Ron Schenone

First Year Vulnerability Report – Vista More Secure Than XP, Red Hat, Ubuntu and Apple Mac OS X

Posted by on Jan 25, 2008 | 9 Comments

Jeff Jones who describes himself on his web site here as:

I’ve expect that as soon as we get into any meaty and interesting discussions, my current place of employment (Microsoft) will come into play, combined by assertions that I must be biased. It is fairly predictable, so I thought it might be interesting to just pre-empt it and open the question myself.

I’ve been a Director at Microsoft for a little over four years now, in the security group that works to drive security improvement across the company. For that alone, some may condemn me, so let’s dig into it.

Jeff has completed a one year vulnerability report in which he has plenty of graphs and information in which to prove his claim that Vista is less vulnerable to attack that Windows XP. However Jeff goes on to state that Vista is also better than Red Hat, Ubuntu and Apple Mac OS X.

I am sure Jeff is expecting that his report will generate plenty of controversy since Jeff is a Microsoft employee and will be branded as being biased, no matter how much he tries to justify his unbiased reporting.

You can view Jeff’s complete report here.

So what do you think? Is this report unbiased and does it prove that Vista is more secure? Or is it just self serving for Microsoft? Share your thoughts with us.

Also if you are using Vista do you personally feel more secure?

Comments welcome.

[tags]microsoft, vista, windows, xp, red hat, apple os x, [/tags]

  • http://wp3.lockergnome.com/nexus/digged/ Matt

    With out a doubt Vista does more to help block of viruses and spyware then XP, Ubuntu, and OS X, but the viruses usually dont affect UNIX built operating systems, aka OSX and and Ubuntu. While it does a better job of blocking them it just has more to fight then OS X.

  • http://wp3.lockergnome.com/nexus/theoracle/ the oracle

    This is simple another arrow in the Microsoft quiver. If FUD is not called for then ‘baffle them with BS’.

    As my grandmother used to say, ‘Figures don’t lie, but any liar can figure’.

    The axiom is correct, if enough work is done, any fact or figure can be skewed to look inferior, wrong, or out of place.

  • Jeremy

    Didn’t Jeff do something like this before? I thought he tried to make the same claim, which most people dismissed as false. He might be trying again though…

  • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

    Thanks for the comments.

    Jeremy – Jeff did a 3 and 6 month report on this same issue. This is his 1 year report. :-) We should be getting a report every 3 months or so until Windows 7 is released. Than Windows 7 will be the new secure product.

  • Denny

    I Cann’t Wait Until WINDOWS–7__Comes Out._._.

  • ira m trager

    the only issue that i am partially stuck with is error code 2738. initially i couldnt download apple safari and itunes and i tried the fix i saw in forums. that didnt work but by some miracle i was able to install them.
    all well and good but periodically when i try a download it gives me error code 2738. there is one thing i am curious about. why is ie7 for xp different than ie7 for vista. two things are different. the encryption for xp is 128 and vista is 256. with vista there is protected mode with vista there isnt. another thing is why does vista gather information when a program self destructs and than you periodically receive a message to check for microsoft solutions. i have yet to receive a solution for anything from microsoft.

  • Chris

    I suspect that Jeff is correct as of right now. Vista is still a new OS. It does take a little while to figure out where the bugs are and how to poke at it for vulnerabilities. By comparing it to OS’s that have been out for some time and people know really well, he is telling the truth for the moment. I dont think that he will be able to be able to do the same thing again in say one year however.

    If you give black hats enough time, I am sure they are going to find some spectacular holes in Vista, and it will be just as vulnerable as other operating systems to malicious attacks.

    Personally I think his timing is perfect, the OS has been out for a little while, and he does not actually have to BS on the vulnerabilities since not enough time has really passed to find really good ones.

  • I-user

    Umm… didn’t this ‘report’ appear a year ago by the same person (not you, Ron) who gave the same results?

    Just a passing thought…

  • I-user

    Sorry, I skimmed the comments too fast and didn’t see Jeremy’s comment above (and your reply).

    Although it makes me wonder if this guy (the one who wrote the report) made a similar ‘reports’ in previous years about XP ?!?