. Vista finally made the GDI just as secure as NT 3.5. Things are improving, No?
There is no mention of 27 disclosed vulnerabilities in the report or on secunia. ;)
Did someone make up the numbers so that it can be posted on Slashdot?
The article I read trashed M$'s sorry analysis and told me to expect more of the same from Vista as we've seen with every other M$ OS:
Friends don't help friends install M$ junk.
I would expect that when Vista deployments outnumber XP, the situation will reverse itself. So where's the story here?
Even if you buy the demonstrably false "popularity argument" for poor M$ performance, the real story here is that nothing has changed for the user.
Friends don't help friends install M$ junk.
the fact that your Macs have never been compromised (that you know of) to the their actual security. This is an invalid equation.
The fact that only M$ machines get screwed and die along with your work is a good reason to avoid the platform.
Friends don't help friends install M$ junk.
My guess is that it may be harder to fix things in Vista without breaking something else (like DRM functions) ...
It must have been something you assimilated. . . .
Jeff Jones was further quoting saying that there was no need to patch vunerabilities in Vista, because "nobody uses it anyway."
I find it fascinating that Engadget's headline on this very same story is:
Report: Vista more secure than OS X and Linux
Way to spin, slashdot!!
-- "I never gave these stories much credence." - HAL 9000
I was under the impression that Vista sales are really low. And I can hazard a guess that those with Vista are so busy trying to get their old hardware and software to work, that they are unsure whether a bug is a real bug or a run of the mill compatibility problem.
So, I wouldn't be surprised that the number of bugs reported is lower than usual. Wait till the use of Vista grows- then the anti-MS hackers will start really pounding Vista.
I know this is Slashdot and all, but shit, could the title be any more biased? So Vista has some known outstanding non-critical security bugs hanging out there. So what? Microsoft doesn't rush fixes for those kinds of bugs because they are generally difficult to exploit, or require the system to already be exploited. This bugs wait until a service pack, generally, which goes through a much stricter testing regimen than a high priority fix.
This is a GOOD thing. It means that Vista is overall more secure than Windows XP because Microsoft hasn't had to rush critical fixes and can take the time to study and test the less critical fixes.
But shit, this is Slashdot, so, uh, fuck M$ final nail coffin losers going down don't need it, yadda yadda yadda and so forth.
for security is dumb. Any script kiddy these days can sniff them out of the air and spoof away. Please see http://en.wikipedia.org/wiki/Media_Access_Control before sprouting more about your MAC!
You should note that the chart, for Linux/OS X, covers not only OS-level vulnerabilities, but app-vulnerabilities, too. All in all, I find it an apples-to-oranges comparison, even more keeping in mind that the chart covers known and fixed bugs during the first 6 months of each OS after their respective release dates.
;)
Paraphrasing a comment in Endgaget... Can someone grab me a copy of Windows XP: Jeff Jones edition? It looks much better than the public builds
....and Microsoft wonders why people are resistant to switching to vista.
The article I read trashed M$'s sorry analysis and told me to expect more of the same from Vista as we've seen with every other M$ OS. M$ again counts things incorrectly and fails to include all the problem children their sorry architecture encourages along with the gaping flaws they produce themselves:
So, the end user experience is likely to be unchanged, if they can even get Vista to work. As is always the case for a new Windoze release, the drivers are not there. Worse, new digital restrictions schemes make for poor performance even if they do get work. "Trip bits" and other nonsense make Vista a poor performer by design.
Friends don't help friends install M$ junk.
If they continue to produce 'new' operating systems every 5 years with only a 25% better bug/vulnerability rate, just how long will it be before Bill Gates' statement of Windows Vista being "the most secure OS available" will actually become a publicly accepted true? I had to state it as "publicly accepted truth" since Microsofts version of the law, contracts, and truth are very different from what the general population understands and accepts as such.
Too bad the severities weren't listed but then again, we already know Microsoft seems to think the fact that an exploit can be spread via network is more important than data corruption/loss. You know, saving face is more important than the customer.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
but could you please post a reference to these mac vulnerabilities? I'm a mac user, and I would love to know about them.
Thank you.
Mod parent up!!! Good point about Microsoft management. In my opinion, Microsoft programmers are not allowed to finish their work.
My rule number one in dealing with Microsoft: Unless forced by circumstances, never upgrade to a new version of Windows until the second service pack is released. Let other people have the grief.
The huge number of bugs in Windows XP before SP2 was very expensive for us. If I remember correctly, SP2 fixed more than 630 bugs, and some of the fixes were not documented. It is not only the vulnerabilities that are expensive.
Silly me, when I said "app-vulnerabilities" I meant "BUNDLED app-vulnerabilities"...
More Than Half of Known Vista Bugs are Unpatched more than half of known vehicle drivers are drunk driving a vehicle right now, happy friday!
Repeat after me. Vista is secure. Vista is secure...
Vista is secure as long as the user doesn't "allow" anything bad to happen. The idea alone is a security risk in the making. Of course no security hole is "critical" as long as there's the omnipresent popup before it happens to affect your PC. Because then it's the user's fault. YOU clicked "allow", YOU are to blame.
It's pretty easy to say that. It would be akin to asking every time an executable starts to run whether the user really wants it to run, and blame the user when it does something unexpected or unwanted. But based on the "allow or deny" dialog, the user cannot make a qualified decision. Not even if he DID actually know what he's doing. He only gets information about what program (ok, without checking google, what's hidsrv? The program name usually doesn't tell people jack about the program. How many viruses exist that call themselves akin to a system executable?) tries to do something (with a cryptic information about its requested privileges, that basically only tell you what could be going down if you did know a thing or two about Windows and its inner workings).
Basing the security model on the user is very convenient for the system maker, but it is not the right approach. Especially not in an environment where the strict distinction between user space and system space did not exist for a long, long time.
But that's not the point this time. This time, we have "uncritical" system flaws. Which are only uncritical because they can be blamed easily on the user if they're exploited.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm a Linux-only user. According to Secunia, for unpatched vulnerabilities: Windows Vista: 2 of 10; most severe being Not Critical. Windows XP Home Edition: 27 of 170; most severe being Highly Critical. Linux Kernel 2.6.x: 16 of 123; most severe being Moderately Critical.
Wow. There's a statistic in that article that really leaves an impression, and no, it's not 36/39 vs 12/27; it's 23 vs 1 - the number of severe security holes in XP and Vista found in the first six months. That brings up a few questions, like whether these metrics are the same (one person brought up the question of secret, unannounced fixes, another the issue of the number of people looking for problems). But if these numbers are comparable (heck, even if the Vista number is 3 or 4 times lower than is realistic), that's a huge improvement in Windows security, and an effort on MS' part worth applauding.
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
Because our new model car has an increased number of airbags, it don't matter that the brakes don't work that well.
Because our new model car uses a more efficient engine, it don't matter that the fuel tank leaks a bit.
But are all bugs the same, does this mean vista in insecure.
Well, let me use the humble car again. If you bought a new car, and found that the passengers sunflap mirror was broken, would you accept it?
MS really needs to start understanding that people just want their products to work. They don't wanna hear 2nd hand car dealer stories about how nobody used their front brakes anyway, not if they are paying new OS prices. Vista is the most expensive consumer OS so far, so why the fuck can't MS, a company with billions in profit, fix known flaws.
I as a consumer don't know if these flaws are serious or not, but MS attitude sure as hell don't convince me to risk it.
remember the story yesterday about MS almost begging people to use Vista and not wait to SP1? This is going to convince the doubters?
http://secunia.com/product/13223/?task=statistics Their numbers don't match the original articles numbers though. I'm sure there are others out there that report exploits, but this is the one I had bookmarked and could quickly share.
Vista has something called a "Security Development Lifecycle".
Where there is "Life" there is death. Talking about a "Lifecycle" gives the impression that Microsoft's real interest is death. I'm guessing it is a mostly management policy to give a shorter "life" to Windows Vista than customers want.
Bill Gates is software's Dr. Death. It doesn't matter what the customer wants; Bill Gates, the richest man in the world, wants more money, and will drag everyone through his neurosis.
Sometimes it has seemed to me that Microsoft is not really primarily a software company, but primarily an abuse company that accomplishes abuse through software.
This comment has a "Comment Development Lifecycle". Management policy is that you cannot read it more than an hour after it is posted. However, since I'm a cooperative person, and not adversarial, and since I don't have a virtual monopoly, you are welcome to read it any time you like.
Also, when this comment is posted, it will have the title "Security Development Lifecycle???" However, after it has been posted for a time to be determined by management, the title will be changed in an attempt to make people think that it is an entirely new comment, instead of merely a new version.
You sir should think before you post.
You might want to follow your own advice.
That goes for you too!
You're committing a logical fallacy in your post. You equate the fact that your Macs have never been compromised (that you know of) to the their actual security. This is an invalid equation.
I don't think this qualifies as an "invalid equation." Maybe if he was trying to say that a Mac is a PC, or that OSX is Vista, that would be an invalid equation.
What you are thinking of sounds much more like the fallacy of "affirming the consequent." Specifically:
If my OS is secure, then it will never be hacked.
My OS has never been hacked.
Therefore, my OS is secure.
Though the first premise may or may not be weak on its own grounds, the argument is formally invalid. In your post you even go on to demonstrate cases in which an insecure OS may never be hacked. This is the traditional means of demonstrating the formaly invalidity of the fallacy of "affirming the consequent."
Sounds like you had the right idea, but you mis-identified the fallacy in question. If you are going to serve as a logician, doing it properly will avoid some embarrassment.
Actually, ALL of Vista's bugs are unpatched. If they were patched, they wouldn't be bugs any more, right?
Mr. T pitied this fool on 27 July 1992.
Since both Lunix and OSX live and breathe the Kool-Aide that they have no flaws in their OS, they have fixed practially none of their documented bugs.
Every month is a MOAB, it's just that Apple's users don't know it.
Viva la security through obscurity!
...less than 5% of Vista's bugs are known.
TODO - Insert Creative/Witty Signature
http://forums.techpowerup.com/showthread.php?s=e4d 36eb2396773f558df8271fadcadf5&p=365996#post365996
i ntsCISToolResult84735.jpg
d =19578849
... & yet, when it comes time to "put your money where your mouth is", on a test that runs across multiple OS platforms?
That's a post showing an 84.735 score, using CIS Tool 1.x (highest I can get as of today) & methods I outline to achieve it, for Windows 2000/XP/Server 2003/VISTA users:
http://img.techpowerup.org/070618/APK14SecurityPo
That result was done using a tool I know of that runs across multiple platforms for a test of security online in CIS Tool 1.x (center for internet security)!
CIS Tool:
http://www.cisecurity.org/index.html
(& this test is the "scientific control method" in that it is the SAME test used across diff. OS/hardware platforms here)
CIS Tool runs on Linux, BSD (no MacOS X though), Solaris etc. et al (various *NIX variants), & Windows. Java runtimes are required (they were recently updated mind you, by SUN Microsystems).
Thing is, I have freely challenged Linux folks to run that test here & beat the score I had, shown above, here:
http://linux.sys-con.com/read/382946_f.htm
No takers, or rather, no respondents with scores exceeding mine on Windows Server 2003 SP #2 fully patched as of the date of the test I took it & yes, today.
They did suggest BSD - so I posted in regards to testing BSD vs. my score here, at slashdot:
http://bsd.slashdot.org/comments.pl?sid=238993&ci
Again, no takers (could be here though, it was buried too deep, slashdot's replies/forums system is way odd imo, by comparison to boards like this one imo, not as clean/easy to use/etc.).
Still, even from the "BSD" family (which is often noted to be the MOST SECURE UNIX etc., even by Linux folks (see the LINUX.SYS-CON.COM url above)), no takers.
All I know is this - I hear a lot of "Windows is insecure & (insert UNIX variant here) is more secure" etc.
Nobody from the *NIX world has ever done so when I have asked them to try it @ least!
(& the test is sort of nerdy fun, you learn from it too, because it aids in securing yourself online).
And, the 14 points in the 1st URL above? For Windows NT-based OS like 2000/XP/Server 2003, & YES, VISTA??
They work!
(... & even *NIX folks agree many times they do)
I would like to see your scores here in fact, & IF you can exceed my score? We can all learn by it, & grow, as well as have a healthy competition in doing so!
Thanks! Any takers??
APK
I also run on Linux and, I have to say, it still has problems resuming from the fucking screensaver if I close the lid. PATHETIC. Sometimes I can fix it by logging in remotely and killing the screensaver process[es]. Sometimes I have to log in remotely and kill X. If networking is not configured, I often have to power-cycle. Consequently I don't close the lid much.
It's a shame, but ACPI was intentionally sabotaged by M$. It's hit and miss, but the same machine won't do much better under M$ because their other software can't deal with power management and uptimes blow anyway. APM works well and is more like power management should be, so use it if your laptop has it by the kernel options "noacpi acpi=off".
Of course, this has nothing to do with any kind of security. You are not going to become part of the botnet and your data will survive power cycling, especially if you use a journalling file system like ext3.
Friends don't help friends install M$ junk.
You linking to that post is hilarious. You figure no one will notice this reply and the subsequent ones in that thread?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Neither /. nor the original article seem to understand that not all bugs are security vulnerabilities. Is it the case that more than half the known BUGS in Vista are unpatched, or less than half the known SECURITY BUGS are unpatched?
Potentially huge difference.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Wouldn't pretty much all known bugs be unpatched? I mean, once it's been patched, is it really still a known bug?
You linking to that post is hilarious. You figure no one will notice this reply
I'm not afraid of that BS. People can read as much or as little of that troll infested thread as they like. Most people won't bother to read past the memo written by Bill Gates himself, as the intent is obvious. No one will tell you that ACPI is rationally designed and anyone who's read the memo knows why. Ultimately, the crap flood that follows me is just another sign of how desperately afraid of the truth and popular opinion M$ is. It's too bad they don't just fix their broken junk instead of pretending it's fixed while screwing over their competition in ways that waste everyone's time.
Friends don't help friends install M$ junk.
Of course therein lies your problem. If "most people" are like that then they're really no better than you. If they're not, then you're screwed because your FUD is exposed. Sucks either way.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
That thread looks like a bunch of people correcting your lies. Does that make them trolls?
full time M$ defender and attack bot dedazo insists on arguing that Bill Gates has nothing to do with ACPI being a piece of shit that does not work well for anyone:
Of course therein lies your problem. If "most people" are like that then they're really no better than you. If they're not, then you're screwed because your FUD is exposed. Sucks either way.
If they read further in they run into posts by others complaining of the complexity of ACPI and how it's just another M$ "extensible" non standard. Between that and Bill Gate's little memo, the reasons for ACPI to suck are obvious. As he stated himself, he did not want Linux to work.
Friends don't help friends install M$ junk.
Do you work for Microsoft, or are you just one of those clueless gits who blew his trustfund on utterly worthless MS-certification and now spends all his time trying to justify it?
But no one is exploiting the rest 15 ;)
Screw security, what about a Vista that works in non-laboratory conditions, that is to say, in laboratory (and office, home, etc.) conditions? We do we still have users who are forced to reboot before logging in, to avoid the braindead "user profile error" that repairs itself every single time by rebooting!? I would really like to see Microsoft Q.A. people forced to take Real World Certification administered by a consortium of academics, government entities and businesses before they are allowed to sign off on any Microsoft release whatsoever.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
What fun. And just the other day someone complained that Apple's _BETA_ Safari 3.0 for Windows contained a couple of bugs, which Apple IMMEDIATELY patched. At least Apple acknowledges and fixes their errors in their beta software. Microsoft just releases the beta software as final product and then pretends everything is hunky-dory. Maybe they'll release a patch at the end of the year.
The results of the analysis show that Windows Vista continues to show a trend of fewer total and fewer High severity vulnerabilities at the 6 month mark compared to its predecessor product Windows XP and compared to other modern competitive workstation OSes linux and Mac OS X