Slashdot Mirror
Microsoft Says Vista Has the Fewest Flaws
ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."
It has the fewest flaws found because it has the fewest amount of people looking for them.
No users == no problems
It's important to recognize that you can't possibly measure which OS has the fewest flaws absolutely. You can only measure which OS has the fewest flaws reported (or discovered). Since the number of flaws reported is proportional to the number of people using the OS, and no one is using Vista, it's natural that it'd have the fewest reported flaws. :)
The Mongrel Dogs Who Teach
Is this via support calls or just little modal dialog boxes that people are tired of clicking "send" on? Or are they filtering out things they've already encountered in XP? Statistics are a great aid to the common lie.
Do not mock my vision of impractical footwear
Most Linux distros have a lot more software and contain more lines of code than Windows. Therefore, you'd expect more flaws in something like Ubuntu or RHEL.
You may have the fewest flaws, but the quality of craptacularness from the flaws you do own up to and fix outweigh most every one of the little flaws logged.
Give that saw a rest, Microsoft- nobody with a brain's listening to you on that one anymore.
And yet, Ubuntu flaws are also being fixed at a relatively fast rate. With Ubuntu 7.10 already out and whatnot...
In other news, Steve Jobs reports that "Leopard is the best OS X ever" with more than 200 new features.
The worlds biggest software taxation device is coming on par with the rest of the field... I'm underwhelmed
It has the fewest flaws found because it has the fewest amount of people admitting to them
Parent has it exactly right. This is likely another statistical half-truth. Tell us % of users reporting flaws and let's compare that to XP's first year.
For the last time, you just can't add up the number of vulnerabilities in separate products from different authors and expect to glean any meaningful information from numerology thereon. This is especially true when contrasting one closed-source product from a vendor with questionable security reporting practices (say, Windows), and an open-source product where every single flaw of any level of significance is public knowledge (say, Ubuntu Linux).
I'm tired of seeing such claims about vulnerability tallies parroted in Slashdot summaries without the least bit of skepticism regarding their relevance. This sort of thing has already been debunked a million times over on this site. Come on, editors, a little quality control would be nice...
- because it seems nobody's actually using it.
In related news, BeOS showed few vulnerabilities this year...
--- We are not in the 8th dimension. We are over New Jersey.
Could the reason there are fewer exploits in the first year of Vista (Verses XP) be due to the fact that it has a reluctant adoption rate bu users and the OS exploiters are likely focusing their efforts on current Operating Systems that are more stable, known, and in higher use.
Give it time...
Besides, now that Microsoft has set 2009 for the new "Windows 7" release target date, it seems that Vista may be the new short-lived 'Windows Me'.
This really isn't a fair study... considering the number of delays, millions of dollars and time spent in development on top of the number of reported security issues, Vista should be considered as bad if not worse than XP or any Linux distro on launch date.
Click to launch Word.
"Denied'
Copy file
"Denied"
Launch Firefox
"Denied"
Verdict OS completely secure.
Right now, I'm working under a really dumb sysadmin. This guy makes the company overspend at every turn. He had us upgrade to XP when it came out. He talked the company into replacing every desktop with brand new machines to run Windows Vista Premium. I tried to tell management this was a bad idea, but they trust him more because he has been there a lot longer than me. Our company is laying off more workers next month to cope with high expenses. NT4 or OpenBSD are all you need.
I am getting my resume ready for a job out side of Maine. The businesspeople here have been making incredibly stupid decisions. I know when pragmatic and frugal IT management isn't wanted.
Sysadmins that talk management into upgrading to Vista on machines that only run a DOS-based CRM system are scum.
President Bush said he is winning the war in Iraq and the RIAA said that Brittany Spheres has talent.
Even if it were true, the math is bad. Ubuntu, for example, ships with a LOT more packages than Vista. And on top of that, there's nothing to talk about the severity of these flaws. If OSX has some local exploit that can be used only when certain applications are accessing the clipboard at the same time, it isn't equal to a remote root exploit that anyone can do by just connecting to a port.
There are 3 kinds of lies: lies, damn lies and the computer security mafia.
...after all, any operating system that is basically unusable is going to have fewer vulnerabilities as a matter of course.
Proud member of the Weirdo-American community.
Boeing has said it's latest jet liner crashes less and Ford has made a car that kills fewer drivers.
I can believe that Vista has fewer security flaws than XP. I can even believe that it beats Red Hat, Ubuntu, and OS X.
What I cannot believe is that XP demolishes Red Hat, Ubuntu, and OS X. That makes me think that there's something egregiously wrong with the way that things are being counted here.
Of course, counting problems fixed also does not necessarily mean that lower is better...
Philip Sandifer's academic website
All this means is that there will be a really big patch tomorrow.
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
How does that old quote go?
"There are 3 kinds of lies: lies, damned lies and Microsoft PR"
Or something along those lines...
You can have my cynical agnosticism when you pry it from my cold, dead logic.
Excellent point. Although other debates have questioned Microsoft's numbers, if there are really 20 million installs (plus further installs since then) in use out there, hackers might begin to take a look.
But to paraphrase the Drake equation, of the total Vista installs, how many have been hit by crackers? How many of those were honeypots, caught by virus scanners, or otherwise detected? How many exploits found by crackers have been used in highly targeted attacks and kept secret?
All I can think of is the remote TCP/IP exploit. As some of you may recall, that exploit existed in all versions of Windows. And Vista supposedly has a "completely rewritten TCP/IP stack" (source).
"I have a bad feeling about this."
Like more time for companies to scan their products before shipping them out with a virus preloaded?? That'd be sweeeeeet! http://portableaudio.engadget.com/2006/10/16/mcdonalds-mp3-players-ship-with-trojan-horse/
Would you like to read the contents of (insert media player here)? Cancel or Allow?
Oh no, we suck again!
How was XP's install base after a year? Is Vista even comparable now to what XP was doing a year after its release? I swear I'm not trying to troll here, I honestly don't have figures to back this up. However, in my (admittedly) anecdotal experience, neither I nor my other geeky friends were strongly recommending that any new shoppers stick with Win98. The manufacturers are still shipping new machines with XP, and the impression I'm getting is they'd like to keep doing so as long as possible.
Actually *enforcing* the "hmmmm, let's not run everything root/admin" paradigm is certainly a step in the right direction and that alone probably accounts for some of the better security with Vista vs XP . . . but how much? It's easy to say you're the "most secure" operating system when you're being actively avoided. By that logic, the P2 box in my attic is completely unhackable and immune to any conceivable vulnerability by virtue of having a faulty power supply and unplugged.
I have trouble believing that the code is more secure and has less bugs than the other software mentioned. But Vista's flaws go beyond the code.
Five minimally different versions of the same operating system?
2 GB of RAM to get it to run the base system almost smoothly?
Limit on how much you can upgrade your hardware before the system locks you out completely?
No new features that users want to adopt?
When someone finally gets around to using it, Vista will probably exhibit tons of bugs and stuff like that. Viruses will be written. Security will be compromised. I can't really tell if this is FUD or an advertising plug.
As long as most of the flaws in VISTA are still being counted as features (DRM anybody?), they can basically claim it's a zero-flaw system.
Belief? Hope? Preference?The Existential Vortex
I think that is a silly measure of bugginess. Not only does the number of flaws reported being less reflect lower usage of Vista, it also likely says the the reporting system is difficult to work with. If anything, I think the fact that the non-Windows systems have a higher number of flaws reported indicates that they have easier-to-use bug reporting systems. The correct way to measure statistics on things like this is either to have a third party subject them to a standardized battery of tests (indicating actual security levels) or to measure the ratio of bugs fixed to total bugs reported (indicating the development team's ability to correct reported flaws quickly).
Tomato wedge sperm darts that are Republican.
So ... assuming RHEL4 has a much smaller installed base than Vista (let alone XP), what does this say about the security of enterprise Linux? What does it say about the worth of "quick" security metrics like patches in first release year?
There are no karma whores, only moderation johns
Your argument fails. The number of exploits does not depend on the number of computers running it. It depends on the number of flaws that can be exploited.
most flaws you could drive a fleet of semi's though.
someone needs to come up with a metric of flaw exposure per unit time.
"To those who are overly cautious, everything is impossible. "
...those in Vista are defined as "features" - mystery solved.
It must have been something you assimilated. . . .
And how many installs are on new machines, where the buyer had no choice? How many of those forced installs have been wiped out by now and replaced by XP, 2K or Linux?
Good, inexpensive web hosting
Hence why they have less, you get no applications with their OS.
Remember ladies, this is what George W. Bush's go-away speech is going to be like. Don't be too scathing. Let them have their moment.
Windows 7 announcement in 3..2..1
How many of those were kernel patches, and how many were related to other applications?
Ignore this signature. By order.
how many people who run linux do you think are stupid enough to buy vista then uninstall it? why does everyone pretend the white box market doesn't exist?
If you mod me down, I will become more powerful than you can imagine....
From the PDF
Page 12 - Windows Vista Fixed 36 vulnerabilities
Page 14 - Ubuntu fixed 406 vulnerabilities affecting Ubuntu 6.06 LTS.
Look how many vista have left to find!!
Reminds me of a quote - "Statistics are like humans. Torture them enough and you can make them admit anything you want".
I'm much more funny, interesting and insightful than the moderators think
I'm sure most people do. However, it's still hard to find new laptops without a pre-installed OS. Also, I know there are people buying computers with iCandy installed and replacing it with XP; I'm going to be doing exactly that for a friend later this week.
Good, inexpensive web hosting
You know it's bad when not even the script kiddies wanna get their paws on it.
So, basically, it sucks on its own merits.
They have more suck ass, non-used features than any other O.S... and require a sweet ass gaming machine to run decently. Plus, I don't know how in the hell they jacked up their windows installer service, but I see more issues from crap not getting installed or uninstalled correctly that require complete reinstallation. New machines too. It's enough to make me really not like computers that much anymore.
John Walsh once found me while looking for some other kid. He was not amused.
I'm not giving Vista flaw space.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
It is not to total number of bugs, but the "quality" of these bugs. ;-)
SO. Nobody uses Vista in comparison to OS X or Linux? ouch, looks like a whole magnitude of people use Vista over OS X or Linux. According to this link, if you took all the Linux and Apple users and put them into a single group, it STILL wouldn't be as many people who are using Vista by a good size chunk (let alone XP), so let's not repeat that lie again.
I don't mind people being critical of anything, but please be honest in your critique. And whatever you do don't use Apple as an example of "the way things should be".
I'm sure this will be tagged flamebait or troll. That's kind of ironic when I'm replying to all these guy's tagged 'informative' who say "Nobody uses Vista" when they are obviously providing false information. If pointing out a blatant lie makes me a troll so be it.
... it turns out Vista patched less than half the vulnerabilities than Windows XP did in its first year ... According to the new Microsoft report, Vista also had fewer patches in its first year than other OSes ...
it doesn't run
... of course Microsoft would say it had the fewest flaws. if a company were actually honest about its product, nobody would buy it.
I tend to file "design flaws" as bugs at work. I guess they aren't bugs here. At least they aren't a security threat, so that's something at least.
Linux has the better bug-per-dollar ratio.
“Common sense is not so common.” — Voltaire
What about the biggest flaw of them all
\
Might be a rewrite but chances are you either had the same people rewriting it, or at the very least the same mindset/corporate culture/etc. rewriting it, so it probably didn't end up all that different (based on results this looks pretty likely).
I've been using Vista for 6 months, with no type of protection besides religion and I've only had like two BSOD's, Something's probably wrong with my copy of Vista, haha.
But, I will say today, I went in our computer lab on the 10.4 iMacs, and they have come down with a sickness. It let me down a good bit.
This is coming from a school that worries so much about network security, that all of the Wi-Fi networks are unsecured and have no password.
It's good to have an iPod touch if you're not doing anything in class, hook up the Wi-Fi and you're good to go. Me and friends do it all the time.
There may not be as many Vista machines out there as XP machines, but there are many more Vista machines out there than Linux or Mac OS machines -- whether you use Microsoft's sales numbers or website access stats.
Of course it's secure. Everytime you try to do anything you get the bsod.
Oh Crap, I'm an optimist.....
Who cares how many security flaws XP had in it's first year? This isn't it's first year anymore. The question is how many flaws does Vista have now compared to how many flaws XP has now. Maybe once the number of Vista flaws is that low, I'll consider it.
My copy of XP has been humming along nicely ever since Vista's release. Bravo!
There is simply too much glass..
They are talking about security flaws. Other types of flaws? Lets start with the built in DRM, the exremely annoying UAC prompts, the HUGE amount of software that ran fine with XP that doesn't run with Vista, the HUGE amount of system rescources needed to get decent performance...Well, thats enough to start with...
If electricity comes from electrons, does morality come from morons?
How many of you are reading this post on a non-Windows machine? If Windows is really as buggy as you claim, what's stopping you from switching to Linux or Mac OS? Why is the desktop world so heavily skewed towards Windows? Is there a law prohibiting you from using non-Microsoft products?
As a rule, I pay for the Windows OS but use only the best free applications available (wherever possible). If there's a free alternative to a paid Microsoft product (OpenOffice to Microsoft Office), I choose free. It has worked well for me.
This is why I why I resist the notion that there are too many smart people over at MS. They routinely use the idea that number of flaws in their OS being less than number flaws in an entire linux distribution is somehow a sensible metric. How does someone even type that out? I mean... where's the pride in what you do?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Well, congrats Microsoft on screwing up than last time! Now, can you speed this thing up? My new laptop with vista, is slower than my old one with XP.
And how much time did it take Microsoft to release patches for those vulnerabilities for its paying customers, as opposed to the *other* OSes??? Hmmmmmmmm??
Mod points are a dangerous tool. Abuse them wisely.
1. no users no bugs
2. microsoft sucks
3. linux rules, yay open source
4. my comments are smarter than yours (also known as comic book guy syndrome)
5. firefox is better than IE
6. if a pro slashdot community product has more bugs, then it is an automatic smear campaign. If the bugs are pointed out by a vendor even if true, propaganda non the less
7. I went to college, can code in c/c++, and understand the linux kernel. I am an expert on everything and know more than anyone else
I believe it's not exactly fair to measure discovered and reported security flaws over periods of time. The amount of public disclosure on security holes is going down since either the hackers arn't saying anything or the companies arn't reporting their problems to cover their behinds. There is more of an underground market for security holes than there ever has been and people know it.
The fewer fixes the better? If this is Microsoft's policy, perhaps they finally quit fixing their products in the first place.
i saw the headline "Microsoft Says Vista Has the Fewest Flaws" and automatically i thought that's coz nobody is using it!
_ In Egypt Networks: Network Solutions with a Twist
Is "less security vulnerabilities" more indicative of safer system features or lazier hackers?
I wasn't exactly expecting a flood of praise for Microsoft on slashdot, but you're completely spot on. Not one of the posts seems to be non-critical. We (as in, "people who know anything about computers") have been begging Microsoft to design their products with security in mind for a long long time now - rather than their usual practice of making grandiose statements about how security is job #1 and turning out the same old schlock as always.
With Vista, they actually seem to have done this. Even though they've added a lot of crap nobody wanted along with the crap that some people wanted, they've managed to do it without introducing loads of security problems. Remember, this is a mainstream product from a commercial software company where everything is subject to a cost/benefit analysis.
So it seems that the cost/benefit analysis has actually come down in favour of writing safer code even though it probably takes longer. This is great news for everybody who has to, in one way or another, deal with the problems caused by exploited PCs.
Us Mac users never believed in this line of logic. Right?
Trying to infer user base from web hits is bullshit.
i can get a core2duo with 1gb ram and a 160gb sata hd w/dvd writer and 256mb video card for $400, to build it, it would be about $600 or so plus my time to put it together. For some things this is a no brainer; i can put my OS of choice on it in 20min.(not including updates) so while it may come with vista it won't have it for long.:)
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
And that 1 flaw was actually putting Vista on the market.
From Jeff Jones' report:
Q: Linux distros contain many more optional applications than Windows - that is Apples and Oranges - how can any comparison be valid?
Actually, Windows Vista and Windows XP have different components too. Windows Vista Ultimate includes Media Center for example, which was not in Windows XP Professional. From a user perspective, I think it is Apples and Apples. Whichever OS is chosen, I believe most people will install the default set of components and use that. If vulnerabilities are in those components, they will be exposed and need to take mitigating action.
I did, however, try to even the playing field as much as possible by excluding optional Linux-distro components and excluding even some default components for which there is no obvious counterpart. In contrast, on the Windows analysis, I included any component that shipped with the product. I think the comparison is valid and useful.
From my basic CentOS 4 system:
$ rpm -q -a | wc -l
1104
Even on a (stupid) vulnerability count, even with a reduced package setup, the number of packages on a RHEL/CentOS system dwarfs the number of programs that come with Windows. You can't even compare against Jeff's Windows numbers because he looks into how critical each vulnerability is on Windows (good) but not on any Linux setup (bad). If the real concern is user exposure, then vulnerabilities in all packages makes sense, but only if you count vulnerabilities in common Windows packages to, like Acrobat Reader, Photoshop, Office, and even games like WoW.
My biggest beef is that Jeff fails to include his compiled vulnerability database. Even though he writes on his methodology and sources, there is no way to easily verify his claims. This is the 21st century and there's something called the Internet. There's no excuse to not provide the raw data, and I certainly don't have enough interest to make guesses and recreate the data for such a flawed analysis anyway.
Next time at least provide a list of analyzed RPMs and DEBs!
"Microsoft Says Vista Has the Fewest Flaws"
One must understand that Microsoft defines a "flaw" in one of its operating systems as anything that seriously threatens its monopolistic stranglehold on the OS marketplace or (in this case) impedes Vista's ability to override the owner's decisions as to what software should run on or media be played on any given system. Things that annoy users or expose their systems to invasion (except from Microsoft) are of little concern to Microsoft. Vista is defective by design which implies that when a system owner or user manages to get it to do something Microsoft disapproves of, that gets counted as a "flaw". In other words, what most people would consider great features are very scarce on Vista, so it isn't flawed much, according to Microsoft.
So yes, from Microsoft's perspective, the subject line of the original article is true. From any computer owner/user's perspective, it is almost certainly false -- just more Microsoft Bullshit(TM).
Friends don't let friends install Vista.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
"turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year"
... so they haven't found the vulnerabilities as fast, big whoop?
The operative word here is 'logged'
I have spoken'eth.
Right, who cares about VISTA? Why bother if you're a hacker; it's not even a challenge to hurt MSFT anymore; they've done it themselves, in spades.
Only to idiots, are orders laws.
-- Henning von Tresckow
Meh... not that I should expect differently in a possibly pro-MS article, but the level of logical gymnastics being used to prove that this metric is flawed is absurd. It's all completely contradictory with discussions from a few years ago about vulnerabilities and such. Now maybe it's not a great measure, but there are certainly a critical mass of Vista installs and it still has fewer reported security problems. Don't piss and moan about it. Give credit where credit is due: yay Microsoft.
Now, if you want to bash, you could very validly point out that Vista is generally a slow and buggy OS from a user perspective. They got their security tightened up, but apparently at the expense of making a great OS. Most people I know find Vista at best tolerable, at worst downright terrible. But it is seemingly more secure.
Cheers.
Uh what? No. You fail and rate a 'fucking idiot' certificate. Maybe you meant desktops? Did you honestly make it this far without ever realizing that the numbers everyone debates on Slashdot deal strictly with 'linux on the desktop'? Tell me, how does website hits correlate to *nix machines in service?
I mean, do you have a router at home? What about Vista? Now picture the world...
Does Microsoft even acknowledge a local privilege escalation (nearly 100% of what counts for vulnerabilities in all other OSes) as a vulnerability?
Contrary to the popular belief, there indeed is no God.
Saying 'Windows Vista had the fewest flaws' is like saying that 'The Titanic hit the fewest icebergs'
Ridiculus
Where are you drivers in linux? Where do you download them? Why you don't, they are IN THE KERNEL!
So Linux "The kernel" does a lot more then MS does with its core OS because MS still asks you to download a ton of drivers. This is part of their strategy, it allows them to shift blame to the driver instead of their OS. If you really got a problem with MS software and actually have some support (check your MS license, you pay for the software, there is no support) then your first job will be to convince them the bug lies with them and not some combo of drivers that you had to install.
That is why these MS reports are so silly, you really can't compare the two "distro's". MS Vista does far less then a Linux based distro like Ubuntu BUT they don't have a bare kernel they distribute but even if it did it does far less then the linux kernel.
So what are you comparing?
Also not that security bugs in Vista affect EVERY vista user because all the installs are the same. A linux distro bug in PHP affects only those who use PHP on their linux distro. MS funded research has in the past made lists of security bugs in linux where they counted the same bug multiple times for each distro it was in. That is kinda like saying "Just look at our competitors cars, they made 1 million of them and 1000 of them had the same fault. Meanwhile our 1 model has just one fault, the brakes don't work. We are BEST!"
MS, FUD at its best.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Also note, that (somewhat hypocritically) all versions of Windows prior to Vista borrow quite a bit of their networking code from BSD.
Go grep the executables. You'll find the standard BSD copyright notice inside.
-- If you try to fail and succeed, which have you done? - Uli's moose
It's natural for Microsoft to report that Vista is the "best ever, yet"; certainly at this time, but it's just spin. I'm not going to analyse the original report but it seems to me that these are the known vulnerabilities. I think statistically, this is meaningless, we have to compare for a period of time, say the first 5 years. What if in 2 years after release everyone realises that the TCP stack is fundamentally flawed and requires total replacement ? That would be a mighty big flaw that we don't know yet and could totally skew this analysis. Also, this implies I don't have to RTFA for another 4 years so that's good for me :)
If you were a hacker, would you develop a crack for XP or Vista ?
XP, is supposedly somewhat secure and stable with an established userbase. How often do security updates get released these days ? Or Vista, which has so many obvious bugs, is bound to get a lot of fixes, patches and service packs - the landscape is constantly changing. I know which one I would develop my crack for.
If you would have to spend $600 to put that rig together, you need to find a new parts supplier.
I built a core2duo 6750, 2GB ram 500gb SATA, DVD-RW(dual layer), 256mb graphics card all inside a very nice case with a nice active pfc power supply all for a little over $500 and that's not considering about $70 in rebates I have in the mail now. Assembled and running in about 3 hours - and I was being overly cautious.
The most equivalent system from Dell was about $100 more, with a crummy case + power supply and far inferior motherboard. The only time I considered Dell was when I could have added the Sweet 24" LCD to a bundle and saved a ton on the monitor. I would have resold the tower in a heartbeat though.
Newegg FTW!
[fill in attempt to compare fundamentally different things here]
(When Vista comes on 14 CDs, then you can think about comparing it with the number of bugs in Debian.)
"It doesn't cost enough, and it makes too much sense."
Half as many as XP? Yes, I can accept that, but just how many did XP have to start with?
Okay, I know Vista had less reported vulnerabilities than a few Linux distros and OSX but the real question should be how long before patches are available? That is the real measure of things and as the article states, Vista certainly isn't in the lead there
Fewest vulnerabilities doesn't mean it has the fewest flaws... Freezing, poor driver support, poor program support, these things are flaws, yet have nothing to do with security vulnerabilities. I love vista, i've run it since the betas and run a legal copy of ultimate that i paid for with my own money, and i've been able to generally make stuff work, but having to use workarounds to make stuff work is a flaw, in my opinion, and having good security is nice, but not if a bunch of stuff i've used for years doesn't work. I want to be an MS fanboy but i can't. I use vista at home because i can deal with it's shit, but i buy a new computer at the office, i make sure it has XP, because reliability is king at work. Lack of a reliability is too big of a deal to leave it out of the category of "flaws"... -Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
...I no believe...
Seven Days with Ubuntu Unity
Again, a ridiculous comparison based on reported security holes...
Microsoft are in the best position to find holes in vista, having the source code. They have no incentive to report them, and will just fix them silently. OSX is in the same boat but to a lesser degree, and with ubuntu/redhat all the issues will make it into the public domain. The only vista issues which make it public, are ones discovered by third parties, which are probably less than the number found internally because internal developers have access to the source, access to the original devs and a more intimate knowledge of the inner workings.
Then you have to consider functionality, vista comes with one web fairly old web browser, one mail client, a rudimentary text editor, a single-protocol im client, a trivial drawing program, a simple media player with a small number of codecs and a few very simple games... Ubuntu/RHEL come with multi protocol im clients, a full office suite, a larger number of slightly less simple games, a larger and more capable set of networking tools, scanner software, fully capable drawing software, a much larger set of hardware drivers bundled by default, and lots more besides...
It's like trying to compare the rudimentary "peoples cars" produced in the former USSR, with only rudimentary features and a largely hidden safety record, to the luxury cars being produced in the west around the same time... Try comparing a Zaporozhet to something like an E-type Jaguar.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Backwards compatibility going out the window is actually a good thing...
Microsoft never had a proper overall design for windows, and it shows... Early versions were simply hacked together in completely haphazard ways, things were built quickly with no forethought. As a consequence, there is lots of kludgy legacy code kept around for backwards compatibility, including many duplications where an old method was considered fundamentally flawed and unfixable, and discouraged from being used by new apps, but is still kept round for backwards compatibility, one such example is the lanman password hashing.
If they completely ditch backwards compatibility, they could remove all this old cruft and start again with a proper clean design, but as usual they're taking a half-assed poorly thought out approach.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
And also, how many of these were patches for applications that vista doesn't ship with an equivalent of?
And how many of these patched flaws were discovered by the developers of those applications? Which in RH's case means the issue is published, but in MS's case would not be published.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
We don't think that it doesn't exist, we just know that it is really small compared to all the other markets.
Microsoft has been bagged in courts internationally for various forms of sharp practice.
They are what happens when a mediocre company tries to milk an advantage it gained from Bill's mom when IBM bought CPM by way of Bill.
Microsoft is not a particulary high quality software house and MUST resort to just plain lowlife practices to try to keep the market position they gained by way of nepotism in the first place.
Bill is not a great programmer nor are his people particularly good businesspeople... as a result they always resort to sharp practices and which will work... for a while. MS isn't a very old company and it is mostly coasting on the results of Bill's mom's wheedling the board at IBM. Had IBM had a clue about personal computing at the time, Bill would be selling batteries at a Radio Shack.
Let's recognize tghis large expensive third rate organization for what it is.... just more mediocre clowns milking a lottery wiun ans imagining that their luck is due to ability.
Microsoft says it can fly. It must be so, or they wouldn't say it.
"It's important to recognize that you can't possibly measure which OS has the fewest flaws absolutely"
I won't say their favorite phrase. Instead I'll just say DOS 6.22 and walk on.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Since all corrections to vulnerabilities found in XP are of course ported to Vista, and the number of vulnerabilities isn't infinite, they're basically saying nothing more than a pile of PR bullshit. By the same logic, since vulnerabilities are corrected in every OS after crackers expose them, any OS patched after Vista has less vulnerabilities in the first year too.
Therefore, I'd suggest the average fortune 100 exec to drop their contracts with Microsoft and adopt any recently updated Linux distro.
> According to the new Microsoft report, Vista also had
> fewer vulnerabilities in its first year than other OSes
Make that fewer PUBLICLY ACKNOWLEDGED vulnerabilities.
We simply don't know how many bugs have actually been found because that information is not being kept in a publicly searchable facility.
We already know that there have been more than a few times where M$ has simply not revealed the existence of a major security flaw until just as it was about to release a fix for it.
How many other bugs does M$ know about but deliberately chosen to do nothing about?
Nah, they used a 16-bit int and it wrapped around.
Need Mercedes parts ?
agreed - it has the fewest flaws found because it is so SLOW nobody has the time to wait to find any flaws. i am running vista on one of the fastest machines Dell makes and it is still slower than a dead snail.
it is so fscking slow that no one wants to target it.
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
And McDonalds claim they make nutritious healthy food...
Mine is one. I replaced that slow piece of sh*t with Kubuntu x64 and haven't looked back. If HP had given me drivers for XP64 I would probably still be locked into XP but I'm now Microsoft free on my laptop and soon to be on my desktop (well, except for a small partition to play Team Fortress 2 on).
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
Microsoft also revealed that the Pope was Muslim, and that bears crap in toilets.
That's what I think this is all about. Microsoft can publish whatever number they want as the number of "vulnerabilities" to make itself out as the "good guy" while distributions of Linux put it all on the pavement so everyone can see what has been fixed or will be soon.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
First of all many flaws fixed in Linux isnt proved, just fixed anyway because someone thinks they perhaps can be exploited. Secondly dists like Redhat has SELinux standing in the way for many exploits but RedHat still fixes those exploits to be on the safe side. Thirdly not one single one of these reports does a risk assesement of the flaws before comparing. For Windows they take Microsofts word for its risk, for Linux they dont even try. Things like "a possible exploit exists in X if the user has rights to the admin group" gets the same rating as a remote anonymous exploit on Windows.
As it stands today with the very closed nature of Microsofts reporting its impossible to do any meaningful comparison. Its known and confirmed by former Microsoft employees that Microsoft silently fixes security holes in servicepacks and in bundled patches. For all we know Microsoft could have fixed thousands of holes between Windows Vista and Windows Vista SP1.
Since its fairly obvious Microsoft is the one playing the number game here its very likely they strife to keep their vulnerability reporting down to a minimum.
Also, a couple of million Windows bots do not seem to read theese reports either.
HTTP/1.1 400
I love the way the MS supporters will set there and bang on about how the linux supporters are all biased, fanatics. So again we get to see MS doing what they do best, FUD and dis-information and Jeff Jones has to be one of MS's best trained maniacs in this area. And you CANT argue that vista has no users "so no bugs", cause vista probably has more then linux and MAC combined.
Vista may be more secure than XP, thats a certainty, but Jeff Jones has proven himself time and again to be completely willing to sacrifice his credability - so how can you believe a man like that?
And even etc/hosts works (but it's set in \windows\system32\drivers )
i loaded up winxp yesterday on an old box (for reason i wont say, in disgust i had to, also for reasons i wont say) updated all first boot tried to open browser, crashes. POS, not the first time something like this happened
vista after having to reinstall it cause the BSOD or something along the lines of it happened twice already, browser, after install and update works.
oh i guess this has nothing to do with security. but u know. flaws. yes.
Come on, guys, it is more empty allegations where the guy refuses to reveal any details. This is the opposite of science; this is marketing vaporware, where shills or marketing guys repeat sweet lies no matter how ridiculous. It is very common and accepted practice. Just don't confuse it with engineering or science. Remember, propaganda is a different endeavor, with radically different goals, than you scientific or engineering types are accustomed to. They're essentially interested in coercing people to change their behavior without admitting why (basic Capitalism); you're confusing this with the scientific goal of discovering anything about reality.
It also has about 1/5th the user base of XP, no?
Everybody with a laptop? It's pretty hard to find a laptop without Windows bundled, and you can't build your own.
Well, after you remove all the built-in spyware it seems to run just as fast now. I finally updated and somehow didn't get hacked using sp1 every day until now.
This is like saying my submarine sinks twice as slowly as it did last year but, it also moves slower and the torpedoes don't work.
... it turns out Vista patched less than half the vulnerabilities than Windows XP did in its first yearVista: One,
Linux kernel 2.6: Twelve,
Mac OS X: Seven.
Not, of course, that unpatched Secunia advisories represents any kind of linear relationship with general OS security; but it does rather demonstrate that your preferred method of OS security cognitive dissonance doesn't exactly stand up.
What's purple and commutes? An Abelian grape.
If Vista had a bigger market share, there would be more exploits for it.
Payback's a bitch, ain't it?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
a perfectly stable vehicle cannot be turned;-)
no it doesn't as if you change windowsupdate.microsoft.com to anything else windows bypasses it and goes straight for the proper site.
this is both good and bad. good in that you can always be assured of quailty updates from msft, but bad in that you msft can't follow proper security procedures to secure hosts files.
i thought once I was found, but it was only a dream.
If you use OpenBSD you'll see that OpenBSD 4.1 had only 11 bugs on its first year (http://www.openbsd.org/errata41.html).
I see nothing about Freebsd in the report, I guess they did not want to be proven wrong?
http://www.steampowered.com/status/survey.html
Some of the hardware reported is pretty interesting as well. Out there somewhere is a guy with a machine with 127 cpu's and another that has a 5" monitor hooked up as the primary display.
While Vista has had the fewest flaws reported, it has also had the least amount of data found. After repeatedly hitting allow, people have given up and have even started to forget to allow the sending of error messages to MS.
which is totally what she said
At the risk of pointing out the obvious, if Microsoft abandoned backward compatibility, they'd lose most corporate users and many home users as well. You don't need an MBA to see why that is not a promising idea.
About the best they can do is what they did with NT. Jack the whole unwholsome mess up, and insert a new frame and engine under it. They did that with NT without all that much success. (Windows 95 runs about as well with far fewer resources if you don't mind a crash every few weeks). I suppose they can try again, but I doubt the results will be any better.
Maybe the idea would be more appealing if there were a "clean" design out there that was actually any better than NT, Unix, OsX. But I don't think there is. AFAICS, for several decades, OS design has consisted of shuffling the subsystems of a 1960s mainframe into slightly different configurations and slapping a shell on it. It's not that I can do better. I can't. Maybe NT, Linux, Vista really are the best we can do. That's a depressing thought.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Hmm really? Well what about this guy?
Where do I get a whitebox notebook?
BM3
May have the fewest flaws, but that doesn't mean it doesn't fall flat on it's arse every time some rank old win95 software has to be run. No amount of reports will recover the damage to it's reputation. So many firms here in the City of London are refusing to touch Vista, they want XP due to still having to run very old bits of Windows kit. Nothing to do with actual software flaws, but pure reputation and inability to run required apps.
Windows guys please stop pissing on everyone and the Linux guys stop pissing in the wind, hoping to hit Windows guys!
The article states: "And Microsoft fixed 36 vulnerabilities in Vista, versus 65 for XP, according to the report." So what they essentially did, was *fixing* less bugs in Vista than in XP.
They also say "Microsoft notes that there were more vulnerabilities fixed in other OSes in their first years than in Vista". So other OSes where more active than Microsoft in fixing potential security flaws?
Since when is Microsoft actually telling the truth to its customers? Did i miss something???
Look, this thing is totally safe! Built it myself, you know. You just press that button like this and then turn that lev
And why is it hypocritical for MS to borrow code that the BSD folks told them they're free to use?
Vista makes use of the hardware assist no execute bit to catch MANY flaws.
Someone has not bothered to add these into the equation - or assign a severity to them.
Pulling the wool over the customers eyes is easy, fixing them is harder.
Why is Vista slow? Well it may be recovering from an error. Yes, you can dress a warty frog in a cloak, but it will never be a prince.
It's an extremely crappy security metric, because in fact Vista could have more bugs, just that they haven't been discovered/patched.
which is totally what she said
I would think that one major difference is that Linux is public. We admit to our security problems and they're counted. Exactly how many Vista security problems that Microsoft discovers are made public?
... Microsoft gets to hide behind obscurity. These problems will come out eventually. Personally, I have much more confidence in code that's been exposed to "many eyes" and Coverity. Let's get real and talk about the number of flaws that Coverity exposes in the Linux kernel vs. the Vista kernel. Anyone who relies on a brand new kernel to be secure will get what they deserve as the flaws become exposed.
Another case of apples and oranges is open vs. closed source. The bug count for Linux includes many security issues that are uncovered through analysis of source code
Now, let's talk about real issues like the number of viruses that affect Vista and then let's compare the number of zombies that Microsoft has created. If MS made cars, or any other tangible product, they'd be out of business due to all the class action lawsuits about unsuitability.
I'd go on, but why bother, MS is *always* so full of shit it's not worth the time it takes to post this.
Reimaging to the XP corporate default. Shipped, not installed.
Downgrades of Dell/HP machine to XP. A sale of a Vista license to Dell/HP. Not installed.
Copies sold to retail. Shipped, not installed.
The only problem is - if you must change your applications in order to use a newer version of operating system, then why should you stay on Windows?
It's possible to get all that for just over $500 if you're willing to settle for the stuff at the very top of the "Lowest Price" list. Personally I'm willing to delve a little deeper to build a system with parts from companies that have a good track record. But if you're happy with your genuine Assus or Gigo-byte motherboard, and your top of the line nVido video card, more power to you.
From my experience, when bugs / security flaws are found in Linux, they are patchable or they are due to the default install leaving something turned on or a port open that should not be. With all of MS patches over the years, windows machines STILL continue to get loads of spyware and viruses no matter how many patches they throw at them. You can't leave a windows machine connected directly to the internet for 20 minutes without it being screwed up with spyware, ect.
Browsing those, the first thing that pops out is that it covers all bugs originating from all the software that aren't installed in the default installation. I mean, Ubuntu's page lists advisories on PostgreSQL, MySQL, tetex, perl, PHP, emacs, CUPS, Thunderbird, ImageMagick, vim, etc... Is the idiot considering the reports regarding those software packages as an operating system vulnerability? The very same thing applies to RHEL Desktop Workstation. It lists both KDE and GNOME advisories along with packages like, again, PostgreSQL, Firefox, ruby, pam, CUPS, tomcat, fetchmail, squirrelmal, PHP, evolution, etc... Quite a few of those packages can't even run on the same system.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
Leave it to Microsoft. Vista has the fewest amount of flaws only because all the bullshit crashes, lockups, application instability and ambiguous error messages are FEATURES, not flaws.
Fujitsu
Mod points are a dangerous tool. Abuse them wisely.
the exremely annoying UAC prompts - Right because we all install 100 apps a day or make 100 system changes a day. I'm on my PC a lot and rarely get asked to continue. When I do, it's an install or a system change. Which makes sense.
the HUGE amount of system rescources needed to get decent performance - Correcting you, you only need a huge amount of resources to get Vista with all it's eye-candy. Feel free to turn it off to get performance you can live with. In fact, when you install it, the OS suggests what level of eye candy.
Lets start with the built in DRM - I only agree with this about Vista itself. Vista needs to be activated, etc.. Otherwise, what are you talking about. Vista doesn't check or care if I download 100 new movies and songs from my favorite torrent, burn then to DVD, upload, etc...
You might want to try actually using a system before commenting on it.
I am TheRaven on Soylent News
You'll have that sometimes...
Vista might be more secure than XP. Of course, some of my users will never get to find out, because Microsoft deliberately disabled DDE in Windows Vista. Never mind that a lot of enterprise software, especially applications written to interoperate with IBM's client access suites for iSeries (AS/400) and pSeries (RS/6000) depends on DDE functionality. MS is forcing enterprise users to choose between a secure OS and having to invest thousands, if not millions of dollars and tons of man-hours rewriting code that works perfectly well on XP. Maybe Windows 7 will drop support for COM. Meh.
Blogging Weight Loss, Distance Education, and more at verlin.com
Maybe there is some BSD code buried in FTP.exe or some user mode stuff but so what? Even if a few functions in kernel mode are from BSD, so what actually? And why is it hypocrisy BTW? Microsoft have spoken out against the GPL, but they have never done so against BSD.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
....now that Microsoft has set 2009 for the new "Windows 7" release target date, it seems that Vista may be the new short-lived 'Windows Me'. Judging from Vista's own history, once the 2009 deadline passes, it will spend another three or so years being "weeks away from release" and let's not forget "feature disappearance" hell.Vista may have less flaws, but the ones discovered are far more serious than the average flaw on for exampe GNU/Linux and Mac OS X. Vista's had some serious security issues, and so has other systems, but open source sysems generally receives fixes faster, due to the number of developers working on them. This means more bugs get fixed within a given time period, hence the higher number of fixed flaws. Also, Red Hat includes fixes to included third-party software in it's reports.
Less bugs fixed does not equal fewer bugs.
how many people who run linux do you think are stupid enough to buy vista then uninstall it? why does everyone pretend the white box market doesn't exist?
Having used the cheap whitebox market in the past i'm very reluctant to do so again.
Afaict cheap big brand boxes are cheap because of economies of scale, carefull planning and probablly some loss leadership and crapware bundling income.
Cheap whiteboxes are cheap because they bought whatever shit was cheapest that week and stuffed it in a box with little to no integration testing and no consideration of what brands are reliable at all.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
1. M$ did the survey on OSX which is baised on BSD, so they can call every BSD error on them.
2. M$ wanted to look good, so they lied.
3. Winblows VISTA is not widely used, so there are not as many bugs found because VISTA SUCKS BALLS
4. M$ probabley called every MAKE error a security bug, common M$, in linux you have to chmod 777 an application to run it, there should be no diffrence between RHEL and Unbuntu
5. I highley doubt that the data is real.
We Are Microsoft, your computer will be assimilated:
RESIETANCE IS FUTILE
RESIETANCE IS FUTILE
RESIETANCE IS FUTILE
RESIETANCE IS FUTILE
ERROR
They did that with NT without all that much success. (Windows 95 runs about as well with far fewer resources if you don't mind a crash every few weeks).
It doesn't, on 9x try making the taskbar a couple of rows high and opening browser windows until it's full with small icons, you will notice things start falling over. Now try doing the same on a NT based version, no problem. Also 9x has absoloutely no concept of user permissions, every user is essentially god.
The real problem that MS is still trying to find a way out of is that most win32 programmers wrote apps that assumed no security because they were developing on a platform that had no security.
P.S. if you really want to stop windows systems getting messed up without stopping apps working windows steadystate rocks.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Pay attention to the very important point that Red Hat uses different metrics to Microsoft. Watch this video at redhatmagazine.comand don't compare apples to oranges.
You can compare Windows Vista with Windows XP but you can't compare them with a Linux distribution. They are apples and pears.
Stupid study made just to sell Vista
From my small corner of the world, 32k.
Our company (anon), purchased 32k pc's (from a major manufacturer), all arrive with Vi$ta business, all leave with XP.
Funnily enough with windows firewall & auto updates disabled.
... there's no reason anyone would ever want to use it.
Everything else is irrelevant.
You are in a maze of twisty little passages, all alike.
It's because nobody is using Vista!
This reminds me of some co-workers in Dominican Republic joking they didn't had car accidents because there isn't a single statistic on that matter.
So now they actually have the gall to say that (P)OS Vista has fewer declared faults or to quote the article 'complied the number of vulnerability disclosures and security updates", what a pack of lying, deceitful, misleading ass hats.
There not even pretending to be honest, public vulnerability disclosures and security updates, versus the number of faults that have actually been found, and have not been fixed and those people who found them have been threatened with legal and financial sanctions if they disclose them.
So reading between the lines M$ security and legal have been far more effective in preventing public disclosure of windows security vulnerabilities and their failure to fix then they have in the past.
Chaos - everything, everywhere, everywhen
TCP/IP stack was completely rewritten, but copied line by line from the previous version. I've heard it took them hours...
Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
Statistics lie for whoever pays them.
There are many more interesting numbers than such a simple count. For example, as a user, I don't care at all for the number of fixed bugs, I care a lot more about the number of unfixed bugs.
And that's just the tip of the iceberg.
Assorted stuff I do sometimes: Lemuria.org
To be fair, after initial installation, I am now barely bothered by the UAC. It really isn't that annoying, especially as program writers have begun to adapt to it.
Vista is a better OS than XP, it just isn't worth paying the money to upgrade to if you already have Windows XP. Luckily I get it 'free' through my school.
afterall, budget cars today are built better than budget cars in the 80s
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Don't forget the obscene file copy times.
There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
this article with a few graphs and stuff that sheds interesting light on the whole "How many vista installs..." question.
They compare Vista and MacOS, and no Linux numbers, but still, interesting read...
Seven Days with Ubuntu Unity
Yes, i read their statement... but... uh.. who is making the statment... AHH... yes.. the creators of said product.
i mean.. you don't see GMC admiting to the flaws in their cars, or Firestone admiting that their tires tend to catch on fire....
yea... let me know when a 3rd party company who is not being paid, or even remotly affilated with microsoft runs a report. then i might read it, until then, hasta la Vista
Your comment and sig seem so appropriate together...
There are two types of people in the world: Those who crave closure
Erm... about forty?
It's easy how they come to this conclusion. They will always come to this conclusion, and technically it is true. It has to do with the scope of what they're saying a flaw is. Ubuntu and RedHat unlike microsoft has tons of packages, including apache, pidgin, NFS, sendmail, bind (oh I could go on for days). These packages come with those linux distrubutions, thus if any of those packages have flaws or vunerabilities Microsoft tallies it down for a vulnerability against Redhat, and Ubuntu! However, in Microsoft's case Vista doesn't come with a webserver, or a DNS server, or an AIM client, or office even. All they have is a barely operational, fairly useless operating system! This is why these studys always crack me up cause they mean nothing. Your adding up the flaws in ALL Linux packages which rank in the thousands I'm sure (especially with Ubuntu) against the flaws in Vista. It makes perfect sense that Linux is going to lose this contest, but it means nothing! Microsoft sucks, they have always sucked and even though they put out these meaningless reports they still will suck.
Granted, the userbase does not represent a cross-section of the general population. But it would still be nice to see the stats for the UserAgent.
Linux Zealots: Smarter than Mac Zealots, but still zealots.
Lets start with the built in DRM, [...]
Completely and utterly irrelevant. Either you have DRM-encumbered media, in which case the DRM in Vista means you can actually use it, or you don't, and the DRM does nothing.
the exremely annoying UAC prompts,
Which are exactly the same as the ones in Linux and OS X.
the HUGE amount of software that ran fine with XP that doesn't run with Vista,
Which is proportionally miniscule.
the HUGE amount of system rescources needed to get decent performance...
A Ghz-class processor, a gigabyte or more of RAM and a US$30 video card. Heady stuff, indeed, needing a machine less than 5-6 years old.
Perhaps the reason that there are few 'Flaws' reported is because Microshaft has deemed some of those 'flaws' to actually be design features....
"...a civilian some of the time, a soldier part of the time and a patriot all of the time." -Brig. Gen. James Drain
The primary concern is the scope and impact of these vulnerabilities and other bugs. Their quantity is a secondary consideration. For example, Solaris 10 did not have many security bugs either, but one particular bug - with the telnet server - probably outweighed all the Solaris 8 and 9 security vulnerabilities put together.
Most Linux distributions come with far more than you get with any Microsoft OS, and as a result, the chance for security holes in optional components will be greater. If Windows Vista came with a choice of several web browsers, ftp servers, libraries, developer tools, and so on, then of course it would also end up with security holes that apply to the individual packages. Trying to compare a Microsoft OS to Linux is really an apples to oranges comparison.
So, take every FTP server out there, and every web server, and program, bundle it with Vista, and then count the number of security holes. That would be the apples to apples comparison needed to compare security.
The other solution of course would be to compare the BASE distribution of Linux, without all the extras and optional components, and then see how the security would be. It should of course be pointed out that Linux has been around for a longer time than Vista, so there has been more time for people to find problems with Linux.
This is Bill's way of saying "I meant to do that".
To answer your question, the only reason would be if the application doesn't exist on a different platform other than win32.
Emulation might come in to play then. How many people are going to put a cracked version of XP into an emulator on a fast linux box? Someone needs to make an emulator that does firewire. Is anything there yet?
Seriously, the only apps that I use that REQUIRE windows are Autodesk stuff and my video editor. (and, Adesk Inventor integrates with excel only, not OO.o I tried)
Flappinbooger isn't my real name
That Windows Vista is an upgrade OS.. and not a First time release OS?
If you were to compare apples and apples.. Compare Linux 2.6 to Vista.. for security bugs. Compare Firefox NOW with IE7 now.
bottom line: Vista is not a "NEW" operating system. It is a bunch of products they left out in XP due to "time" and then added a few code lines in between.
I can program myself out of a Hello World Contest!!
Clearly Microsoft forgot to divide the amount of reported errors found with the amount of users.
Summing up the total amount of reported flaws for XP and Vista is bound to turn out favorably for Vista since noone wants to use it.
McDonald sells delicious healthy apples. And they even give you some awesome caramel,burnt sugar, to dip it in so people might actually eat it!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Doesn't make it true.
The negative press surrounding Vista has had nothing to do with security. It's had to with bloat and incompatibility, mostly. I'm not really shocked that it's possible they got something right.
All the pre-configured boxen I have ever seen (not talking high-end here, unfortunately), have historically been inadequate when it came to memory support and bus speed. Adequate for office applications but no headroom for any real upgrades. I've always spent the few extra dollars as if the computer might get upgraded, though when the time comes it seems cheaper to start from scratch since old stuff so goes up in price once it hits obsolescence. I somehow doubt that any cheap Dells are sporting active pfc, Which I'd think would pay for itself in a very short time, but doesn't generate much buzz in the advertising world. I have a thing about fast refresh, so the bundled monitors and video cards are nearly always inadequate for me also. And I don't EVEN play games.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
If electricity comes from electrons, does morality come from morons?
No, morality comes from Mormons.
== Jez ==
Do you miss Firefox? Try Pale Moon.
do do do de do do do de de
So appropriate togetheeeeer.... o/~
Nah, doesn't work. :
Who is going to bother hacking an O/S no one uses? This is the same reason Macs are more secure, there is less payout in hacking into it as there are far less people using them.
>>Vista logged less than half the vulnerabilities that Windows XP did in its first year, according to the Microsoft report.
1) Does that mean than Vista *has* half the vulnerabilities of XP?
2) The title reads "Flaws" but the article only seems to discuss "security vulnerbilities" are there not other types of flaws?
3) Is there an accounting for the degree of vulnerbility?
4) What exactly is msft calling a "security vulnerbility?" For example, is likelyhood of virus infection considered a security vulnerability? Or is msft only measuring things like open ports?
5) Is there any reason to belive msft? Call me a linux zealot, or whatever, but msft has been caught red-handed in *numerous* lies and scams, i.e. fake video testimoney to the US-DoJ, fake "independant" benchmarks, fake TCO studies, letters from dead people campaign, paid shill journalists, bribing and ballot stuffing to push MS-OOMXL through ISO process, and so on.
Even viruses don't want to have anything to do with Vista!
Bricks have few vulnerabilities too.
Aha! You've stumbled upon it -- that was the rewrite! They removed the BSD-related string constants from the code and recompiled...
And I love the way in one breath you've manage to berate MS for spreading FUD and being biased, and then making generic completely unsubstantiated claims like "vista probably has more then linux and MAC combined".
I'm willing to admit that few bugs fixed/reported does not necessarily mean more secure, but it's still a good sign at the very least being that it certainly has more users than Mac and Linux combined.
throw new NoSignatureException();
Power users will be annoyed with UAC right from the start. It's okay if it asked only for deep system changes, but printing to a network printer? I'd like to see a poll of how many people still have UAC enabled.
Vista needs some serious horsepower whether you have the eyecandy enabled or not. The eye candy causes a big increase, but I had to upgrade my machine's 1GB of RAM to reach a reasonable level of performance even with Aero turned off, in order to run any intensive apps like Eclipse or Photoshop.
Just you wait until you buy that fancy new Blu-ray drive only to discover that Windows refuses to output DRM'd HD video to your monitor because it has no HDCP support. Vista has DRM that reaches deep into the subsystem, and when companies begin to take advantage of those features (by flagging Windows Media files appropriately), I bet you'll be surprised at what Vista refuses to let you do.
I use Vista at work because my laptop came with it, and if I could start over again I'd wipe it and go with XP. The wireless behavior is terrible, NetBIOS-based file shares are still spotty, the file explorer refuses to remember my preferences, files sometimes end up mysteriously undeleteable, and the new Minesweeper sucks. Windows 2000 people were against XP when it came out, but most folks came around and XP is now one of Microsoft's most solid operating systems. Vista is receiving much more flak than XP ever did, and while it might end up improving in the end, the negative press has left a pretty big scar.
Yes, if Microsoft would like to compare Operating System, they should just compare it with OS what is GNU/Linux and leave all other applications what different distributions brings along and do compare then.
But that would just make Vista look terrible because their OS includes Internet Explorer, Windows Mediaplayer and all other applications because those are integrated to OS level.
But now Microsoft just compare three different Operating System, Windows Vista, MacOSX (Tiger or Leopard?) and GNU/Linux. And same time it compare Windows Vista for GNU/Linux Operating System two different distributions, Ubuntu and Red Hat, and claims Vista is more secure than all those "OS's" are! Ubuntu and Red Hat ain't OS's but Distributions (Even that distribution includes GNU/Linux OS but it is distribution because it includes all kind stuff more, than just a pure OS).
Mayby i should sell new OEM version of windows and i would bundle 3000 different software with Vista OS and then i would blame that Vista is less secure OS than Ubuntu or OpenSUSE!
This is just problem because Microsoft wants that normal users believe that different distributions are different OS's so it can do this kind studies to "proof" that MS OS is better and sell it again to profit!
But hey! I like that Vista is secure and i hope it will stay like that, because if most users would move to Vista, we all could benefit from that situation because we other OS's users (GNU/Linux, BSD or MacOSX) would get less spam and virus epidemics would drop etc etc.
Study is just wrong, Vista is less secure Operating system than GNU/Linux but Microsoft is right there that Vista does not have so much patches when comparing Vista Operating System and GNU/Linux Distribution!
I have UAC enabled, I have NEVER had a UAC Prompt when printing to a network printer.
Re - BluRay and HDCP. That's the BluRay (and HDDVD) Spec, cockwad, it has ZIP to do with Vista. You can't play a BluRay disk to a HD TV in High Def without using a connection that supports HDCP.
You assholes are hysterical, you ream Microsoft unmercilessly when they deviate from any standard at all, and then expect them to completely violate the DMCA and break BluRay and HD-DVD Encryption to play HD Movies on your computer.
Pick one position and try sticking to it.
I believe you mean "We". Actually, I suppose you could have meant "U.S.", but there's no reason to be all racist about it.
Moreover, I'd be hesitant to give him even the desktops angle. What passes for what's common in the US isn't in Germany and elsewhere in Europe.
Same for Asia. Parochial view really.
Now... I wonder how many Nokia N770's, N800's, Asus eeePC's have been shipped/sold... I wonder how many routers out there use Linux... I wonder
how many non-smart phones have been shipped by groups like Samsung and Motorola with it on them... I wonder how many OLPC's they'll eventually ship...
In the end, the reality is that Linux is a bit more used than people might want to admit to. Especially if they've bet everything on being a
Microsoft world.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
XP security as a yardstick? That's pretty funny.
Does anybody else remember the original XP - every port wide open and waiting for people to come along and use your machine? If this is Microsoft's yardstick then they're failing miserably.
No sig today...
I agree. The beige boxes are often unreliable and come with warranties that aren't worth the paper they're written on. Furthermore, they can be downright ugly. Larger companies can afford to invest in design to create some visual appeal. I know quite a few people who buy Apple computers or Lenovo ThinkPads for their design/quality with the intention of running their favourite Linux distributions on them from day one.
If it has the fewest flaws and yet people still don't like it.... so it must have been designed to be a poor replacement for XP. I guess if a feature sucks but works exactly the way it was intended then it's not a flaw.
Here's some news for you Bill Gates, Beta Max didn't have any flaws either and yet because it didn't give the users the features they wanted it didn't survive as a format. The DreamCast is another example of a flawless device that just didn't cut it.
We like to call these *Flops* and there are many of them... they did what they were designed to do, people just weren't interested cause what they were designed to do just wasn't good enough or worked against their wants/needs.
A fool throws a stone into a well and a thousand sages can not remove it.
Who got a UAC prompt from trying to print on a network printer and why haven't I gotten one? I upgraded my XP box to 1GB of RAM and saw a huge increase in performance, so I don't really understand your gripe.
And also the fact that quantity of vulnerabilities is a crappy metric in and of itself. I'd rather have 100 website spoofing vulnerabilities in Firefox than a single remote code execution vulnerability in IE.
http://www.mhall119.com
Or why not take the Mac approach: run win32 apps inside a "Classic" mode that's really an XP installation. MS already owns VirtualPC so they could embed a copy inside Vista without being dependent on a third party. Then they could have Vista as clean and slim and legacy-free as they wish without affecting old apps at all. State from the beginning that they'll support "Windows Classic" for, say, 5 years and then be done with it.
Similarly (and much more impressively), IBM has managed nearly perfect backward compatibility alongside new systems for over 40 years. Why can't Microsoft?
Dewey, what part of this looks like authorities should be involved?
I've been saying the same thing on here for a while, but it's like talking to a wall. People want Vista to suck, so they say it sucks. As near as I can tell it's some desperate attempt to influence reality. IMHO, the bottom line is that if you have the hardware to run it, Vista is pretty decent. I've been running it on 4 systems for about a year now, including gaming, I'm 70-620 certified, and I see no reason to go back to XP or avoid Vista on new systems.
Please, stop submitting this data about Linux on having a %0.6 market share because it's misleading. Net Applications clearly states that their methodology for collecting this data is to "collect data from the browsers of site visitors to our exclusive on-demand network of live stats customers."
http://marketshare.hitslink.com/
This is not an aggregate of a random sampling of websites or even a diversified cross section of websites, but only a population of their client customers. And who are their client customers? Take a look at the population they use:
"Additional estimates about the website population:
76% participate in pay per click programs to drive traffic to their sites
43% are commerce sites
18% are corporate sites
10% are content sites
29% classify themselves as other (includes gov, org, search engine marketers etc..)"
What these statistics tell us is that the customers of Net Application clients use these OS's in these percentages, not the overall usage of OS's people are using when browsing the internet.
Yeah, that UAC is so much more irritating than having to type my root password in Linux... oh, wait... ITS EXACTLY THE FUCKING SAME THING.
Ah, the age old "It's not me, it's you." proposition; most often heard during a relationship breakup.
I'm telling a friend to return their Toshiba Satellite P200d laptop because you cannot GET XP drivers for it.
Vista (with timebomb apps) is preloaded of course. (No user choice there)
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
This is all Microsoft spin. Vista should have had less flaws than XP in XP's LAST year, not XP's first year, since they had the XP model to build upon.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I evaluated Vista for a few weeks in December. Based on this evaluation: in order to compare flaw statistics, I'd suggest collecting data for twice as long a time period as the data collection time period on XP before comparing results.
Counting how many vulnerabilities have been found, and then drawing the conclusion that there are fewer vulnerabilities, is just plain stupid. You have to look at the severity of the vulnerabilities - was it in the wild without an available patch, is it remotely exploitable, does it grant the attacker root access, was it discovered by a responsible researcher who notified the vendor first, etc? The key is that when a real hacker discovers a vuln, he's not telling you, or Microsoft, or anyone else about it - ergo, it's not in these stats at all. And the secondary point is that not all vulns are created equal. A lame attack that cannot be conducted remotely and doesn't give you root is not the same as a remote attack that roots a box over the Internet. Microsoft already had one major vuln this year (MS08-001) and it's only January.
The number of flaws is interesting, I suppose, but even a Vista with no flaws could still suck. In manufacturing, quality is defined by how closely the product meets its design specifications. So you could have a product with "perfect quality" which nobody wants, if the design specs don't match what the market wants.
Maybe Vista's design specs included a slow OS that hogs system memory, intrusive DRM support, a lack of hardware drivers, etc. In that case, God help us if MS achieves a "flawless" release of it.
If they wanted to ditch backwards compatibility in favor of security, they wouldn't have implemented UAC as they did. Instead, they would have forced the creation of an unprivileged account as the first user, then popped up a much simpler UAC box that asks for the Administrator's privileges when they are required. Administrator wouldn't see UAC at all, probably because it's already privileged! Display a warning message whenever the user logs in under a privileged account, then leave them be at their own risk.
Gamingmuseum.com: Give your 3D accelerator a rest.
...would be more believable. Except for the "Microsoft Says" part, of course.
Am I the only one who finds it TOTALLY bizarre that MS compares their newest desktop operating system to a Linux server operating system?
And quoting an installed user base of less than 1% for desktop Linux as other people have done in this thread just mystifies me even more.
I think that there's just no way you can compare operating systems based on vulnerabilities in a meaningful way because they don't have the same number of users, they're not used for the same things, and they all include different programs that may or may not be counted alongside. Honestly, how many security vulnerabilities can there be in Notepad, Paint and Calc?
I think Jeff Jones is absolutely correct when he says that you should count what comes with the default install of a common, working setup. But you shouldn't count vulnerabilities, like he does.
The only way to get any kind of metric for how secure an operating system is, is by looking at how many of these vulnerabilities are actually exploited. So what if Ubuntu or RHEL has a vulnerability that could somehow, potentially let someone take over my computer under the right circumstances? If this vulnerability isn't even close to being exploited by shady types, what difference does it make to me, the user?
How about looking at how likely I am to be robbed of personal information, having my credit card number stolen, or being included in a botnet to do evil?
Although, with F-Secure's 2007 count of 500,000 pieces of malware for Windows (a doubling since 2006), maybe I'd stare real hard at meaningless statistics too if I were Jeff.
Never attribute to malice what can be adequately explained by ignorance or stupidity. -Isaac Asimov
Because IBM's systems were implemented properly in the first place...
Like someone else said, earlier versions of windows simply had no security whatsoever, and thus apps were written with that in mind, and now they're stuck having to support such apps.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I assume by "jacking up the whole unwholsome [sic] mess" you mean the WOW subsystem. That won't work, as we're already on Win32, Win64, and .NET. As far as 1960s mainframe design, NT is actually built using the same concepts as VMS, a 1970s design that is still very secure and reliable.
Gamingmuseum.com: Give your 3D accelerator a rest.
You sure link a lot to this person's 'twitter' journal. Oh, wait. Never mind.
Because the first thing that would be posted on /. is "That's just a bypass of how it should have been programmed. Look at all that wasted space, almost everyone in the world has a P3 processor, and 8GB of HDD space. No one has the space for 2 OS's on their hard drive. Use Linux, it's so much better, you can do anything on Linux that you can on Windows, and more. Torvalds is god, Gates is satan....."
I know, I know, by the time you're done reading this, the post is already modded -5 troll, but that's what I see on Slashdot. People are pushing their own opinion, and modding down ppl who disagree with them. I must be new here...
Exactly, a poor short sighted design in the first place, without any thought as to what might be needed in the future and how the design could be improved...
You don't see any unix based os having so much cruft and other problems as windows has.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
But again, why couldn't you run those inside a VirtualPC VM that's visually integrated into the desktop? Even DOS apps could run inside something like DOSBox without too much hassle.
Dewey, what part of this looks like authorities should be involved?
MS announced today that Vista is Double Plus Good!
Those people would be (correctly) smacked down. See, you already have multiple OSes installed inside Vista. The only difference is that in the current setup they're tucked away inside the API and only exposed when the OS thinks they need to be. From a programming point of view, I'm almost certain that the overhead of keeping both lines of code intact and working together is far higher than just splitting them out and maintaining them separately.
Dewey, what part of this looks like authorities should be involved?
In theory that's a great idea, but that can get dog slow unless you have hardware that supports virtualization nicely (VT-supporting processors). Well, I'm sure you can do it better than that without virtualization as other OSs have been doing it long before VT hardware emerged (or it always existed on non-x86 chips) but we're talking about MS here.
How are sites slashdotted when nobody reads TFAs?
How about you take twenty minutes of your no doubt precious time and tell me and others what these wonders do? Is it really something that we can realistically expect to see in our mainstream OSes anytime soon? Or anytime at all?
The last genuinely interesting concept I saw anyone try to install in a mainstream OS that would actually make life significantly better for users (if it worked) was "Windows File System" and it is something like 14 years late in roll out. It went into beta test about two years ago and then seems to have quietly vanished -- cancelled?
And while you're at it, perhaps you could try making an effort to be civil and losing that "I suggest you .." attitude? If you actually have something to contribute, contribute it. I'll be interested to read it. I'm sure others will as well.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
So if I tell you that Jeff Dahmer was responsible for fewer homicides than Charles Manson, would you want either one living next door?
-- Should there be smoke coming out of my CPU?
Let us not become the evil that we deplore.
Slower than the reality of what we have today?
They could even put a marketing spin on it: "Office 2009! Optimized for Vista!"
Dewey, what part of this looks like authorities should be involved?
I agree. Although the whole "Cancel/Allow" thing only happens when you try to run stuff as an Administrator.
~Vexed and loving it!
There is no such thing as "Vista Premium". There is Vista Home Premium, but a company would never use that since it will not connect to a domain or active directory. For that you need Vista Business or Vista Ultimate (you only need Vista Ultimate if you want a machine with the features of Home Premium to connect with with a domain).
So, obviously, this guy is lying... and not even doing a good job of it. But hey... this is Slashdot! So mod him up, of course! Anti-MS FUD for everybody!
I mean, if you see a pile of dog crap lying on the ground, could you really say it has any flaws?
if slashdot-ers would read the article posted they would see that the major complaints they have with the study were addressed by the author! from the paper: "I think it worth spending a moment to discuss what this analysis covers, why it might be useful to some people and, perhaps most importantly, what it does not say. If it was possible to measure "security" in one metric, it would have to encompass a complex combination of factors including (but not limited to) the software quality, administrative controls, physical controls, and much more - and even then, it would all be in the context of whatever security policy was defined for the systems in question. So, this is not an analysis of "the security". I don't look at protective mechanisms and see how they might protect in certain scenarios. Nor do I look at security features and see how they might enable better privacy or help secure business process. And I certainly don't look at how easy it is to manage the security policy for these products. Is there anything in this analysis which will prove one piece of software is "more secure" than another? No, that is not my intention. This report is a vulnerability analysis, which may provide some elements that could be part of a broader security analysis. I fundamentally believe that security and non-security features need to be built upon a foundation of good engineering and solid security quality if they are to perform as we expect and not be misused to the detriment of security." what this study shows is that microsoft's Secure Development Lifecycle, safe libraries, and other initiatives are actually producing better code. nobody is saying vista is "more secure" than anything. honestly, this begs a question, why does slashdot hate the fact that windows code is improving? isn't safer/better code good for everyone?
Absolutely true. As I recall, Windows 95 comes to a screeching halt after opening 72 MSDOS windows in 16mb of memory. (OK, OK, so I sometimes get my loop variables wrong). It actually recovered from that, but it definitely is more fragile than NT. On the other hand, most people would barely notice the difference so I don't consider the difference to be very important. The only case I can think of where an ordinary user might appreciate NT's robustness is when media is removed while in use. Windows 9 generally crashes. NT doesn't although the result is anything but pretty. (Did they clean that up in Vista?)
***Also 9x has absoloutely no concept of user permissions, every user is essentially god.***
True. And a personal computer needs user permissions .. why? I've tried hard to convince myself that the security model that people are trying to sell as the end all actually works. But I just can't. I'm all in favor of some sort of security scheme. And I expect that some sort of permissions and or ACLs will be part of one that works. But I submit that NT security demonstrably doesn't work very well (and I suspect that Unix security isn't much better). Does NT have the sort of access control that will be needed if and when security gets straightened out? My guess is mostly not.
***The real problem that MS is still trying to find a way out of is that most win32 programmers wrote apps that assumed no security because they were developing on a platform that had no security.***
No argument there. Problem is that I think they are now developing on a platform that has problematic security. I guess that's better. But it doesn't mean that their work won't have to be redone -- maybe multiple times.
But OK, yeah. If an OS can be developed that can actually keep users from tromping on one another and the OS while still doing useful work, that'd be a reason to redo the OS. However, NT demonstrably is NOT such an OS. Would it be worth discarding backward compatibility to get real computing security? It might. But rollout would be an enormous problem, and rolling out something that had any substantial number of flaws would be a disaster all round. This is a case where bullshit won't fly. If you promise security at the cost of rewriting everything, you better either deliver or not ship.
***P.S. if you really want to stop windows systems getting messed up without stopping apps working windows steadystate rocks.***
Hey man, the "codger" in my name means that I'm like "old". I don't doubt that you're right, but I'm not quite sure about what. Not as quick as I once was. Could you take that just a bit more slowly?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
But can you give a reason anyone should use Vista on a system, new or otherwise? That's the question I've been asking since Vista was released sans all the promised features.
Well, for one thing, I've never *had* to install a driver on it. It has thusfar automatically picked up 100% of the hardware I've thrown at it. But I do build all my own systems from scratch with cheap but name brand parts. It picked up 100% of my Dell laptop's drivers too, power management and everything. Don't get me wrong, I still go back and update to the latest video drivers, etc, but out of the box, I have never had to install a single driver to get a usable system. This is especially nice compared to the prospect of formatting someone's hard drive, installing xp, and they don't have the network driver, so you can't get online to get the network driver. If I never get caught in that catch-22 again, I will be happy.
Also, supposedly the Windows Server 2008 will have dramatically improved performance when talking to a Vista box, but that's more of a corporate thing, and I haven't used 2008 yet, so I can't speak from experience on that, but the benchmarks look like nearly double throughput on simple file copies.
I've used Vista Ultimate hooked up to a 1080p dhtv, and the media center stuff was pretty sweet. All we did was watch a pirated copy of I Am Legend (which was pretty good) and played a slideshow of some nudy pics, so we didn't beat it to death, but the media center thing also has a really nifty LCD calibration routine that shows pictures with varying shades of gray and tells you to adjust the tv's contrast until such and such is barely visible, etc, and then some colored stripes and adjust brightness until something else happens, etc, and at the end, the color on the hdtv did look much better during standard tv viewing.
On a wide screen monitor, the gadget column on the right is pretty nifty.. there are some neat gadgets available for it. I don't particularly like the screen encroachment on a 4x3 or 5x4 monitor, though, so I turn it off. I assume it does eat a bit of resources too.
It is actually "butched up" (more manly), in my opinion. I always found the icon naming distasteful for "my computer", "network neighborhood", or the ultimate mamby pamby thumb sucking "my network places" (BLeeeeaaachc). Now it's just called "computer" "network" "documents" etc. YMMV according to personal preference on this one, but I really like the newly refined interface, INCLUDING Aero. I set my background to black and transparency to granite, and the whole desktop looks very clean and tasteful. I'm still too set in my ways to switch from alt-tab to window-tab, but every now and then I use it.
If you play WoW, you know you occassionally have to wait for a boat or a zeppelin or a train or something to show up. I run WoW in windowed mode so I can alt-tab to thottbot without making my monitor change resolutions. Well, if you leave WoW running, and DO NOT MINIMIZE it, and lay thottbot (or anything) over it, you can hover your mouse over the window button on the task bar, and it will give you a thumbnail of WoW that actually moves, so you can keep the mouse hovered while reading something else, and still keep your eye on the live thumbnail to see when your zep/boat/train arrives.
They got rid of the crappy start button that I've always hated and replaced it with a nice blue ball thing.
The start menu freaking rocks. That may be my #1 favorite thing about Vista. Just press the window key on your keyboard and start typing. As long as your indexing and whatnot is correctly configured you will get almost instantaneous results. Say you're doing tech support over the phone and you want someone to look at their printers, well the start menu is configurable such that maybe the printers icon is there, maybe it's not. Maybe my computer has the control panel in it, maybe it doesn't. Then you have to wait for the end luser to hunt around before finally declaring that it just isn't there and you have to go to yet
Microsoft released ME Squared.
Vista is itself a horrible flaw - one for Microsoft itself.
"Flyin' in just a sweet place,
Never been known to fail..."
That's the main difference between Apple and Microsoft. Microsoft is obessed with backwards compatibility and Apple isn't as much. It's one of those judgements you need to make when considering an OS, do I want backwards compatibility or performance?
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
The concept behind Singularity (a Microsoft Research project) is to remove the concept of processes and use type safety for component isolation as is done in the Java VM (or was, I'm not sure if they still let you run multiple Java apps in the same VM). The Windows FS is not particularly novel. It's a failed attempt at implementing something like the BFS (there's an entire free eBook about that, well worth reading for anyone interested in filesystem design).
Amoeba and Inferno are built around providing scalability and have interesting distributed systems models. One I forgot to mention was EROS. It usually slips my mind because I don't get on well with the capabilities crowd, but it did have some really neat features, like the fact that you could pull the power plug, pop it back in, and lose no data (including running app state).
And don't forget things like Xen. Xen is the first microkernel OS to see widespread use (Mach doesn't really count; it was a poor microkernel, and everyone who actually used it hacked it into something like a crippled monolithic kernel). QNX was (is?) popular in embedded systems (very neat, scalable, microkernel with asynchronous communication) but not in larger systems. Take a look at some of Samsung's research on Xen. They have ported it to ARM and are looking at the idea of keeping your entire workspace in something like a mobile phone and then live-migrating it to your TV when you get home. This could be taken even further and integrated with something like LLVM, allowing you to migrate your workspace to entirely different CPU architectures.
I am TheRaven on Soylent News
I highly doubt Vista has been overlooked by the critics and others who wish to expose flaws in it. It's too big of a target to give MS a black eye. Even if there were just 5 million installations ( I don't believe the 20 million mark myself ), I don't think it would get any less harsh treatment than any other flagship product of theirs. It's too big a target for those types of purely Anti-MS folks, so I hardly think you can state "fewest users = fewest flaws" and claim that's why the flaw reports are down.
I would say this is more due to MS going in this direction for many years now with XP, facing continuing pressure from competitors ( open source community, Apple ) to provide actual stability and security moving forward. It's a good step in the right direction if this report is to be believed and I hope it continues. I have to support this stuff, so the better it is for the user, the better and easier it is for me.
If they completely ditch backwards compatibility, they could remove all this old cruft and start again with a proper clean design, but as usual they're taking a half-assed poorly thought out approach.
What's a "proper clean design?" Is there an OS out there that doesn't contain layers and layers of hacks for 20-year-old bugs in it? The "cleanest" OS I can think of is BeOS, and it didn't succeed because it didn't run any software. Apple's running an OS kernel with a longer history than NT, and people call their OS better... is that because it's "cleaner?" In your opinion?
Comment of the year
I want to upgrade to XP also. I have not had so many blue screens since WIndows 3.1; Good thing I have several Linux distros partitioned on my HD.
And Bill Gates is supposedly a "kinder capitalist". While he sits on enough money to feed a small country, that is. Since money = tokens for exchange of work, you can take the average salary, divide it into Bill's fortune, factor in his age, and see just how much money he has that he couldn't possibly have earned off his own back.
To be honest, it's a MASSIVE irritation to have so many patches and anti vius updates (etc etc) in comparison with other Operating Systems, but that wasn't what made me throw Vista out and upgrade to XP.
It was the fact that I have a couple of "Vista capable" systems, all quite new and on each ot them it ran like a dog. It was the fact that there are so many services talking to the Web that I can never be quite sure one of them hasn't gone rogue and sends stuff it shouldn't send (and that's assuming MS itself didn't insert anything entertaining).
Hurray for less security problems. How about coding an OS that does NOT require more computing power than we used to send a man to the moon?
Flaws and security vulnerabilities are not the same thing.
Vista may not have as many security vulnerabilities as XP when it launched, but it certainly has more flaws. One of which is reduced usability.
Never, if they don't have to, of course. I'm thinking more about people who have some idea of what they're doing and what they want who end up with computers (mostly laptops) with an OS they don't want simply because that's all they could find.
Good, inexpensive web hosting
I'm doing it at her specific request. She got a new laptop with iCandy installed and tried using it. She's found it unusable. I don't know if she's tried turning off that stupid Cancel or Allow junque, but I do know she hates it. Besides, she's a professional costumer for The Industry and will be repairing a cape of mine in return, service I could never have afforded to pay for. I offered her Linux as an alternative, but she's familiar with XP, likes it and if that's what she wants, that's how I'm going to do it.
Good, inexpensive web hosting
It's simple math. Less people switching to Vista = less flaws! After all, had more people made the switch, they would have found more flaws and vulnerabilities. You really have to hand it to MicroSoft. Less really is more!
Carpe Scrotum - The only way to deal with your competition.
mission accomplished.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Doesn't a "new operating system" actually have to be new? The difference between Windows 3.1 and Windows2000 is the fact that they are different operating systems. I find it hard to believe the difference between Vista and XP are significant enough to be considered different operating system by anyone not in a marketing role. Unless that is the case then there should not be a comparison to Linux but a comparison to versions of Linux Distro's. ie Vista vs. Ubuntu6. IMHO one completely flawed and inept while the latter has flaws. Or better. Compare Windows phones to the iPhone. Windows phones have had several years to improve and are still utter crap. The iPhone is in its infancy and is stellar in comparison.
Having to work for a living is the root of all evil.
Wow, if true I will check out their products next purchase but I just looked at their site (Australia) and all products appear to come with....would you like to guess? Very difficult.... Vista!
I'm not saying anything is wrong with Vista but I would assume that there might be other operating systems that people would prefer, what is the difficulty of making the operating system an option? They already have the option of different versions of Vista, one option of no OS.
BM3
It's rumored that Exchange was based of Sendmail. Which (at least in part) explains why it's such a great piece of crapware. Disclaimer: I've never even worked with Exchange I'm just karma whoring.
Anyways, I guess it's the business people whining about OSS and the developers (or developer leads) who chose to include BSD code in the network stack. As such it might not be totally fair to call them hypocritites.
On Gentoo linux, with full xfce, qt3 qt4 and gtk+ libs, developer tools C++ boost libraries, IDE's (kdevelop, vim, netbeans..) etc, I get the following:
/usr/bin/ /usr/sbin/ /sbin/ /lib/ /usr/lib | wc -l
/usr/bin/ /usr/sbin/ /sbin/ /lib/ /usr/lib | wc -l
ls -l
4367
Just because I was bored, I also did:
ls -lR
32373
That is a recursive search through those directories, however that is probably meaningless.
In short, I'm not so sure you have a default install going there, though I could be wrong. What linux distro are you using for the comparison? I'm getting ~800 fewer packages, on what I consider to be a fully installed system, to your default install from an install CD.
All posts released under the GNU Free Documentation License
Saying Vista had fewer flaws in it's first year compared to XP's first year is kinda like saying a new Yugo car had fewer repairs in it's first year compared to my old Grand Prix did in it's first year. Maybe so but it's still is NOT a better car. Throw Vista in the NT3.51/ME bucket and go forward.
The worst for me is that after turning UAC off, it shows that little shield icon in my taskbar to tell me that UAC is turned off, as if this is some huge security breach. I turned it off for a reason! It was annoying me constantly and I just got tired of it. This is right up there with the thing that tells you there are unused icons on your desktop.
Power users certainly shouldn't be annoyed by UAC because a power user should configure the prompts to their liking.
Again, you can turn off indexing and other resource options if you need too. I first did Vista on a 4 year old AMD processor with 1024 and had no problems. A gig of RAM is like $40 right now. I don't see that as an issue. It's a new OS. That it requires somewhat modern hardware shouldn't be an issue. It's 6 of 1, 1/2 a dozen of another. Do you design an OS to run fine on older hardware and limit some features? Or do you design for more modern hardware with more features? No right or wrong in that one. But the resources needed to run Vista certainly get overstated.
I haven't had any issues with wireless, I'm on Vista right now through a wireless connection. And I don't get prompts for printing through a network printer.
Why would they need to ?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
This is a pretty important distinction that I feel is lost among a great majority of slashdot users, unfortunately. And maybe I'm inviting flamewar upon myself by saying this, but here it is.
If you have to trudge down into the depths of the registry, some ini file, or swap out a DLL to fix something, that does not mean you can write it off as trivial. I've mentioned this before. If your fix requires deep knowledge of the OS to fix something that ought to work to begin with, it's not fixed. You've found a workaround that an extreme minority of users (and, at least for Windows, I am not one of them) can execute successfully.
While you're all telnetting to port 80 to read slashdot, this dude's posting comments via carrier pigeon!
*ducks*
It has plenty of flaws. But since it's unusable for a lot of people, it's pretty invulnerable for them.
We refuse to use it here because the flaws we found made it way too expensive in time to maintain. They weren't what we think of as vulnerabilities, in that there was no likelihood of a security breach. It just plain didn't work right.
That is a good point, but it is not necessarily in contradiction to my point.
The number of "exploits" is the number of documented (and undocumented) security flaws *that have been taken advantage of* by black-hat writers of security-flaw exploiting code.
Exploiters (in my argument), will focus on the Operating Systems that are in the highest use (WinXP versus WinVista, for example).
Win98 has many many more security flaws and exploits than WinXP, but it is not in the highest usage and so Win98 is not the main focus of exploiters.
My point is that the writers of said exploiting code will focus their efforts on Operating Systems that are in the highest usage (like Windows XP).
Eventually the OS that has the highest usage will be WinVista (*or not*) in the future as WinXP falls out of favor for some OS in higher usage.
The number of Operating System security flaws that can be exploited is only one of several factors as to whether "Exploiters" write code to exploit 'flaws' in that given OS.
I say that if the OS is in the highest usage among the exploiter's targets, than that is the most important factor in determining the targeting of an OS for exploits.
Microsoft can claim WinVista has fewer exploits than WinXP in its first year, but WinXP was so similar to Win2k that many of the Win2k exploits were carried over AND therefore more people were using it and it was targeted.
WinVista will really be in trouble once someone cracks and "exploits" its DRM 'features'; But it is safe if most prefer WinXP or alternative OS choices.
pick one... security or convenience
Microsoft's Operating systems are evaluated based on compatibility. They are compatible with millions of software and hardware combinations unlike a MAC. Furthermore, Vista gets undeserved flak for the same reason. If a Vista customer only uses hardware and software "MADE FOR VISTA," then they will have ZERO problems. I have been using Vista for a year and have no issues. I am not a Microsoft fanboy, but the level of hatred towards MS is just not for the right reasons. It is a free country, so go market your favorite OS to become #1.
Has fewer flaws than Vista or XP, or even Linux.
It doesn't work as an operating system, but you could argue that neither does Vista. Which raises the question then, Vista has more flaws than most coffee mugs, can't be used to contain the delicious beverage, and doesn't work particularly well as an O/S.
What exactly are they trying to prove again?
I am government man, come from the government. The government has sent me. -- G.I.R.
Now of course it wasn't all that far back into last year, where M$ took retaliatory action against a individual how outed them for failing to fix a security fault in Vista. In fact M$ make it a standard procedure to keep these faults secret and will attempt retaliate against anyone who announces a security fault.
Got any links or proof?
The PDF breaks down the WinXP and Vista security slaws/patches, listing each number. It fails to treat competing OSs similarly, leading me to wonder why it does not.
I recall that my 10.4 install had a few patches for components that, while installed with the system, are not enabled by users. I'm thinking of things like Apache here, which is provided as a convenience to developers (and while it'll work fine, it's not meant to be used as a web server on consumer-grade hardware). It's not reasonable to include OS X components that have no equivalent in a Vista (or XP) install, don't install by default and are not meant for general use. I wonder if OpenOffice was included in the Linux patches.
We could see more detail about the specifics, to help or hinder my case, if the author provided the same details for non-MS OSs that he does for MS OSs!
You don't see any unix based os having so much cruft and other problems as windows has.
Really? Because there are a lot of things in Unix-based OSes that date back before even MS-DOS, let alone Windows.
Even hackers hate this OS.
Microsoft has finally done something right - produced an OS that no one can hack because no one wants to have it on their system at all.
We've always known the most secure Windows OS was one that was never turned on in the first place. Now Microsoft has gone one better - it will never be installed in the first place.
Way to go, Bill!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
A website wants to admit to a flaw on your computer.
This admission will happen outside Protected Mode. Protected Mode helps protect your computer. If you do not trust this flaw, do not admit to it.
-Allow- -Don't allow-
Did you bother to read the report? Within the Lnux distros given, Jones attempted to weed out things for which there was no direct equivalent in Vista. He admittedly wasn't 100% perfect in this attempt, but he does answer your question. Read the report.
You'll get it if your system doesn't have the proper print driver and needs to pull it from the print server. A print server with malicious drivers is very obscure and little considered way of hacking. A major company I known got stung this way, when an admin user connected to an untrusted windows print server which provided a nice custom set of unsigned print drivers to the client computer.
Obvious Spin.
Come on. I'll believe it when I see it from an independant source.
Why does everyone get excited when Microsoft blows their own horn? Nobody really believes them and certainly nobody really cares. I prefer the era where Steve Ballmer was throwing chairs through the wall and swearing to bury Google. At least we could believe that. Speaking of, hows that going Steve?
Help stamp out iliturcy.
Brand new laptop. Vista Home Basic, which has no eye candy. No software installed, other than AVG antivirus, which is the lightest resident antivirus that I know of, and basic Acer stuff, which is minuscule compared to all the other laptop manufacturers. I think they have two programs that run, and they're both pretty lightweight.
Anyway, Sempron something or other, with a Gig of memory, which runs XP like lightning, and this thing takes damn near 10 minutes to boot and log in with Vista. It looks like it should be ready much sooner than that, but for the first several minutes after logging in, the power light and the hard drive light are basically twins. That is, both on solid. As such, the machine is completely unusable until it's finally finished doing whatever the hell it is that Vista does for 5 or so minutes after you log in.
"City hall" in German is "Rathaus" Kinda explains a few things......
What I did find truly hilarious in a twisted kind of logic way on the M$ web site, is the marketing yarn the Linux is more insecure than windows because the discovery of a security flaw coincides with the disclosure of a security flaw in Linux and as such windows is more secure because the discovery of a security is kept secret and not disclosed prior to the fix (apart from of course the bunch of flaws where the discoverers have refused to join M$ in it's marketing lie). http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint060904.mspx
Chaos - everything, everywhere, everywhen
We get it -- you love Vista. You think it's the most secure and reliable operating system ever. You think it runs great on your 1GHz test system.
The problem you're having is there aren't that many newbies here. Most of these people have tried Vista. Which brings me to the cupholder problem.
I won't go over the apocryphal broken cupholder issue we've all read online a hundred times.
Are you sure this isn't the Vista you've been running all along? That would explain a lot.
Help stamp out iliturcy.
And why is it hypocritical for MS to borrow code that the BSD folks told them they're free to use?
Obviously there's nothing technically wrong with it. But Microsoft does always say that "open source is evil," "open source is a poor business model," "open source is something that you should be afraid of because of the licensing implications." MS' marketing departments pretty much condemn any open source license, whether it's BSD, GNU, Apple, Sun, whatever, for these reasons. Kind of funny that the left hand was using them while the mouth said they were horrible...
Reid
The Right Reverend K. Reid Wightman,
look for them you bloody self
Which is shorthand for "I don't have any I'm proud enough to link.", I think.
Why would anyone judge a product's security reliabilty based on statistics or statements released by the same company? Frankly, I don't care what MS, Apple or anyone say about thier own products statistically, especially when they compare it to other products out there.
Disagree...through group policy you can change the update server.
what is so hypocritical about using completely freely licensed code in a product like windows? more and more I get the feeling that the bsd license people just want to claim superiority over gpl while still expecting to be treated like they were using copyleft. not saying that the parent is one of them or that gpl is better than bsd-style licenses, just making a note for myself
Deus est fatalis
In other news, Coca-Cola just released a press statement to the effect that Coca-Cola is cheaper, and tastes better, than other leading soda brands.
Hello dick ass mod.
/. about Vista is made up. Mine was in that other 10%.
A troll is someone that posts crap just to inflame. Not someone who posts the results of their actual hands on experience.
Grow the fuck up. 90% of the crap I read here on
Yes, plenty of things that are old, but something just being old does not qualify it as cruft...
By cruft, i mean something that is now deprecated because it was flawed, but is still maintained for backwards compatibility. I'm talking about things like lanman encryption, old versions of directx (i hear the latest versions include all the previous apis in addition to the new ones), and the multiple copies of winsock you get on windows nowadays.
Unix has many things which are old, but are still actively used.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Yes, VMS was a perfectly good design, as was NT to start with...
It's all the cruft they tacked on afterwards that makes it the nasty over complicated mess that it is.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Cleaner yes, because the original design wasn't so flawed and thus doesn't need as many "layers of hacks" as you put it..
Unix is not hugely different from how it was 20 years ago, windows is wildly different but still tries to maintain compatibility with it's crufty past.
There's no reason a design can't continue to be useful for 20 or more years, if it was designed well in the first place.
A lot of modern unix apps can be compiled on very old unixes with little or no difficulty, some people still maintain repositories of packages ported to platforms like AMIX (commodore amiga unix, the core os of which hasnt been updated since 1993).
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Microsoft depend on backwards compatibility, a significant proportion of their users actively dislike their products but are forced to use them for compatibility with crufty old apps. If they were forced to forego that compatibility and/or run a virtual machine for their crufty old apps, they're likely to use the opportunity to break their dependence on microsoft.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I think my current guess is closer to the truth than that. If what you say is true, I've read your work. There was some really elegant work in there. Continuing on the "if it's true" theme: you are in a position to know that in 1992 Windows NT 3.5 achieved usability and multitasking parity with the System V which had been released only nine years prior. Three notable differences being NT's impossibly complex security model, Unix's much higher price and the unambiguity of the licensing.
After Microsoft decided to recruit Unix and VMS wizards to emulate these platforms for their New Technology kernel, but two years before the release of NT 3.5 (about the same time they were knifing their IBM lovechild OS/2), USL sued BSDi and eventually the Regents of the University of California. You know all this -- I'm going over it for the crowd that isn't even going to go back to a thread this old. Just after the release of NT3.5 the Regents settled, agreeing to be paid a huge amount of money and being allowed to continue doing what they had always done with Unix. The only catch was that the terms of the settlement would remain secret essentially clouding ownership of Unix in a way that is eerily similar to many Microsoft tactics since then including the SCO case that brought light to this dark bit of history. If it had not been for this disastrous settlement I think by now there would be neither Windows nor Linux.
I'll bet playing on BSD back before the lawyers started peeing in the pool was a lot of fun -- afterward, not so much. I have wondered for many years if Microsoft pulled a BayStar here long before we had a name to stick to the tactic. You know the rest: Ransom Love's hubris drove him to buy Unix with the hope of releasing it as open source after his IPO went huge. Not only did he mangle the deal, but the deal he wanted didn't exist because the rights he wanted had already been licensed away in ways that could not be retrieved. Fast forward 15 years and Microsoft technology is now falling behind the fully vetted and totally open product of a Finnish college student who just wanted to create something for "just a hobby, won't be big and professional".
Don't get me wrong: although I dislike what Microsoft has done with their market dominance I am mindful that what IBM had planned for us with their Planar Boards and MCA was far worse. The pity is that they could do far better if their goal was only to release an excellent product.
No most people here prefer XP to Vista. Only a vocal minority prefer open source solutions and even they are schismatic. We know that when the issue is XP or Vista we already have tons of stuff for XP, we've learned to secure XP. We have learned to deploy, update and service XP. Our customers are used to XP and absent a compelling feature in Vista the cost benefit analysis comes down in favor of not re-architecting our entire environments just to suit Microsoft.
Help stamp out iliturcy.