Slashdot Mirror
Microsoft Says Vista Has the Fewest Flaws
ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."
Is this via support calls or just little modal dialog boxes that people are tired of clicking "send" on? Or are they filtering out things they've already encountered in XP? Statistics are a great aid to the common lie.
Do not mock my vision of impractical footwear
It has the fewest flaws found because it has the fewest amount of people admitting to them
Parent has it exactly right. This is likely another statistical half-truth. Tell us % of users reporting flaws and let's compare that to XP's first year.
For the last time, you just can't add up the number of vulnerabilities in separate products from different authors and expect to glean any meaningful information from numerology thereon. This is especially true when contrasting one closed-source product from a vendor with questionable security reporting practices (say, Windows), and an open-source product where every single flaw of any level of significance is public knowledge (say, Ubuntu Linux).
I'm tired of seeing such claims about vulnerability tallies parroted in Slashdot summaries without the least bit of skepticism regarding their relevance. This sort of thing has already been debunked a million times over on this site. Come on, editors, a little quality control would be nice...
Could the reason there are fewer exploits in the first year of Vista (Verses XP) be due to the fact that it has a reluctant adoption rate bu users and the OS exploiters are likely focusing their efforts on current Operating Systems that are more stable, known, and in higher use.
Give it time...
Besides, now that Microsoft has set 2009 for the new "Windows 7" release target date, it seems that Vista may be the new short-lived 'Windows Me'.
I think that is a silly measure of bugginess. Not only does the number of flaws reported being less reflect lower usage of Vista, it also likely says the the reporting system is difficult to work with. If anything, I think the fact that the non-Windows systems have a higher number of flaws reported indicates that they have easier-to-use bug reporting systems. The correct way to measure statistics on things like this is either to have a third party subject them to a standardized battery of tests (indicating actual security levels) or to measure the ratio of bugs fixed to total bugs reported (indicating the development team's ability to correct reported flaws quickly).
Tomato wedge sperm darts that are Republican.
And how many installs are on new machines, where the buyer had no choice? How many of those forced installs have been wiped out by now and replaced by XP, 2K or Linux?
Good, inexpensive web hosting
How many of those were kernel patches, and how many were related to other applications?
Ignore this signature. By order.
Reminds me of a quote - "Statistics are like humans. Torture them enough and you can make them admit anything you want".
I'm much more funny, interesting and insightful than the moderators think
I think the GP wasn't talking about the kernels. Linux distros simply distribute much much more software than comes with your average proprietary OS.
Most will issue a security advisory when there's a bug in apache, mysql, postgres, sqlite or all of these types of things. Microsoft doesn't issue an advisory about a bug in Oracle. On Linux, the distros take responsibility for a much much wider range of software than Microsoft does on their platforms.
I touch computers in naughty places
Might be a rewrite but chances are you either had the same people rewriting it, or at the very least the same mindset/corporate culture/etc. rewriting it, so it probably didn't end up all that different (based on results this looks pretty likely).
Some people have posted this on Slashdot. To maintain that there is a single "Slashdotter" point of view is just a straw man. For ANY point of view you can find hundreds of posts by "Slashdotters" supporting OR contradicting it.
MY PERSONAL point of view is that the statistics presented are suspicious. Previous MS press releases (aka "independent reports") have counted the same error multiple time, have counted bugs in applications bundled with Linux against OS bugs in Windows, etc.
That's not a fix, that's workaround. The functionality remains broken, no?
Where are you drivers in linux? Where do you download them? Why you don't, they are IN THE KERNEL!
So Linux "The kernel" does a lot more then MS does with its core OS because MS still asks you to download a ton of drivers. This is part of their strategy, it allows them to shift blame to the driver instead of their OS. If you really got a problem with MS software and actually have some support (check your MS license, you pay for the software, there is no support) then your first job will be to convince them the bug lies with them and not some combo of drivers that you had to install.
That is why these MS reports are so silly, you really can't compare the two "distro's". MS Vista does far less then a Linux based distro like Ubuntu BUT they don't have a bare kernel they distribute but even if it did it does far less then the linux kernel.
So what are you comparing?
Also not that security bugs in Vista affect EVERY vista user because all the installs are the same. A linux distro bug in PHP affects only those who use PHP on their linux distro. MS funded research has in the past made lists of security bugs in linux where they counted the same bug multiple times for each distro it was in. That is kinda like saying "Just look at our competitors cars, they made 1 million of them and 1000 of them had the same fault. Meanwhile our 1 model has just one fault, the brakes don't work. We are BEST!"
MS, FUD at its best.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Again, a ridiculous comparison based on reported security holes...
Microsoft are in the best position to find holes in vista, having the source code. They have no incentive to report them, and will just fix them silently. OSX is in the same boat but to a lesser degree, and with ubuntu/redhat all the issues will make it into the public domain. The only vista issues which make it public, are ones discovered by third parties, which are probably less than the number found internally because internal developers have access to the source, access to the original devs and a more intimate knowledge of the inner workings.
Then you have to consider functionality, vista comes with one web fairly old web browser, one mail client, a rudimentary text editor, a single-protocol im client, a trivial drawing program, a simple media player with a small number of codecs and a few very simple games... Ubuntu/RHEL come with multi protocol im clients, a full office suite, a larger number of slightly less simple games, a larger and more capable set of networking tools, scanner software, fully capable drawing software, a much larger set of hardware drivers bundled by default, and lots more besides...
It's like trying to compare the rudimentary "peoples cars" produced in the former USSR, with only rudimentary features and a largely hidden safety record, to the luxury cars being produced in the west around the same time... Try comparing a Zaporozhet to something like an E-type Jaguar.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
And also, how many of these were patches for applications that vista doesn't ship with an equivalent of?
And how many of these patched flaws were discovered by the developers of those applications? Which in RH's case means the issue is published, but in MS's case would not be published.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's what I think this is all about. Microsoft can publish whatever number they want as the number of "vulnerabilities" to make itself out as the "good guy" while distributions of Linux put it all on the pavement so everyone can see what has been fixed or will be soon.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Congratulations on not being a bigot and actually thinking about what you write. In the tiresome ocean of "Of course, Vista don't have any users" comments, "You can't trust statisticz" comments, "Microsoft is comparing Apples (no pun intended) to Oranges" comments and the obligatory "Linux has more code" remark, your balanced appraisal of the situation is refreshing.
It's a shame that I haven't bothered to find out how the moderation system works yet, otherwise my praise to you, Sir, would be in hard karma currency.
This contrasts significantly with the majority Windows user base, most people are first greeted by Windows because their computer came with it pre-installed.. They generally don't know much about programming and certainly aren't responsible for programming the operating system they're using. They buy software which they learn just well enough to get by; But there are also many Windows users who are quite savvy.. and many of those have downgraded to the arguably more suitable Windows XP OS.
So even though Microsoft can easily cook the numbers. Let's look at a few more realities. In the world of open source, there is no hiding your vulnerability tally - because everyone sees the code and can check it. There is no such thing as the creative multiple patching of entire subsystems which are counted as a sole vulnerability. Which is very easy to do when you hide your source code from the public.
Microsoft is a company who has a real marketing benefit for showing (read: or pretending) that the overall number of vulnerabilities is lower over the first year. When this creative-counting is already under scrutiny, as there is no held standard for counting vulnerabilities and there is especially no transparency in how Microsoft validate what is a serious vulnerability and what is not.
Now since Windows recycles so much code, you can also argue that of course Vista would have less vulnerabilities than XP, after all the entry-level security bugs should all be caught by now, with only newer features having the baptism of fire. This is why userbase makes a difference.
Also webhit tallies from a particular research service provider are useless, as linux machines tend to power the web - and not surf it. (When you're powering a website, e.g. banking, you are more concerned about vulnerabilities than say a mother who just bought her family a computer. So in this example - coders are actively looking for bugs, go figure they find more - that's what happens when you look for something.)
Finally slashdotters do argue that exploits are targetted at larger OS market shares (naturally they want the largest possible penetration.) They don't however say that the bug count is similarly controlled: Bugs found = number of unfound bugs * proficiency of the people looking for them.
Also your figures for computer adoption are incorrectly used. (as was most of your data - you tend to convey more from the data than what it factually states.)
Power users will be annoyed with UAC right from the start. It's okay if it asked only for deep system changes, but printing to a network printer? I'd like to see a poll of how many people still have UAC enabled.
Vista needs some serious horsepower whether you have the eyecandy enabled or not. The eye candy causes a big increase, but I had to upgrade my machine's 1GB of RAM to reach a reasonable level of performance even with Aero turned off, in order to run any intensive apps like Eclipse or Photoshop.
Just you wait until you buy that fancy new Blu-ray drive only to discover that Windows refuses to output DRM'd HD video to your monitor because it has no HDCP support. Vista has DRM that reaches deep into the subsystem, and when companies begin to take advantage of those features (by flagging Windows Media files appropriately), I bet you'll be surprised at what Vista refuses to let you do.
I use Vista at work because my laptop came with it, and if I could start over again I'd wipe it and go with XP. The wireless behavior is terrible, NetBIOS-based file shares are still spotty, the file explorer refuses to remember my preferences, files sometimes end up mysteriously undeleteable, and the new Minesweeper sucks. Windows 2000 people were against XP when it came out, but most folks came around and XP is now one of Microsoft's most solid operating systems. Vista is receiving much more flak than XP ever did, and while it might end up improving in the end, the negative press has left a pretty big scar.