Even with the general availability of Vista SP1 and XP SP3, Microsoft is still stuck gunning for Windows XP SP2 with the Windows Vista RTM "arsenal". But despite having sold in excess of 140 million licenses by the end of March 2008, Vista has failed to produce a kill, or to impact XP's install base in a manner that would have offered the latest Windows client the lion's share of the operating system market. But this is not stopping the Redmond company from beating the old drum of the superior level of security delivered by Vista in comparison to XP SP2. This is a refrain played to saturation by Microsoft via demonstrations of XP SP2's insecurity vs. what Vista RTM has to offer.

"I found that Windows Vista offers benefit over Windows XP SP2 in the following ways for 2007: Windows Vista had 30% fewer Security Bulletins than Windows XP; Windows Vista had 20% fewer vulnerabilities than Windows XP; Windows Vista had 28% fewer Critical and Important vulnerabilities than Windows XP and 26 vulnerabilities on Windows Vista are less severe for any users running as standard user", revealed Jeffrey R. Jones, Security Strategy Director in Microsoft's Trustworthy Computing group.

The latest comparison performed by Jones involves vulnerability statistics for the two operating systems throughout 2007. The past year, Vista was impacted by 17 Critical vulnerabilities, 19 Important, 7 Moderate and 2 Low. The severity ratings are Microsoft's.

In the same period of time, a total of 35 Critical vulnerabilities impacted XP SP2, as well as 145 Important security flaws, 14 Moderate, and 2 Low. "During the calendar year of 2007, Microsoft released a total of 33 Security Bulletins in 10 different patch events that addressed 56 vulnerabilities in Windows XP SP2. The following figure charts the 52 weeks in 2007 and shows the patch events. The height of the bar is the number of vulnerabilities addressed", Jones added pointing to Vista as the operating system capable of delivering true security to end users.