So here we sit, 5-months after the consumer launch of Vista and 7-months after the commercial/business launch. Seeing that security is an important aspect in many people’s lives, Jeff Jones decided to see how Vista stacked up more than 6-months after its release. Before I get into anything it is probably important to note that Jeff is the Security Strategy Director for Microsoft’s Trustworthy Computing group, which might affect how you look at these results.

The chart below shows the number of high severity vulnerabilities found in some common operating systems during the first 6-months of the release. Jeff decided to not include the vulnerabilities for third-party applications that are commonly included with Linux, such as OpenOffice and Gimp. Here are the results:

Vista Vulnerability

Here is a look at the first 6-months of the operating systems in the chart:

  • Vista: 12 vulnerabilities fixed and 10 were high severity.
  • XP: 36 vulnerabilities fixed and 23 were high severity.
  • Red Hat Enterprise: 214 vulnerabilities fixed and 62 were high severity.
  • Ubuntu 6.06: 74 vulnerabilities fixed and 28 were high severity.
  • Novell SLED10: 123 vulnerabilities fixed and 44 were high severity.
  • Mac OS X 10.4: 60 vulnerabilities fixed and 18 were high severity.

While that chart flatters Vista for having just one high severity vulnerability unpatched, it also doesn’t tell the whole truth. At the end of the 6-month period in XP there were only three unpatched vulnerabilities (over all severities), Ubuntu had 11 unpatched, and Vista sits with 15 unpatched. So in terms of fixing the high severity vulnerabilities Microsoft is really on top of it, but what about the other 15 vulnerabilities that are still out there?

Not only that, but 5 of the 12 vulnerabilities that they fixed were for Internet Explorer, so anyone not using that as their browser is already a lot safer! Time to go get Firefox or Opera… :)

Another interesting fact is that over the last month 91% of our visitors have been using Windows. Breaking it down even further shows that only 15% are using Vista and 73% are using XP, which leads to another obvious question. Not enough people have made the upgrade to Vista yet, so why would the hardcore hackers target that operating system? At this point it isn’t really worth their time.

Source: PC World

Props to CoryC for the tip

There Are 6 Comments

  1. What I think what is most important here is that Linux is touted as a very secure OS but as you can see Red Hat Enterprise had 214 vulnerabilities and 62 were high severity. OUCH! Lets say that out loud; TWO-HUNDRED-FOURTEEN vulnerabilities! That’s huge.

    Does anyone know that last time Microsoft had 214 vulnerabilities for a production application? I know that there have been Services Packs that have fixed over 500 bugs although they were not security related.

  2. 1. Create your own proprietary OS.
    2. Only allow your own employees or people with NDA’s/Contracts to the source code.
    3. Have Microsoft funded people perform security testing of their own OS.
    4. Don’t pay attention to your own testers and mark vulnerabilities as fixed or NA.
    5. Don’t bother to put unresearched vulnerabilities int your reports.
    6. FUD.
    7. Profit.

  3. CoryC wrote:
    What I think what is most important here is that Linux is touted as a very secure OS but as you can see Red Hat Enterprise had 214 vulnerabilities and 62 were high severity. OUCH! Lets say that out loud; TWO-HUNDRED-FOURTEEN vulnerabilities! That’s huge.

    Does anyone know that last time Microsoft had 214 vulnerabilities for a production application? I know that there have been Services Packs that have fixed over 500 bugs although they were not security related.

    I was wondering about that as well, but then it also makes you wonder how fast some of these were fixed. I mean out of those 62 that were high severity for Red Hat, how long did it take for them to fix those?

    @DosFreak: :lol:

  4. Yeah, Ubuntu may have more unpatched vulnerabilities, but since it’s not very popular amongst people who don’t spend hours messing around with technology, it’s still safer than Windows XP. Simply because hackers choose more popular targets.

  5. Yeah, and that’s something that these charts don’t represent…the marketshare. That obviously has a huge impact on how widespread the vulnerabilities become, and right now hackers are going to target the less-knowledgeable users that run XP.

  6. If you take nothing else from this posting please remember these words of wisdom: No OS is secure.

Leave Your Comment


Message is the only required field.
Emails are not published.