Microsoft employee finds Vista more secure than Tiger
Microsoft employee Jeff Jones has released his findings from a comparison of Vista, XP, OS X Tiger, and RedHat Linux.
“Windows Vista One Year Vulnerability Report” by “Jeffrey R Jones, Security Guy (and Microsoft Director)“ already has an inconclusive feel about it as soon as that title page is splashed up. But let’s give it a chance.
Before the report starts, we are met with an Executive Summary, telling me first that “This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products.“
Then we are told that “this is not an analysis of “the security”. [it will not] look at protective mechanisms and see how they might protect in certain scenarios. Nor [will it] look at security features and see how they might enable better privacy or help secure business process. And [it] certainly [won’t] look at how easy it is to manage the security policy for these products.“
Not being sure of what it actually IS, let’s plod onward.
Jones goes over vulnerabilities fixed and unfixed in Windows XP vs. Windows Vista, finding that there were less vulnerabilities overall in Vista, though a similar percentage of fixed vs. unfixed was present, something he did not note.
He then talks about Linux, and shows histograms depicting bug fixes per week in red and orange, as opposed to the blue and green of the Windows graphs. They look scary… and show big bug numbers.
We get now to the most interesting part of the document, talking about Mac OS X 10.4 Tiger. Tiger’s graph is purple… I guess thats a medium color. There are a couple weeks with seemingly large amounts of bug fixes, but no week over 30, and only one over 20.
Now we get to the part that seemingly ties it all together. The graph comparing all the Operating Systems’ patches fixed vs. unfixed. Windows Vista has the lowest number of vulnerabilities, with Windows XP in second and OS X in third. What Jones doesn’t note in the text is that The Linux distributions, which show large numbers of vulnerabilities, show almost 90% fixed bugs, while both Windows bars barely scrape 60% fixed. OS X has a little over 75% fixed bugs.
This “report” seems to be a big waste of time, because there seems to really be no standardizing. It is impossible to tell what Jones classifies as a “vulnerability” and it is highly likely that some small OS X and Linux problems were looked at as vulnerable while similar things on the Windows side were ignored. Reading this seemed very disorganized and it seemed as if he was comparing completely different things on each operating system. Combined with the disclaimer before the report begins, I have to wonder why this was even released.
Download Report [Jeff Jones’ Security Blog]
Keep up with the latest Apple news! - 
Subscribe to our feed →
It seems to be a big waste of time because it’s a PR stunt. It’s something to show some poor company and say, “See. It’s not that broken, after all.“ Microsoft really needs to keep their mouths shut about Vista. They need to keep their heads down, once and for all. And they need to focus only on making a better product next time. It’s as simple as that. However, they will never do this, as big pocket books lead to big egos and arrogance.
on February 4, 2008 at 11:12 PM - LINKThanks for the comment, Michael.
Yep, pretty stupid that a Microsoft employee is saying that a Microsoft product is more secure than their competition. Doesn’t sound to reliable to me. Can someone that doesn’t work for “the man” confirm this? I don’t think so.
Doug
on February 5, 2008 at 11:00 AM - LINKExecutive Editor | Appletell
Yeah, he makes sure to address that in the report, but all that I really got out of it is that it is extremely inconclusive and unreliable, and he basically lays that out.
on February 5, 2008 at 03:05 PM - LINKthe biggest problem with his “analysis” is that he’s including the patched vulnerabilities as well… he doens’t compare the number of unpatched ones which by his own results show windows is the inferior of the group. the vast majority of vista’s vulnerabilities are unpatched, half of XP’s are unpatched. nothing to see here, move along.
on March 24, 2008 at 11:15 AM - LINKThis graph actually makes Vista look bad. Look at the ratio of fixed to unfixed. Compared to Ubuntu, I know which O.S looks more secure.
The issues with Vista isn’t just security. The usability of an operating system just got thrown out the door on this one. Simple functions that are the core of any O.S have become cumbersome.
Vista is a failure in my opinion. If their next OS doesn’t come up trumps, they’re in trouble.
on March 25, 2008 at 03:59 AM - LINKYea, this article does a poor job of relating any actual information. I wonder what other interpretations we could have from the report if we inserted [false] words into the original source. I can’t understand why you fanboys even bother putting together a whole article, why don’t you just post “APPLE RULZZZ!!!1!11!“ and let your obviously deluded audience gag on more of your own smug. It is clear that facts and objective criticism are not part of your interests. The truth is that there are advantages and serious disadvantages from both companies products as well as open source, but fanboism and misleading reports like the one from microsoft are then compounded by this Fisher-Cox story. In the end it prevents anyone from making intelligently informed decisions about hardware and software.
on March 25, 2008 at 07:44 AM - LINKThis article is simply relaying the information provided in the document itself. And it seems the point has gotten across to you. This “analysis” did not and does not have any merit, because it compares incomparable things, and overall avoids giving any actual information.
on March 25, 2008 at 04:36 PM - LINK