Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Vista Has the Fewest Flaws

Posted by samzenpus on from the eye-of-the-beholder dept.

ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."

3 of 548 comments (clear)

  1. Re:Fewest Users = Fewest Flaws by I'm+Don+Giovanni · · Score: 4, Informative

    Two points here:
    1. Slashdotters have maintained for years that userbase size has(almost) no relation to the number of exploits an OS gets. MS fanboys would claim that OSX and Linux had fewer exploits because they had a much smaller userbase, and they'd be ripped to shreds by slashdotters that would accuse them of engaging in logical fallacy. Your statement that Vista has fewer flaws because it has fewer users goes directly against long held slashdot doctrine. And yet other slashdotters appear to be agreeing with you, which raises the question of just how closely slashdotters held that doctrine. Seems it was only a closely held belief when needed to defend OSX and Linux from MS fanboys.

    2. Your premise is wrong anyway. The report says that Vista has fewer flaws in its first year than did XP, some version of Red Hat, and OSX 10.4 did in their first years (and it's not even close). But Vista actually has MORE users in its first year than all of those OSes did in their first years (and has more users than OSX and Red Hat, period). XP had a greater userbase percentage in its first year, but fewer actual users because the number of computers was 5 times smaller back when XP was released.

    Incidentally, Here are some Dec 2007 OS userbase share stats according to web hits:
    XP: 76.9%
    Vista: 10.5%
    OSX: 7.3%
    Linux: 0.6%

    --
    -- "I never gave these stories much credence." - HAL 9000
  2. Re:Methodology has issues by FurryWhale · · Score: 5, Informative

    Most Linux distros have a lot more software and contain more lines of code than Windows. Therefore, you'd expect more flaws in something like Ubuntu or RHEL.

    The report is available here, and states that the comparison specifically excludes components from Red Hat such as server components, gimp, OpenOffice, etc:

    Red Hat and other Linux distribution vendors add value to their workstation distributions by including and supporting many applications that don't have a comparable component on a Microsoft Windows operating system. It is a common objection to any Windows and Linux comparison that counting the "optional" applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS. In short, I install a rhel4ws computer and: I excluded any component that is not installed by default, which includes all optional "server" components that ship with rhel4ws. I additionally excluded text-internet, graphics (the gimp stuff) and office (OpenOffice) and Development Tools (gcc, etc) installation groups. I used the rpm command to list out all packages that get installed and used that package list to filter vulnerabilities for inclusion. This process results in a Gnome-windows workstation that includes standard system management tools, Firefox for browsing, sound and video support, but excludes all server packages, as well as OpenOffice and other optional stuff that a Windows system wouldn't have by default.

    It'd be nice if it listed the exact components installed on Red Hat, but at least it attempts to cull the component set to something more reasonable for comparison.

  3. Re:Bad metric by nguy · · Score: 4, Informative

    Vista also automatically drops reports of problems directly to Microsoft, and isn't dependant on users to supply bug reports or problems like OS X, so when problems occur, MS usually knows before the users or the makers of the software that is causing problmes.

    Security problems are not bugs that an automatic bug reporter reports. Neither, for that matter, can automatic bug reporters report usability problems. You're also making the false assumption that Microsoft honestly reports all the bugs they discover. For most of the reports, they probably don't even bother tracking it down. For the ones that they do track down, we already know that if they can fix it quietly and lie about it, they do.

    For me, Vista is about as good as XP in terms of applications crashing and BSOD. But Vista usability and security are a nightmare, and no bug statistics are going to tell you that. Vista is a software disaster.