Microsoft Says Vista Has the Fewest Flaws

ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."

Vista is killing our company

Right now, I'm working under a really dumb sysadmin. This guy makes the company overspend at every turn. He had us upgrade to XP when it came out. He talked the company into replacing every desktop with brand new machines to run Windows Vista Premium. I tried to tell management this was a bad idea, but they trust him more because he has been there a lot longer than me. Our company is laying off more workers next month to cope with high expenses. NT4 or OpenBSD are all you need.

I am getting my resume ready for a job out side of Maine. The businesspeople here have been making incredibly stupid decisions. I know when pragmatic and frugal IT management isn't wanted.

Sysadmins that talk management into upgrading to Vista on machines that only run a DOS-based CRM system are scum.

Re:Fewest Users = Fewest Flaws

[murrdpirate]

Although Vista is doing comparatively worse than XP due to the fivefold increase in PC sales between their respective first years, the total Vista sales are higher, so there should be more people finding flaws. Unless that many people buy a preloaded vista PC and upgrade to XP....

Re:Fewest Users = Fewest Flaws

[I'm+Don+Giovanni]

Two points here:
1. Slashdotters have maintained for years that userbase size has(almost) no relation to the number of exploits an OS gets. MS fanboys would claim that OSX and Linux had fewer exploits because they had a much smaller userbase, and they'd be ripped to shreds by slashdotters that would accuse them of engaging in logical fallacy. Your statement that Vista has fewer flaws because it has fewer users goes directly against long held slashdot doctrine. And yet other slashdotters appear to be agreeing with you, which raises the question of just how closely slashdotters held that doctrine. Seems it was only a closely held belief when needed to defend OSX and Linux from MS fanboys.

2. Your premise is wrong anyway. The report says that Vista has fewer flaws in its first year than did XP, some version of Red Hat, and OSX 10.4 did in their first years (and it's not even close). But Vista actually has MORE users in its first year than all of those OSes did in their first years (and has more users than OSX and Red Hat, period). XP had a greater userbase percentage in its first year, but fewer actual users because the number of computers was 5 times smaller back when XP was released.

Incidentally, Here are some Dec 2007 OS userbase share stats according to web hits:
XP: 76.9%
Vista: 10.5%
OSX: 7.3%
Linux: 0.6%

Re:Methodology has issues

[FurryWhale]

Most Linux distros have a lot more software and contain more lines of code than Windows. Therefore, you'd expect more flaws in something like Ubuntu or RHEL.

The report is available here, and states that the comparison specifically excludes components from Red Hat such as server components, gimp, OpenOffice, etc:

Red Hat and other Linux distribution vendors add value to their workstation distributions by including and supporting many applications that don't have a comparable component on a Microsoft Windows operating system. It is a common objection to any Windows and Linux comparison that counting the "optional" applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS. In short, I install a rhel4ws computer and: I excluded any component that is not installed by default, which includes all optional "server" components that ship with rhel4ws. I additionally excluded text-internet, graphics (the gimp stuff) and office (OpenOffice) and Development Tools (gcc, etc) installation groups. I used the rpm command to list out all packages that get installed and used that package list to filter vulnerabilities for inclusion. This process results in a Gnome-windows workstation that includes standard system management tools, Firefox for browsing, sound and video support, but excludes all server packages, as well as OpenOffice and other optional stuff that a Windows system wouldn't have by default.

It'd be nice if it listed the exact components installed on Red Hat, but at least it attempts to cull the component set to something more reasonable for comparison.

Re:Bad metric

[nguy]

Vista also automatically drops reports of problems directly to Microsoft, and isn't dependant on users to supply bug reports or problems like OS X, so when problems occur, MS usually knows before the users or the makers of the software that is causing problmes.

Security problems are not bugs that an automatic bug reporter reports. Neither, for that matter, can automatic bug reporters report usability problems. You're also making the false assumption that Microsoft honestly reports all the bugs they discover. For most of the reports, they probably don't even bother tracking it down. For the ones that they do track down, we already know that if they can fix it quietly and lie about it, they do.

For me, Vista is about as good as XP in terms of applications crashing and BSOD. But Vista usability and security are a nightmare, and no bug statistics are going to tell you that. Vista is a software disaster.

Re:Methodology has issues

[tsotha]

The author of the article was making a kernel-to-kernel comparison. If the Linux kernel contains more lines of code, it probably contains more bugs. But that doesn't mean it should contain more lines of code.

Re:Fewest Users = Fewest Flaws

[fishyfool]

Doesn't work. I've been having difficulty with wireless usb lan devices. I turn off the power management, and they still lose connection. but only when the user is logged off for ten minutes or more. when they log back on, the network refuses to reconnect. you must either reboot, or physically disconnect the usb lan device and then reconnect it. plugging the lan device into a powered usb hub doesn't help. I tried the hotfix for this issue, but no joy. the only fix that works is to not log off the machine.

Re:Bad metric

[Ajehals]

nobody has a desktop farm, after all Someone isn't thinking. What about large companies and other organisations that have 100,000's of desktop computers, one for each employee? Sure they have a data-centre somewhere to support it, but there is not going to be anything close to a 1:1 ration between servers and clients, 1:100 is probably closer). There may not be a common term like 'server farm' to refer to a huge mass of PC's but that is in effect what any large (and even small) company with IT systems is. Server's (and in this case we are talking about machines in server roles, not server spec hardware) by definition provide a service to other 'non server' computers, there should (and are IMHO) more of the latter than the former.

Re:Bad metric

[TheNetAvenger]

Security problems are not bugs that an automatic bug reporter reports. Neither, for that matter, can automatic bug reporters report usability problems. You're also making the false assumption that Microsoft honestly reports all the bugs they discover.

Ok, this is also false.

1) Some of the error reports, bugs, and problems are very much security related incidents, as crashing or exploitable code gets sent back to Microsoft. Defender also reports back spyware or attempts to hijack the OS via exploits and even social engineering.

2) There is also a certain level of usability reports that go back to Microsoft. The reporting system in Vista is also more robust than I think you assume, when a user encounters a problem or something doesn't work the way they think it should, help pops up, goes online to find more information, and reports back to Microsoft if the information helped, and if the user was able to do what they wanted. Help is also dynamic and changes to be more and more usable to users based on this feedback, unitl changes are made to the OS.

If you ever used Vista for more than 10 minutes, this is stuff you would know.

As for Microsoft being honest about problems, it would be insane for Micorosft to know that users are having trouble with XYZ and not address XYZ, this is why UAC and other changes have been made via Vista updates over the past year and many other 'USABILITY' items are included in SP1. Even small things like 'wording' on the start menu is changed because of reported user confusion that was reported via the Vista automated Help system.

But Vista usability and security are a nightmare

Vista is more secure than XP at this point, browsing via IE7 is more secure than any other browser on any other platform via the sandboxing protected mode, etc. Vista has had NO specific exploits or in the wild viruses, and it already is bypassed the userbase of all Macs ever shipped, so the 'off the radar' argument can't be used.

The security argument just doesn't work anymore with Vista. It hasn't worked well against Windows since SP2 of XP or Windows 2003, and Vista is a notch above them in terms of security and yes even outdoing OS X and OpenBSD.

As for usability, you are either dated in how you use computers, or unable to grasp new concepts that unforged users adapt to better than the old concepts geeks get use to. If you are using Vista like FileManager of Win3.1 days, then ya, usability in Vista sucks, if you use Vista like Vista then usability is 10x XP and previous versions.

This is just like the Office 2007 arguments, everyone thought it would tank, yet BUSINESS is very happy with it, and users adapt to it easily, even though it, 'LIKE VISTA,' has moved more to a docucentric approach that eliminates old GUI constructs like Menus. And Menus are basically bolted on concepts from textual days to get more commands onscreen in a GUI that Xerox and Apple could not over come in moving to a Graphic interface.

Think about it, how come the most known OS for its GUI and GUI origins (OS X) still uses 'lists of words(menus)' as it primary interface to features and functions? Yet the OS you are making fun of, has gotten past this dated usability concept where Apple has failed.

This is not something you should honestly be slamming Vista over, as MS is pushing new GUI and UI constructs forward beyond what OSX and the industry has seen. A Vista user, especially a newb or professional that isn't stuck in thinking in terms of FileManager concepts, can run circles around XP and OS X users. XP and even Win95 had docucentric underpinnings that have never been fully taken advantage of, and Vista up the ante a bit by pushing them forward.

Here is a quick test if you are old school or slow on usability - Do you mainly use Save and Open Dialog boxes in your daily work? If you 'get it' you would hardly ever even see or use an Open or Save dialog box unless you were renaming something from inside the application or exporting. PERIOD. (Here is a hint, Right Click - Select NEW - Select the Document/Graphic you are creating - Name the freaking Document where it is created. Never use old dialogs again to open documents again.)

Re:Fewest Admitters = Fewest Flaws

[tha_mink]

I'm sure most people do. However, it's still hard to find new laptops without a pre-installed OS. Also, I know there are people buying computers with iCandy installed and replacing it with XP; I'm going to be doing exactly that for a friend later this week. Then you, my friend, are doing your friend a great disservice. I've been running Vista for about a year now, and once I turned off the "Cancel or Allow" annoyance, I've been very happy with the OS. I also run Ubuntu and compiz and I have to say, I've had no problems with either OS. I know Vista is supposed be be a total piece of shit, but I've loved it. To me, it's much more usable than XP. I've been surprised that it's gotten such a bad rap. To me, all that is just FUD.

Re:Fewest Admitters = Fewest Flaws

[petermgreen]

how many people who run linux do you think are stupid enough to buy vista then uninstall it? why does everyone pretend the white box market doesn't exist?
Having used the cheap whitebox market in the past i'm very reluctant to do so again.

Afaict cheap big brand boxes are cheap because of economies of scale, carefull planning and probablly some loss leadership and crapware bundling income.

Cheap whiteboxes are cheap because they bought whatever shit was cheapest that week and stuffed it in a box with little to no integration testing and no consideration of what brands are reliable at all.

Re:Fewest Admitters = Fewest Flaws

[Tsagadai]

Pay attention to the very important point that Red Hat uses different metrics to Microsoft. Watch this video at redhatmagazine.comand don't compare apples to oranges.

Re:mod parent up

[MrMonroe]

The anti-Vista slashdot zombies have very poor memory, it appears. They do not recall when every single on of their programs failed when they moved into XP. Just another /. reader who's been running Vista Premium 64 rock solid for two months and getting sick of the pointless bashing.