Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Vista Has the Fewest Flaws

Posted by samzenpus on from the eye-of-the-beholder dept.

ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."

6 of 548 comments (clear)

  1. How are they logged? by Nefarious+Wheel · · Score: 5, Insightful

    Is this via support calls or just little modal dialog boxes that people are tired of clicking "send" on? Or are they filtering out things they've already encountered in XP? Statistics are a great aid to the common lie.

    --
    Do not mock my vision of impractical footwear
  2. Absolute flaws reported doesn't work by arotenbe · · Score: 5, Insightful

    I think that is a silly measure of bugginess. Not only does the number of flaws reported being less reflect lower usage of Vista, it also likely says the the reporting system is difficult to work with. If anything, I think the fact that the non-Windows systems have a higher number of flaws reported indicates that they have easier-to-use bug reporting systems. The correct way to measure statistics on things like this is either to have a third party subject them to a standardized battery of tests (indicating actual security levels) or to measure the ratio of bugs fixed to total bugs reported (indicating the development team's ability to correct reported flaws quickly).

    --
    Tomato wedge sperm darts that are Republican.
  3. Re:Fewest Admitters = Fewest Flaws by cp.tar · · Score: 5, Insightful

    How many of those were kernel patches, and how many were related to other applications?

    --
    Ignore this signature. By order.
  4. Statistics by wannabgeek · · Score: 5, Insightful

    Reminds me of a quote - "Statistics are like humans. Torture them enough and you can make them admit anything you want".

    --
    I'm much more funny, interesting and insightful than the moderators think
  5. Re:Fewest Users = Fewest Flaws by Andrzej+Sawicki · · Score: 5, Insightful

    That's not a fix, that's workaround. The functionality remains broken, no?

  6. Re:Fewest Users = Fewest Flaws by catwh0re · · Score: 5, Insightful
    Let's look at linux, OSX and a few of the other open source based operating systems. All of these systems share a bit of code. So when a bug is found, it's a plus 1 for each of these operating systems. Bugs are found because between all of these operating systems, there is quite a high aggregate number of users(it's pretty stupid to count them as completely separate install bases) - many of these users fit well into the venn diagram for: IT informed & technical persons who are able to find such flaws and bugs in software.

    This contrasts significantly with the majority Windows user base, most people are first greeted by Windows because their computer came with it pre-installed.. They generally don't know much about programming and certainly aren't responsible for programming the operating system they're using. They buy software which they learn just well enough to get by; But there are also many Windows users who are quite savvy.. and many of those have downgraded to the arguably more suitable Windows XP OS.

    So even though Microsoft can easily cook the numbers. Let's look at a few more realities. In the world of open source, there is no hiding your vulnerability tally - because everyone sees the code and can check it. There is no such thing as the creative multiple patching of entire subsystems which are counted as a sole vulnerability. Which is very easy to do when you hide your source code from the public.

    Microsoft is a company who has a real marketing benefit for showing (read: or pretending) that the overall number of vulnerabilities is lower over the first year. When this creative-counting is already under scrutiny, as there is no held standard for counting vulnerabilities and there is especially no transparency in how Microsoft validate what is a serious vulnerability and what is not.

    Now since Windows recycles so much code, you can also argue that of course Vista would have less vulnerabilities than XP, after all the entry-level security bugs should all be caught by now, with only newer features having the baptism of fire. This is why userbase makes a difference.

    Also webhit tallies from a particular research service provider are useless, as linux machines tend to power the web - and not surf it. (When you're powering a website, e.g. banking, you are more concerned about vulnerabilities than say a mother who just bought her family a computer. So in this example - coders are actively looking for bugs, go figure they find more - that's what happens when you look for something.)

    Finally slashdotters do argue that exploits are targetted at larger OS market shares (naturally they want the largest possible penetration.) They don't however say that the bug count is similarly controlled: Bugs found = number of unfound bugs * proficiency of the people looking for them.

    Also your figures for computer adoption are incorrectly used. (as was most of your data - you tend to convey more from the data than what it factually states.)