Microsoft Windows Proven To Be More Secure Than Other Operating System

Wondering through the web I came upon a blog by a Jeff Jones who has completed a very detailed study in which he compares DoR [Days of Risk] for various operating systems. After compiling his data for the DoR report, which includes all types of graphs and charts, and incorporating some other gee whiz factors, he has concluded that Windows has a lower DoR than other operating systems like Apple Or Linux. Really. I kid you not.

Jeff also mentions the following as to where he obtained his data:

For severity information, I used the US Department of Homeland Security sponsored National Vulnerability Database (NVD, as a source for independent severity ratings that were defined across all of the products.

For the dates of public disclosure, I used my own disclosure database which I have compiled over the past several years. In general, the process is as follows for each vulnerability:

It was interesting to read what Jeff had to say and read about his collusions. It was also interesting to see who Jeff Jones is:

Jeff Jones is a Security Strategy Director in Microsoft’s Trustworthy Computing group. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft’s internal security teams to drive practical and measurable security improvements into Microsoft process and products.

He also has written a article about how much more Vista is compared to other operating systems as well. Again he backs up his conclusions with data. Lots of data. He states:

The results of the analysis show that Windows Vista continues to show a trend of fewer total and fewer High severity vulnerabilities at the 6 month mark compared to its predecessor product Windows XP (which did not benefit from the SDL) and compared to other modern competitive workstation OSes (which also did not benefit from an SDL-like process).

If you share the opinion that Windows and applications ported to Windows get a higher level of researcher scrutiny than other OSes, then the 6-month results are even more positive. If you don’t share that opinion, then they still stand on their own …

Let’s face it. For some who read Jeff’s conclusions they will scream that he is a paid shill for Microsoft. He had to conclude that Windows is more secure because that is his job.

Or, we could look at this with a open mind. For years all we have read is about the vulnerabilities of Windows or other Microsoft products. It was unusual for us to hear about patches or fixes for other products. Just just a short time ago Apple put out what I believe were 26 fixes. Does that make Apple less secure than Windows? I think not.

If one were to write an article about how insecure Apple, or Linux or any other operating was, I would guarantee you that there would be a uproar and a lot of finger pointing at Windows indicating how bad Windows is. It is no fun picking on Apple or Linux since for the most part they are fairly well liked. But Microsoft is far game since they are the evil empire and known as the ‘thugs from Redmond.” Their questionable business practices speak volumes.

But the topic is whether Windows is more secure than other operating systems, or have we been brain washed into thinking that this is not the case? Or is what Jeff is saying just more FUD?

What do you think?

Please. No Apple, Linux is better than Windows comments. :-) TIA
Articles on Jeff’s blog are located here.

[tags]windows, linux, apple, security, comparison, [/tags]

Article Written by

I have been writing for Lockergnome for eight years.


  1. marc klink says:

    This is one of those ‘figures don’t lie, but any liar can figure’ things. Anyone can, by carefully editing the input of data, get resultant data that supports their hypothesis. It does not make the premise valid in the real world.

    If one gets down to it, no operating system is completely secure. You wouldn’t want to use it if it was. [Vista is far from secure, and look at the response to UAC]

    I remember when it was written by some knowledgeable person, that Windows NT 3.0 had been given C2 security rating by the government. This sounded great. The bad news was that in order to get that clearance, no ethernet port was allowed, no floppy drive, ….you get the idea – no external connections. Once a floppy was added, or an ethernet connection made, the security clearance was gone. So if you are willing to use your computer in a ‘vacuum’ you can feel very secure.

    Otherwise, you have to try to stay one step ahead, and use common sense. The problem for most is the apparent lack of even rudimentary knowledge of what compromises their security. This is equivalent to the Pollyanna who just wants her car to ‘go’, and trusts ‘the kindness of strangers’. In space, no one can hear you scream, and in cyberspace, there are no kind strangers. Then there are the enthusiasts who know these things, but wish to remain above the rest, with a condescending attitude toward those ‘poor fools’ who have no idea. These groups both need to lose their notions of behavior and help each other.

    With a knowledge of how bad things can happen, even the least secure operating system can be used with a fair degree of confidence. Someone once said ‘Eternal vigilence is the price of freedom’. It happens to be the price for safe computing also.

  2. I-user says:

    If he’s working for MS then it’s hard to look at this objectively. If say he were an independent consultant that has worked with MS at one point in time but has no other ties then I may put some trust in his results. If he worked with the Linux community and Apple (and even some minor OS developers) as well then I would have a MUCH greater agreement in his results and conclusions.

  3. Ron Schenone says:

    Hi Marc,
    Agree. Sometimes I think these security issues are over blown and add to the FUD.

    Hello I-user,
    I tend to agree.

    Thanks for the comments,

  4. kuni says:

    but where are the games.
    you should have a precise link which does not turn us in round.
    because, i cannot find the games you promised. just long literatures!

  5. Ron Schenone says:

    Hi Kuni,
    I don’t understand your question?