-{ Quote: "According to the numbers given in a new report from Microsoft, Windows Vista has blown away all the major enterprise Linux distributions and Mac OS X as far as having the smallest amount of serious security vulnerabilities in the six months since its release." }-
http://www.eweek.com/article2/0,1759,2149391,00.asp

The problem with comparisons such as these is that they primarily use quantitative, rather than qualitative, analyses and consequently provide a misleading assessment. As the article mentions, it's not the number of vulnerabilities that matters as much as the severity of those vulnerabilities and whether they have been fixed sufficiently. Also, as security blogger Ryan Naraine pointed out, Microsoft have not publically disclosed numerous vulnerability fixes that I'm assuming weren't included in this report. If that is the case, then it fundamentally undermines the validity of this report. If the criteria upon which the comparison is based is susceptible to manipulation, and such manipulation has been acknowledged, then that in principle invalidates the comparison.

The sensationalist title is more misleading then the report, but I guess they have to garner our attention somehow. Even though the article doesn't delve into the bold claim in the title, the entire report is cast in that light, basically as an obvious marketing tool attempting to demonstrate the relative security of Vista.

A few more links about this.

http://blogs.zdnet.com/security/?p=321

http://www.engadget.com/2007/06/22/report-vista-more-secure-than-os-x-and-linux/

http://www.vnunet.com/vnunet/news/2192615/microsoft-claims-vista-secure

This is the significant part of the quote:
-{ Quote: "According to the numbers given in a new report from Microsoft" }-

-{ Quote: "Microsoft's Jones admitted that many think it's unfair to count the vulnerabilities for all of the components for the product that Red Hat ships and supports as Red Hat Enterprise Linux 4 WS" }-

Thats a seriously unfair comparison. Red hat Desktop WS contains Tonnes of desktop apps (it comes on dozens of discs).

Nice to see MS doing a fair comparison again.

What a load! No article's like these are going to have me do an about-face, I'm done with closed source.
*It's fair to point out that nowhere during the course of a typical day do my need's require proprietary soft.

Steve

-{ Quote: "What a load! No article's like these are going to have me do an about-face, I'm done with closed source.

Steve" }-

Likewise. I'm about | this far | from switching to Linux permanently. I'm currently looking at a number of different distros that I've saved on my other hard drive and am running in VirtualBox, and will likely check out a few more. When I find one that I like and can run my printer (always seems to be that problem), I'm liable to dump MS for good. I've already dropped MS Word for Abiword in XP. I think most of the printer problem has to do with virtualbox rather than the distros.

XP is good for a few more years, but why wait. Linux is just as easy with most apps these days, as I've found out in the past week, and if it comes down to it, WINE might solve the problem for me ... maybe ... possibly(?) if I keep XP on a partition - a small partition.

-{ Quote: "According to the numbers given in a new report from Microsoft, Windows Vista has blown away all the major enterprise Linux distributions and Mac OS X as far as having the smallest amount of serious security vulnerabilities in the six months since its release." }-
yea, sure...

/Cerxes.

0_o
o_0

>_>


<_<


XD

-{ Quote: "According to the numbers given in a new report from Microsoft, Windows Vista has blown away all the major enterprise Linux distributions and Mac OS X as far as having the smallest amount of serious security vulnerabilities in the six months since its release." }-

Well, what else were m$ gonna say?

hahahaha, what else? hahahaha

Hello,
The last throes of a dying animal. They are going to lose the battle. Oh yes!
Mrk

-{ Quote: "A Microsoft executive says that-six months after shipping Windows Vista-it has left more publicly disclosed Vista bugs unpatched than it did with Windows XP...In total, Microsoft has patched 12 out of 27 disclosed Vista vulnerabilities" }-
http://www.washingtonpost.com/wp-dyn/content/article/2007/06/22/AR2007062200052.html?referrer=email

Not sure if the link will work as it is the indirect link from their email newsletter I get. Just in case it doesn't, I will sum up the article in brief.

Basically it starts off using the report that this thread deals with to show that Vista has more unpatched vulnerabilities than XP in the first 6 months each was released, noting the differences in those vulnerabilities. It then addresses the problematic nature of using the report to compare the security of Vista to Linux and OS X, citing HD Moore (one of the hackers behind the popular Metasploit penetration testing toolkit). Lastly, it references Randy Abrams from ESET, noting that the stats will be more interesting once Vista becomes more popular than XP and is thus targeted more by hackers.

...and here´s one reply to the security statement:

http://seclists.org/fulldisclosure/2007/Jun/0528.html

/Cerxes.