So here we sit, 5-months after the consumer launch of Vista and 7-months after the commercial/business launch. Seeing that security is an important aspect in many people’s lives, Jeff Jones decided to see how Vista stacked up more than 6-months after its release. Before I get into anything it is probably important to note that Jeff is the Security Strategy Director for Microsoft’s Trustworthy Computing group, which might affect how you look at these results.
The chart below shows the number of high severity vulnerabilities found in some common operating systems during the first 6-months of the release. Jeff decided to not include the vulnerabilities for third-party applications that are commonly included with Linux, such as OpenOffice and Gimp. Here are the results:
Here is a look at the first 6-months of the operating systems in the chart:
- Vista: 12 vulnerabilities fixed and 10 were high severity.
- XP: 36 vulnerabilities fixed and 23 were high severity.
- Red Hat Enterprise: 214 vulnerabilities fixed and 62 were high severity.
- Ubuntu 6.06: 74 vulnerabilities fixed and 28 were high severity.
- Novell SLED10: 123 vulnerabilities fixed and 44 were high severity.
- Mac OS X 10.4: 60 vulnerabilities fixed and 18 were high severity.
While that chart flatters Vista for having just one high severity vulnerability unpatched, it also doesn’t tell the whole truth. At the end of the 6-month period in XP there were only three unpatched vulnerabilities (over all severities), Ubuntu had 11 unpatched, and Vista sits with 15 unpatched. So in terms of fixing the high severity vulnerabilities Microsoft is really on top of it, but what about the other 15 vulnerabilities that are still out there?
Another interesting fact is that over the last month 91% of our visitors have been using Windows. Breaking it down even further shows that only 15% are using Vista and 73% are using XP, which leads to another obvious question. Not enough people have made the upgrade to Vista yet, so why would the hardcore hackers target that operating system? At this point it isn’t really worth their time.
Source: PC World
Props to CoryC for the tip