Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Says Vista Has the Fewest Flaws

samzenpus posted more than 6 years ago | from the eye-of-the-beholder dept.

Microsoft 548

ancientribe writes "Microsoft issued a year-one security report on its Windows Vista operating system today, and it turns out Vista logged less than half the vulnerabilities than Windows XP did in its first year. According to the new Microsoft report, Vista also had fewer vulnerabilities in its first year than other OSes — including Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 — did in their first years."

cancel ×

548 comments

Sorry! There are no comments related to the filter you selected.

Fewest Users = Fewest Flaws (3, Insightful)

tommyatomic (924744) | more than 6 years ago | (#22163658)

It has the fewest flaws found because it has the fewest amount of people looking for them.

Re:Fewest Admitters = Fewest Flaws (4, Insightful)

Harmonious Botch (921977) | more than 6 years ago | (#22163704)

It has the fewest flaws found because it has the fewest amount of people admitting to them

Re:Fewest Admitters = Fewest Flaws (5, Interesting)

dch24 (904899) | more than 6 years ago | (#22163780)

Excellent point. Although other debates [oreilly.com] have questioned Microsoft's numbers, if there are really 20 million [microsoft.com] installs (plus further installs since then) in use out there, hackers might begin to take a look.

But to paraphrase the Drake equation [wikipedia.org] , of the total Vista installs, how many have been hit by crackers? How many of those were honeypots, caught by virus scanners, or otherwise detected? How many exploits found by crackers have been used in highly targeted attacks and kept secret?

All I can think of is the remote TCP/IP exploit [microsoft.com] . As some of you may recall, that exploit existed in all versions of Windows. And Vista supposedly has a "completely rewritten TCP/IP stack" (source [microsoft.com] ).

"I have a bad feeling about this."

Re:Fewest Admitters = Fewest Flaws (4, Insightful)

techno-vampire (666512) | more than 6 years ago | (#22163848)

And how many installs are on new machines, where the buyer had no choice? How many of those forced installs have been wiped out by now and replaced by XP, 2K or Linux?

Re:Fewest Admitters = Fewest Flaws (2, Interesting)

timmarhy (659436) | more than 6 years ago | (#22163880)

how many people who run linux do you think are stupid enough to buy vista then uninstall it? why does everyone pretend the white box market doesn't exist?

Re:Fewest Admitters = Fewest Flaws (3, Insightful)

techno-vampire (666512) | more than 6 years ago | (#22163938)

I'm sure most people do. However, it's still hard to find new laptops without a pre-installed OS. Also, I know there are people buying computers with iCandy installed and replacing it with XP; I'm going to be doing exactly that for a friend later this week.

Slashdot was pwn3d today. (-1, Offtopic)

mosel-saar-ruwer (732341) | more than 6 years ago | (#22163982)


No one seems to be aware that Slashdot was pwn3d today:

Three's Company
http://idle.slashdot.org/article.pl?sid=08/01/23/1816222 [slashdot.org]

Barb Wire Eating Contest
http://idle.slashdot.org/article.pl?sid=08/01/23/188221 [slashdot.org]

How to Visit New York City on $100
http://idle.slashdot.org/article.pl?sid=08/01/23/1715249 [slashdot.org]

It's Not What You Think
http://idle.slashdot.org/article.pl?sid=08/01/23/181209 [slashdot.org]

Don't Fight the Bears
http://idle.slashdot.org/article.pl?sid=08/01/23/1740227 [slashdot.org]

At least I assume those are pwn1ngs, and not merely the Eternal Sunshine of Cowboy Neal's Spotless Mind.

Re:Fewest Admitters = Fewest Flaws (4, Insightful)

seifried (12921) | more than 6 years ago | (#22164104)

Might be a rewrite but chances are you either had the same people rewriting it, or at the very least the same mindset/corporate culture/etc. rewriting it, so it probably didn't end up all that different (based on results this looks pretty likely).

Re:Fewest Admitters = Fewest Flaws (1, Insightful)

The Clockwork Troll (655321) | more than 6 years ago | (#22163810)

The real story (in TFA's linked report) is the comparison to Linux distributions' 1-year security patch metrics, e.g. for RHEL4:
  • When rhel4ws shipped on February 15, 2005, there were 129 vulnerabilities already publicly disclosed in shipping components prior to general availability. On ship day, Red Hat issued 27 security advisories to address 64 of them.
  • During the first year of availability, Red Hat issued 183 security advisories/updates for rhel4ws. If limited to just Critical and Important issues, there were 88 released on 57 different days.
  • During the first year of availability, Red Hat fixed a total of 493 vulnerabilities in rhel4ws. If limited only to those vulnerabilities labeled Critical or Important by Red Hat, the number of vulnerabilities fixed is 214.
  • At the end of the first year period, there were 82 vulnerabilities disclosed but without a patch (that would later be addressed with different fixes and security advisories). Adding that to the fixed vulnerability count tells us that a total of 575 vulnerabilities were disclosed in RHEL4 components during the first year.

So ... assuming RHEL4 has a much smaller installed base than Vista (let alone XP), what does this say about the security of enterprise Linux? What does it say about the worth of "quick" security metrics like patches in first release year?

Re:Fewest Admitters = Fewest Flaws (5, Insightful)

cp.tar (871488) | more than 6 years ago | (#22163866)

How many of those were kernel patches, and how many were related to other applications?

mod parent up (4, Insightful)

mattwarden (699984) | more than 6 years ago | (#22163708)

Parent has it exactly right. This is likely another statistical half-truth. Tell us % of users reporting flaws and let's compare that to XP's first year.

Re:Fewest Users = Fewest Flaws (1, Insightful)

timmarhy (659436) | more than 6 years ago | (#22163726)

you people then have to accept linux has the same problem, since far less people use linux then vista. you have all attempted to debunk that same claim from MS for years, to claim otherwise is 2faced.

Re:Fewest Users = Fewest Flaws (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22163730)

It's also not really a reliable metric, given they're basing it on internal analysis. That's like saying that I'm the best coder in the world based on my own analysis of my code. Ridiculous. Why does anyone give any credit to ANYTHING coming out of Microsoft? 99% of the time it's utter bullshit.

Re:Fewest Users = Fewest Flaws (0, Flamebait)

poopdeville (841677) | more than 6 years ago | (#22163896)

Has Vista even been selling for a year? Nobody I know uses that shit.

Vista is killing our company (0, Informative)

Anonymous Coward | more than 6 years ago | (#22163734)

Right now, I'm working under a really dumb sysadmin. This guy makes the company overspend at every turn. He had us upgrade to XP when it came out. He talked the company into replacing every desktop with brand new machines to run Windows Vista Premium. I tried to tell management this was a bad idea, but they trust him more because he has been there a lot longer than me. Our company is laying off more workers next month to cope with high expenses. NT4 or OpenBSD are all you need.

I am getting my resume ready for a job out side of Maine. The businesspeople here have been making incredibly stupid decisions. I know when pragmatic and frugal IT management isn't wanted.

Sysadmins that talk management into upgrading to Vista on machines that only run a DOS-based CRM system are scum.

Re:Fewest Users = Fewest Flaws (-1, Offtopic)

GreggBz (777373) | more than 6 years ago | (#22163760)

Oh no you didn't!??
Oh... yes, yes you DID.. and you got modded insightful?

Modders, you do realize that this is the inverse of the same argument that is championed out in defense of Windows' traditional insecurity, no? The whole, it's the most popular OS and therefore the biggest target thing. Usually if you play that card, you get 37 rebuttal's and a -1 overrated.

Nah, it just means... (2, Funny)

Kamokazi (1080091) | more than 6 years ago | (#22163764)

All this means is that there will be a really big patch tomorrow.

Re:Fewest Users = Fewest Flaws (1)

gotzero (1177159) | more than 6 years ago | (#22163768)

This statement will be revised in 60 days after the manta has spread...

Re:Fewest Users = Fewest Flaws (0)

Anonymous Coward | more than 6 years ago | (#22163778)

If it doesn't work, that's no flaw, its a feature!

Re:Fewest Users = Fewest Flaws (5, Interesting)

Anonymous Coward | more than 6 years ago | (#22163802)

Time for a game of /. Confession...

I've been using Vista x64 for about two months now on a Dell m1330 with 4GB of RAM. There's more NON-security bugs than I could shake a stick at. Bluetooth has multiple "Hi, I've stopped working and you're screwed till a reboot" bugs, and they seem largely related to a bigger bug Vista has in failing to handle shutting drivers down when suspending in such a way that they wake up when you wake up the laptop. So it occasionally affects LAN, Wifi, etc...

The interface has more glitches than I can count, Aero is TREMENDOUSLY slow compared to the usual 2D accelerated display (a disappointment since compiz is FASTER than 2D acceleration), and these are just the issues I can remember. I know I've hit more, but I can't recall them right now. I've not gone looking for security bugs, but I'd bed the only "security" part that's near bug free is the one that handles the DRM and anti-piracy functions. I've no doubt from the rest of the experience that the part that secures me and my data is full of holes.

I'm actually kinda worried what will pop up once they start getting more users on it after SP1 comes out. Good thing I never use IE, refuse to use Outlook, and never directly connect to the internet with Windows. ;-)

Re:Fewest Users = Fewest Flaws (4, Interesting)

techno-vampire (666512) | more than 6 years ago | (#22163894)

It's not just Bluetooth that dies. I have a friend with a large LAN at home. One (and only one) of the machines has Windows iCandy on it. It occasionally decides that one of the other machines has dropped off the LAN even though all other machines can see it and connect to it. When that happens, the only recourse is a reboot. Not only that, it will sometimes "decide" that it can't connect to another machine until a reboot even though it admits it's there. Weird, really, but there it is.

Re:Fewest Users = Fewest Flaws (0)

Anonymous Coward | more than 6 years ago | (#22163936)

Holy Windows 9x bug, Batman!

Re:Fewest Users = Fewest Flaws (1)

NoodleSlayer (603762) | more than 6 years ago | (#22164044)

When I was using Vista I remembered the graphics engine being somewhat snappier then XP--- (I noticed it the most when I switched back to XP) but in all fairness I also have a 8600 GT in this machine, so if it can't fully take advantage of a DX10 card...

Re:Fewest Users = Fewest Flaws (2, Informative)

murrdpirate (944127) | more than 6 years ago | (#22163888)

Although Vista is doing comparatively worse than XP due to the fivefold increase in PC sales between their respective first years, the total Vista sales are higher, so there should be more people finding flaws. Unless that many people buy a preloaded vista PC and upgrade to XP....

Re:Fewest Users = Fewest Flaws (1)

Bafoon (1191427) | more than 6 years ago | (#22163956)

1)still has more users than any of the opensource OSs mentioned. 2)just take it like a man and admit that the annoying popups seem to do the job 3)i have vista and it's not slow and it doesn't crash.they actually managed to put together something that works. let's not go into the GUI....they screwed that one up a bit but as far as stability and flaws go...clearly they've learned their lesson.

Re:Fewest Users = Fewest Flaws (4, Informative)

I'm Don Giovanni (598558) | more than 6 years ago | (#22163998)

Two points here:
1. Slashdotters have maintained for years that userbase size has(almost) no relation to the number of exploits an OS gets. MS fanboys would claim that OSX and Linux had fewer exploits because they had a much smaller userbase, and they'd be ripped to shreds by slashdotters that would accuse them of engaging in logical fallacy. Your statement that Vista has fewer flaws because it has fewer users goes directly against long held slashdot doctrine. And yet other slashdotters appear to be agreeing with you, which raises the question of just how closely slashdotters held that doctrine. Seems it was only a closely held belief when needed to defend OSX and Linux from MS fanboys.

2. Your premise is wrong anyway. The report says that Vista has fewer flaws in its first year than did XP, some version of Red Hat, and OSX 10.4 did in their first years (and it's not even close). But Vista actually has MORE users in its first year than all of those OSes did in their first years (and has more users than OSX and Red Hat, period). XP had a greater userbase percentage in its first year, but fewer actual users because the number of computers was 5 times smaller back when XP was released.

Incidentally, Here are some Dec 2007 OS userbase share stats according to web hits [hitslink.com] :
XP: 76.9%
Vista: 10.5%
OSX: 7.3%
Linux: 0.6%

Re:Fewest Users = Fewest Flaws (-1, Redundant)

craagz (965952) | more than 6 years ago | (#22164040)

Whats this Windows Vista thingie? Never Heard of it.

Yeah, cause nobody uses it! (2, Funny)

Anonymous Coward | more than 6 years ago | (#22163662)

No users == no problems

Re:Yeah, cause nobody uses it! (0)

Anonymous Coward | more than 6 years ago | (#22163926)

It looks like the RIAA is trying to accomplish the same thing. It should solve their problems nicely, too.

Bad metric (1, Insightful)

gilroy (155262) | more than 6 years ago | (#22163664)

It's important to recognize that you can't possibly measure which OS has the fewest flaws absolutely. You can only measure which OS has the fewest flaws reported (or discovered). Since the number of flaws reported is proportional to the number of people using the OS, and no one is using Vista, it's natural that it'd have the fewest reported flaws. :)

Re:Bad metric (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22163782)

It's important to recognize that you can't possibly measure which OS has the fewest flaws absolutely. You can only measure which OS has the fewest flaws reported (or discovered). Since the number of flaws reported is proportional to the number of people using the OS, and no one is using Linux, it's natural that it'd have the fewest reported flaws. :)
see how stupid that sounds put in a different context? I hate MS as much as anyone here but there enough spin on this to make you vomit. by your logic, linux should have had far far fewer vulnerabilities relative to vista because it's on about 1/20th as many systems... period.

Re:Bad metric (1)

brezel (890656) | more than 6 years ago | (#22163816)

It's important to recognize that you can't possibly measure which OS has the fewest flaws absolutely. You can only measure which OS has the fewest flaws reported (or discovered). Since the number of flaws reported is proportional to the number of people using the OS, and no one is using Linux, it's natural that it'd have the fewest reported flaws. :)
see how stupid that sounds put in a different context? I hate MS as much as anyone here but there enough spin on this to make you vomit. by your logic, linux should have had far far fewer vulnerabilities relative to vista because it's on about 1/20th as many systems... period.
you do know that there are computers that are not desktop computers in the world. do you?

Re:Bad metric (0)

Anonymous Coward | more than 6 years ago | (#22164032)

in that case there shouldn't be a problem getting software ported from windows to linux.

Re:Bad metric (0)

Anonymous Coward | more than 6 years ago | (#22164086)

clueless much?

Re:Bad metric (1)

lordofwhee (1187719) | more than 6 years ago | (#22164102)

*nix and *BSD are the most-used OSes for servers, period. There are many, many more servers out there than desktops (nobody has a desktop farm, after all), and people running servers are generally a LOT more concerned about security, stability, etc, because their jobs can depend on it.

So I guess average user computer experience is also a factor (which explains why Macs have so few reported vulnerabilities compared to Windoze).

Re:Bad metric (3, Funny)

XiX36 (715429) | more than 6 years ago | (#22163898)

My OS has the fewest flaws! I created a design where the gui involves a sheet of pulverized tree, and then you take the special stylus (sold separately) that contains a special solution of a liquid with tiny pigmented particles suspended in it. While there have been reports that occasionally the stylus can malfunction, vigorous shaking or banging the stylus on a hard surface and proceeding to make several tight spirals or circles clears this OS flaw up pretty quickly! Of course, at present there are not that many users of said OS, but as it is a much more robust OS than Vista, I feel that the results for my OS are far superior to those achieved by Vista.

Re:Bad metric (0)

Anonymous Coward | more than 6 years ago | (#22164026)

no one is using Vista
I call BS. While the majority of machines I see at my University are still WinXP, I definitely see as many, or more Vista laptops around as/than Macs... this again, among college students- one of the bigger markets for Apple laptops (AFAIK), and while I can't make any truly valid conjectures about the proportion outside of the student demographic, my gut tells me that there's probably more Vista machines out there than (new, as in sold in the same time-frame) Macs simply because the majority of vendors offer Vista versions for cheaper than XP. Not to say Vista doesn't suck in a lot of ways, but to say that nobody uses it is just either a lie or a joke. Yes, it was most probably a joke in this case but the distinction must be made.

Re:Bad metric (4, Insightful)

Anonymous Coward | more than 6 years ago | (#22164080)

It's important to recognize hat you can't possibly measure which OS has the fewest flaws absolutely.
Even if it were actual total numbers of flaws being measured, it would be a pointless comparison for anyone choosing an OS. Inside Microsoft it may make sense to slap each other on the back and say how great it is that they have fewer flaws than last time. For anyone else, the question is not how many flaws Vista has today compared to original unpatched XP, it's how many flaws Vista has today compared to XP today. Same for any other OS you want to compare it to. "It's not as bad as [whatever] used to be!" is not a selling point. It's stupid to even suggest it.

Re:Bad metric (4, Interesting)

TheNetAvenger (624455) | more than 6 years ago | (#22164100)

and no one is using Vista, it's natural that it'd have the fewest reported flaws. :)

That sounds great until you realize that even by the most conservative estimates, more people are ALREADY using Vista than are using all versions of OS X and System 9 combined. Even if you throw in all the *nixes combined, there are still more Vista users.

Vista also automatically drops reports of problems directly to Microsoft, and isn't dependant on users to supply bug reports or problems like OS X, so when problems occur, MS usually knows before the users or the makers of the software that is causing problmes.

So ya, nobody is using Vista, in comparison to XP that is. However compared to the SlashDot and Mac industry, Vista is a massive OS deployment, lets hope OS X can catch up to Vista someday... (Geesh)

Oh, and I love the argument, that Vista was preinstalled and 'forced' on users. Strangly, the people that purchased these systems and rolled back to XP are 90% documented, and aren't counted as Vista installs.

And this is not any different than the people that purchased new Macs and had to have 10.4 installed because of the application compatibility problems with Leopard. (Which ironically has more compatibilty and application problems than Vista, and yet only supports 1/1000th the software or hardware.) (Geesh Again)

How are they logged? (5, Insightful)

Nefarious Wheel (628136) | more than 6 years ago | (#22163666)

Is this via support calls or just little modal dialog boxes that people are tired of clicking "send" on? Or are they filtering out things they've already encountered in XP? Statistics are a great aid to the common lie.

Methodology has issues (4, Interesting)

ameyer17 (935373) | more than 6 years ago | (#22163674)

Most Linux distros have a lot more software and contain more lines of code than Windows. Therefore, you'd expect more flaws in something like Ubuntu or RHEL.

Re:Methodology has issues (1)

ameyer17 (935373) | more than 6 years ago | (#22163714)

Also, it'd be fairly easy for Microsoft to pretend that a vulnerability doesn't exist if it benefitted them from a PR perspective.

Re:Methodology has issues (1)

gardyloo (512791) | more than 6 years ago | (#22163728)

I definitely didn't believe your statistics (not being much of a kernel coder), but Wikipedia tends to back you up: http://en.wikipedia.org/wiki/Source_lines_of_code [wikipedia.org] .

    Thanks! I learned something.

Re:Methodology has issues (4, Insightful)

djcapelis (587616) | more than 6 years ago | (#22163954)

I think the GP wasn't talking about the kernels. Linux distros simply distribute much much more software than comes with your average proprietary OS.

Most will issue a security advisory when there's a bug in apache, mysql, postgres, sqlite or all of these types of things. Microsoft doesn't issue an advisory about a bug in Oracle. On Linux, the distros take responsibility for a much much wider range of software than Microsoft does on their platforms.

Re:Methodology has issues (1)

tsotha (720379) | more than 6 years ago | (#22164056)

That's true, but it's hardly a defense of Linux distros. More lines of code doesn't imply better by any means.

Re:Methodology has issues (1)

Rakishi (759894) | more than 6 years ago | (#22164114)

Well while it'd be nice if the 10000+ packages (which include everything except for the kitchen sink) that make up a full debian install had fewer lines of code than a kernel, windows environment and some light apps it's not easy to do.

Quality over Quantity guys... (0)

Anonymous Coward | more than 6 years ago | (#22163680)

You may have the fewest flaws, but the quality of craptacularness from the flaws you do own up to and fix outweigh most every one of the little flaws logged.

Give that saw a rest, Microsoft- nobody with a brain's listening to you on that one anymore.

Ubuntu (0)

Anonymous Coward | more than 6 years ago | (#22163690)

And yet, Ubuntu flaws are also being fixed at a relatively fast rate. With Ubuntu 7.10 already out and whatnot...

This Just In (0, Offtopic)

konohitowa (220547) | more than 6 years ago | (#22163692)

In other news, Steve Jobs reports that "Leopard is the best OS X ever" with more than 200 new features.

Re:This Just In (1)

konohitowa (220547) | more than 6 years ago | (#22164166)

Offtopic? What kind of moronic moderator doesn't recognize parody and sarcasm?

Oh - a /. moderator apparently. Hint: this one is flamebait. Moderate accordingly.

Employee rejoices (2, Funny)

gardyloo (512791) | more than 6 years ago | (#22163694)

Fewer vulnerabilities "make it easier to manage risk," [Jones] says. "All other things being equal, fewer patches mean more time to spend on other security projects to reduce risk."
Wow. The one guy who currently handles the code for Windows security must be quite relieved to hear that!

I know (0, Flamebait)

ILuvRamen (1026668) | more than 6 years ago | (#22163698)

That's because the stuff people hate and that doesn't work like the DRM fails-by-design crap they put in on purpose so they don't consider it a flaw. And the shutdown button/menu isn't a flaw, they have like 12 people design that! And draining a laptop battery twice as fast from the graphics isn't a flaw, they put that in to look more flashy.

oh wow (1)

ludditetechnologies (1005885) | more than 6 years ago | (#22163700)

The worlds biggest software taxation device is coming on par with the rest of the field... I'm underwhelmed

Number of vulnerabilities -- who cares? (4, Insightful)

Niten (201835) | more than 6 years ago | (#22163710)

For the last time, you just can't add up the number of vulnerabilities in separate products from different authors and expect to glean any meaningful information from numerology thereon. This is especially true when contrasting one closed-source product from a vendor with questionable security reporting practices (say, Windows), and an open-source product where every single flaw of any level of significance is public knowledge (say, Ubuntu Linux).

I'm tired of seeing such claims about vulnerability tallies parroted in Slashdot summaries without the least bit of skepticism regarding their relevance. This sort of thing has already been debunked a million times over on this site. Come on, editors, a little quality control would be nice...

Re:Number of vulnerabilities -- who cares? (4, Funny)

gardyloo (512791) | more than 6 years ago | (#22163750)

For the last time, you just can't [...]

        You must be new here.

Well, sure there're few flaws seen - (5, Funny)

rubicon7 (51782) | more than 6 years ago | (#22163712)

- because it seems nobody's actually using it.

In related news, BeOS showed few vulnerabilities this year...

Re:Well, sure there're few flaws seen - (5, Funny)

Jaktar (975138) | more than 6 years ago | (#22163818)

While OS/2 Warp pulled in a close second...

Re:Well, sure there're few flaws seen - (2, Funny)

techno-vampire (666512) | more than 6 years ago | (#22163908)

...and CP/M beat them all out.

Exploiters focusing on Mature & Established OS (4, Insightful)

Zymergy (803632) | more than 6 years ago | (#22163718)

Could the reason there are fewer exploits in the first year of Vista (Verses XP) be due to the fact that it has a reluctant adoption rate bu users and the OS exploiters are likely focusing their efforts on current Operating Systems that are more stable, known, and in higher use.
Give it time...
Besides, now that Microsoft has set 2009 for the new "Windows 7" release target date, it seems that Vista may be the new short-lived 'Windows Me'.

Re:Exploiters focusing on Mature & Established (1)

DraconPern (521756) | more than 6 years ago | (#22163814)

Your argument fails. The number of exploits does not depend on the number of computers running it. It depends on the number of flaws that can be exploited.

Re:Exploiters focusing on Mature & Established (0)

Anonymous Coward | more than 6 years ago | (#22164128)

There may not be as many Vista machines out there as XP machines, but there are many more Vista machines out there than Linux or Mac OS machines -- whether you use Microsoft's sales numbers or website access stats.

Other things to consider (1)

elcaptainacho (917450) | more than 6 years ago | (#22163722)

This really isn't a fair study... considering the number of delays, millions of dollars and time spent in development on top of the number of reported security issues, Vista should be considered as bad if not worse than XP or any Linux distro on launch date.

Re:Other things to consider (1)

John Jamieson (890438) | more than 6 years ago | (#22164148)

good point
Imagine the stability and security of a Linux (or OS-X) release if it was six years in the cooker, and then had another year to stabilize after release?

Passed every test (4, Funny)

edwardpickman (965122) | more than 6 years ago | (#22163732)

Click to launch Word.

"Denied'

Copy file

"Denied"

Launch Firefox

"Denied"

Verdict OS completely secure.

In other news (0)

Anonymous Coward | more than 6 years ago | (#22163742)

President Bush said he is winning the war in Iraq and the RIAA said that Brittany Spheres has talent.

Even if it were true, the math is bad. Ubuntu, for example, ships with a LOT more packages than Vista. And on top of that, there's nothing to talk about the severity of these flaws. If OSX has some local exploit that can be used only when certain applications are accessing the clipboard at the same time, it isn't equal to a remote root exploit that anyone can do by just connecting to a port.

There are 3 kinds of lies: lies, damn lies and the computer security mafia.

Re:In other news (1)

Reivec (607341) | more than 6 years ago | (#22164020)

Butchering a Twain quote of grounds for treason! ;)

Sounds plausible... (3, Funny)

Angst Badger (8636) | more than 6 years ago | (#22163746)

...after all, any operating system that is basically unusable is going to have fewer vulnerabilities as a matter of course.

In other news (2, Funny)

EEPROMS (889169) | more than 6 years ago | (#22163752)

Boeing has said it's latest jet liner crashes less and Ford has made a car that kills fewer drivers.

I could believe this except... (1)

Snowspinner (627098) | more than 6 years ago | (#22163762)

I can believe that Vista has fewer security flaws than XP. I can even believe that it beats Red Hat, Ubuntu, and OS X.

What I cannot believe is that XP demolishes Red Hat, Ubuntu, and OS X. That makes me think that there's something egregiously wrong with the way that things are being counted here.

Of course, counting problems fixed also does not necessarily mean that lower is better...

Re:I could believe this except... (1)

secPM_MS (1081961) | more than 6 years ago | (#22163892)

I will make no comment about the cross OS comparisons. There are interesting issues of measurement and methodology there and depending upon your biases, you can get a wide variety of conclusions.

I work in Windows security and was heavily involved with Vista security. That said, it is somewhat reasonable to compare the number of issues by criticality for OS's after release. The reason I said somewhat reasonable is the the attack community has gotten a lot more competent over the past 5 years. That said, even with the significant increase in attack capabilities, the number and severity of vulnerabilities found in Vista in the first year after its release is significantly lower than found in XP for the same period. And the Vista shipment numbers are very significant, enough so that it is well worth attacking.

Re:I could believe this except... (1)

dbIII (701233) | more than 6 years ago | (#22164162)

You forget that "being one of the few platforms capable of running the vast mass of malware" is only a single security flaw. An arbitrary count like this is just a sales pitch.

Straight from Churchill (2, Funny)

punxking (721508) | more than 6 years ago | (#22163776)

How does that old quote go?
"There are 3 kinds of lies: lies, damned lies and Microsoft PR"
Or something along those lines...

cookie or a medal? (1)

Jaktar (975138) | more than 6 years ago | (#22163790)

Fewer vulnerabilities "make it easier to manage risk," he says. "All other things being equal, fewer patches mean more time to spend on other security projects to reduce risk."

Like more time for companies to scan their products before shipping them out with a virus preloaded?? That'd be sweeeeeet! http://portableaudio.engadget.com/2006/10/16/mcdonalds-mp3-players-ship-with-trojan-horse/ [engadget.com]

Would you like to read the contents of (insert media player here)? Cancel or Allow?

Oh no, we suck again!

You spin me right round baby right round . . . (1)

Orange Crush (934731) | more than 6 years ago | (#22163792)

How was XP's install base after a year? Is Vista even comparable now to what XP was doing a year after its release? I swear I'm not trying to troll here, I honestly don't have figures to back this up. However, in my (admittedly) anecdotal experience, neither I nor my other geeky friends were strongly recommending that any new shoppers stick with Win98. The manufacturers are still shipping new machines with XP, and the impression I'm getting is they'd like to keep doing so as long as possible.

Actually *enforcing* the "hmmmm, let's not run everything root/admin" paradigm is certainly a step in the right direction and that alone probably accounts for some of the better security with Vista vs XP . . . but how much? It's easy to say you're the "most secure" operating system when you're being actively avoided. By that logic, the P2 box in my attic is completely unhackable and immune to any conceivable vulnerability by virtue of having a faulty power supply and unplugged.

Still there, just moved (1)

sltd (1182933) | more than 6 years ago | (#22163800)

I have trouble believing that the code is more secure and has less bugs than the other software mentioned. But Vista's flaws go beyond the code.

Five minimally different versions of the same operating system?
2 GB of RAM to get it to run the base system almost smoothly?
Limit on how much you can upgrade your hardware before the system locks you out completely?
No new features that users want to adopt?

When someone finally gets around to using it, Vista will probably exhibit tons of bugs and stuff like that. Viruses will be written. Security will be compromised. I can't really tell if this is FUD or an advertising plug.

Perspective (1, Flamebait)

FredFredrickson (1177871) | more than 6 years ago | (#22163806)

As long as most of the flaws in VISTA are still being counted as features (DRM anybody?), they can basically claim it's a zero-flaw system.

Absolute flaws reported doesn't work (5, Insightful)

arotenbe (1203922) | more than 6 years ago | (#22163808)

I think that is a silly measure of bugginess. Not only does the number of flaws reported being less reflect lower usage of Vista, it also likely says the the reporting system is difficult to work with. If anything, I think the fact that the non-Windows systems have a higher number of flaws reported indicates that they have easier-to-use bug reporting systems. The correct way to measure statistics on things like this is either to have a third party subject them to a standardized battery of tests (indicating actual security levels) or to measure the ratio of bugs fixed to total bugs reported (indicating the development team's ability to correct reported flaws quickly).

fewest flaws in total.... (1)

stox (131684) | more than 6 years ago | (#22163822)

most flaws you could drive a fleet of semi's though.

someone needs to come up with a metric of flaw exposure per unit time.

Re: I buttfucked Heath Ledger and all I got was... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22163826)

MOD PARENT UP!

Fewer flaws because... (1)

fahrbot-bot (874524) | more than 6 years ago | (#22163844)

...those in Vista are defined as "features" - mystery solved.

flaws counted in operating systems.. (0, Redundant)

LingNoi (1066278) | more than 6 years ago | (#22163850)

including Red Hat rhel4ws, Ubuntu 6.06 LTS
Apples and oranges. Windows Flaws are flaws in the operating system. Linux flaws are to do with the applications and the operating system.

Hence why they have less, you get no applications with their OS.

Re:flaws counted in operating systems.. (1)

LingNoi (1066278) | more than 6 years ago | (#22163932)

I just finished reading the PDF, they've taken some stuff out but I still think there is more stuff in there then you'd get with windows.

Bravo! (2, Interesting)

Plutonite (999141) | more than 6 years ago | (#22163856)

Remember ladies, this is what George W. Bush's go-away speech is going to be like. Don't be too scathing. Let them have their moment.

Windows 7 announcement in 3..2..1

Report says Ubuntu is better! (4, Funny)

LingNoi (1066278) | more than 6 years ago | (#22163916)

From the PDF [technet.com]

Page 12 - Windows Vista Fixed 36 vulnerabilities
Page 14 - Ubuntu fixed 406 vulnerabilities affecting Ubuntu 6.06 LTS.

Look how many vista have left to find!!

Statistics (5, Insightful)

wannabgeek (323414) | more than 6 years ago | (#22163920)

Reminds me of a quote - "Statistics are like humans. Torture them enough and you can make them admit anything you want".

too slow, who wants hacked code running on THAT? (-1, Troll)

Locutus (9039) | more than 6 years ago | (#22163924)

Here's why the Vista numbers look good for Microsoft's PR department:
It'll run your code at half the speed of open XP boxen and when the user plays music, all your SPAM profits shrink because the bandwidth is limited. Who would want to 'own' a Windows Vista box? And it looks like the numbers are there to prove it. ;-)

LoB

Wow, Worse Than I Thought (4, Funny)

ryanisflyboy (202507) | more than 6 years ago | (#22163958)

You know it's bad when not even the script kiddies wanna get their paws on it.

No help needed (1)

GrendelT (252901) | more than 6 years ago | (#22163968)

So, basically, it sucks on its own merits.

XP Warmed Over (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#22163972)

Has anyone considered that Vista is little more than XP warmed over? It's like the difference between Win98 and WinME. So... Vista isn't exactly new - they didn't rewrite it after all. All they did was update some functionality and stick in a mess of DRM rubbish. Without the DRM garbage that destroys system performance, Vista may actually be comparable to an updated XP with a few new security features and some cute eye-candy. Bugs? Vista's bugs were worked out with XP SP1 and SP2 and perhaps SP3. Vista's SP1 will mop up stragglers. And lets not forget undocumented or unaccounted bugs - you know, let's not let the public know about that or call it a feature type of thing. Linux appears to have more bugs because it is completely transparent - nothing is hidden, no behind-the-door paper-shredding. And finally - Vista may appear to not have as many bugs as XP in it's first year - however XP after its first year had significantly more market penetration than Vista has now - so it's yet another misleading comparison. What do we have? Still a piece of garbage. Microsoft is spending more time playing their games with OOXML and whatnot to stop and actually produce a quality OS. Fine by me - Linux benefits from their antics. Linux benefited from their DoJ circus and has continued to benefit from the clumsy bumbling mistakes Microsoft seems so adept at doing. Keep it up, MS! May Windows 7 be as flawed as the rest and may you keep tripping over your feet as you stumble about in the dark. Linux can only benefit from this...

At the same time... (1)

slicenglide (735363) | more than 6 years ago | (#22163976)

They have more suck ass, non-used features than any other O.S... and require a sweet ass gaming machine to run decently. Plus, I don't know how in the hell they jacked up their windows installer service, but I see more issues from crap not getting installed or uninstalled correctly that require complete reinstallation. New machines too. It's enough to make me really not like computers that much anymore.

Personally (2, Funny)

maroberts (15852) | more than 6 years ago | (#22163992)

I'm not giving Vista flaw space.

Its not quantity but quality (1)

DeltaQH (717204) | more than 6 years ago | (#22164016)

It is not to total number of bugs, but the "quality" of these bugs. ;-)

Nobody uses Vista? (4, Interesting)

Coolhand2120 (1001761) | more than 6 years ago | (#22164022)

SO. Nobody uses Vista in comparison to OS X or Linux? ouch [hitslink.com] , looks like a whole magnitude of people use Vista over OS X or Linux. According to this link, if you took all the Linux and Apple users and put them into a single group, it STILL wouldn't be as many people who are using Vista by a good size chunk (let alone XP), so let's not repeat that lie again.

I don't mind people being critical of anything, but please be honest in your critique. And whatever you do don't use Apple as an example of "the way things should be".

I'm sure this will be tagged flamebait or troll. That's kind of ironic when I'm replying to all these guy's tagged 'informative' who say "Nobody uses Vista" when they are obviously providing false information. If pointing out a blatant lie makes me a troll so be it.

Translation from MS speak (1)

unbug (1188963) | more than 6 years ago | (#22164042)

... it turns out Vista patched less than half the vulnerabilities than Windows XP did in its first year ... According to the new Microsoft report, Vista also had fewer patches in its first year than other OSes ...

my OS has only 1 flaw (0)

Anonymous Coward | more than 6 years ago | (#22164050)

it doesn't run

Umm ... (0)

Anonymous Coward | more than 6 years ago | (#22164084)

... of course Microsoft would say it had the fewest flaws. if a company were actually honest about its product, nobody would buy it.

I guess they don't count design flaws (1)

OrangeTide (124937) | more than 6 years ago | (#22164090)

I tend to file "design flaws" as bugs at work. I guess they aren't bugs here. At least they aren't a security threat, so that's something at least.

Linux has the better bug-per-dollar ratio.

But M$ (0, Troll)

kahrytan (913147) | more than 6 years ago | (#22164092)


  What about the biggest flaw of them all .... The NT Kernel. One could say, it's biggest security flaw in Windows this millennium.

Been using Vista for 6 months.. (1)

AlexKiddo (1188951) | more than 6 years ago | (#22164112)

I've been using Vista for 6 months, with no type of protection besides religion and I've only had like two BSOD's, Something's probably wrong with my copy of Vista, haha.
But, I will say today, I went in our computer lab on the 10.4 iMacs, and they have come down with a sickness. It let me down a good bit.
This is coming from a school that worries so much about network security, that all of the Wi-Fi networks are unsecured and have no password.
It's good to have an iPod touch if you're not doing anything in class, hook up the Wi-Fi and you're good to go. Me and friends do it all the time.

bsod (1)

delvsional (745684) | more than 6 years ago | (#22164164)

Of course it's secure. Everytime you try to do anything you get the bsod.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>