In terms of security

Jun 4, 2007 13:49 GMT  ·  By

Last week you were able to read about a Windows Vista - Windows XP comparison performed in terms of security performance by the CRN Test Center. The conclusions of that test were in the disadvantage of Microsoft's latest operating system. Derived from an ignorant perspective, Windows Vista is often considered nothing more than a superficial upgrade to Windows XP and even equal if not worst to the Windows platform Microsoft launched in 2001. However, such views over Windows Vista and Windows XP are also generally the product of a Procrustes' bad comparison and fail to even remotely reflect reality.

The conclusions put forward by the CRN Test Center have the right potential to also fall into this category. There is no choice between Windows Vista and Windows XP, according to the CRN Test Center as it formulated the following: "Windows Vista and Windows XP are equally at risk to viruses and exploits and overall Vista brings only marginal security advantages over XP. Vista remains riddled with holes, despite its multilayer security architecture and embedded security tools. Besides providing no improvement in virus protection vs. XP, Vista brings little or no security gains over its predecessor against such threats as RDS exploits, script exploits, image exploits, VML exploits, malformed Web pages and known malicious URLs."

Considering the level of security delivered by Windows Vista and Windows XP equally, the CRN Test Center went on to describe an "unconvincing" benchmark, a subjective testing process and a disputable methodology. As it was only natural, it managed to generate strong responses. Microsoft itself invited such comparisons when it applauded Vista as the most secure Windows platform to date. And the fact of the matter is that Microsoft has not come out officially to challenge the CRN Test Center's conclusions.

Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group tackled the subject: "Frankly, the article as well as the scientific rigor of their testing "failed to impress." Take this phrase: "Vista remains riddled with holes, despite ..." Where does that come from? I mean, Microsoft has fixed 12 vulnerabilities in Windows Vista in the first six months of availability compared with (for example) the 60 vulnerabilities Apple had to fix in Mac OS X Tiger in it's first 6 months or the 281 vulnerabilities Red Hat had to fix in RHEL4WS. Riddled indeed."

Jones also emphasized the fact that Windows Vista was compared not with Windows XP Gold, but with Windows XP Service Pack 2. In the end, Jones decided to take the CRN test not as a negative vote against Windows Vista, but as a complement for the security delivered by Windows XP SP2.