Slashdot Mirror

← Back to Stories (view on slashdot.org)

6 Months On, Vista Security Still Besting Linux

Posted by kdawson on from the maybe-because-nobody's-using-it dept.

Martin writes "Great report on security vulnerabilities for MS/Linux/OS X. This is a revised version of the one Jeff Jones did back on March 21: Windows Vista — 90 Day Vulnerability Report. This time he did what the Linux community had asked. Everyone complained that he did the report based on a full Linux distro including optional components, not on just a base OS install. So this time he did both; Vista still came out on top. I was shocked that Apple was even on the list as I believed all those Mac commercials!"

11 of 478 comments (clear)

  1. Update. by Anonymous Coward · · Score: 4, Informative

    http://www.microsoft-watch.com/content/security/mi crosoft_is_counting_bugs_again.html Updated response "Jeff Jones Vista security progress."

  2. lies, damned lies and... by arun_s · · Score: 5, Informative

    This has already been analysed at microsoft-watch, and several flaws are pointed out there, the most basic one being that counting flaws is not a good measure of security anyway.

    --
    I can explain it for you, but I can't understand it for you.
  3. Re:Fine... by toleraen · · Score: 4, Informative

    Here ya go! Let me know when you're finished, thanks!

  4. Did I miss something by MECC · · Score: 5, Informative


    Rather than take his word for it why not just check at Secunia.

    Vista

    Vendor Microsoft

    Product Link View Here (Link to external site)

    Affected By 10 Secunia advisories

    Unpatched 20% (2 of 10 Secunia advisories)

    Most Critical Unpatched
    The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Not critical


    Ubuntu 6.06

    Vendor Canonical Ltd.

    Product Link View Here (Link to external site)

    Affected By 147 Secunia advisories

    Unpatched 0% (0 of 147 Secunia advisories)

    Most Critical Unpatched
    There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied.


    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  5. Re:Fine... by ozmanjusri · · Score: 5, Informative
    No wonder Windows Vista is best in his review.

    It's a pretty contrived review.

    The bulk of it has already been debunked here http://seclists.org/fulldisclosure/2007/Jun/0528.h tml

    --
    "I've got more toys than Teruhisa Kitahara."
  6. Re:Exploited verses exploits by Technician · · Score: 5, Informative

    I looked at the user comments at the bottem of the article. One juicy tidbit was to this link..

    http://www.microsoft-watch.com/content/security/mi crosoft_is_counting_bugs_again.html

    The biggest bug in Windows is between the chair and keyboard. The item in question is gullable, has admin privilages, and can run widely dispensed Windows specific code. As a sample of this, just look at the members of any botnet and the OS in use.

    Anything that doesn't run Windows code and has the default of not running admin is more secure than patched Windows in most cases.

    Vista still runs Windows code, it's biggest fault, but it seems to be driving towards better system security and user permissions.

    --
    The truth shall set you free!
  7. Re:Fine... by Technician · · Score: 4, Informative

    No wonder Windows Vista is best in his review.

    I am not convinced, next please Mr Jones.

    Someone else didn't like the numbers either and provided this link;

    http://www.microsoft-watch.com/content/security/mi crosoft_is_counting_bugs_again.html

    There are more patches in a month than there are fixed patches in the count.

    --
    The truth shall set you free!
  8. Re:Fine... by JohnFluxx · · Score: 5, Informative

    Two points:

    1) They wont accept outside contributions unless you sign their paperwork.

    2) I have personally contributed, so I know that at least 1 person from outside has contibuted :-D

  9. Re:Fine... by brunascle · · Score: 4, Informative

    aieee, the stuff in the exploits section is barely even related to linux. it's all third-party stuff. and by third-party i dont mean GNOME, i mean XOOPS. there's even Microsoft exploits listed here.

  10. Vista still running malware as root by gig · · Score: 4, Informative

    These comparisons are a joke. The number of bugs or vulnerabilities itself is completely meaningless because of the wide variety of issues you can have. For example, would you rather have 10 vulnerabilities that each enable a malicious Web site to crash your browser, or 1 vulnerability that enables a malicious Web site to browse your local disk?

    Vista still encourages users to run with higher privileges than necessary, and the platform is still host to over 99% of the viruses and malware ever created. It is not even recommended to run Windows without third-party security enhancements such as anti-virus. Many will tell you to run it only in a virtualizer, not on bare hardware, so you can wipe the Windows "disk" every night and start fresh the next day. In fact, Microsoft will tell you to do that, it's what VirtualPC is for.

    Anyone who believes this crap deserves Vista. Enjoy.

  11. Re:Fine... by kjart · · Score: 5, Informative

    Fantastic sleuthing! here I was reading the article like a chump:

    Full Disclosure: I work for Microsoft - read my previous blog post, Exactly how biased am I?.