14 DAY TRIAL // In Microsoft's own vision, the self applauded status quo of the most secure Windows platform to date for Windows Vista has extended to other rival operating systems as well. For instance, the Ubuntu distribution of Linux fails to compare to Vista in terms of security. But the scenario in which Vista is considered the most secure operating system on the market is a Microsoft perspective not shared by third-parties. By counting vulnerabilities in the main platforms available today, Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group came up with Windows Vista as top dog. Jones produced both the Windows Vista - 90 Day Vulnerability Report and the Windows Vista - 6 Month Vulnerability Report, one in March and one in June.
For the first 3 months of Vista availability, Jones revealed that the operating system was affected by just "5 total vulnerability disclosures in the first 90 days, with one of them fixed and one High severity one pending, along with 2 Mediums and a Low severity vulnerability. Is that good, bad or indifferent?" This, while for the rest of operating systems including Windows XP, Red Hat Enterprise Linux 4 Workstation, Ubuntu 6.06 LTS, Novell Suse Linux Enterprise Desktop 10 and Mac OS X 10.4 Tiger, the vulnerabilities were pouring in starting at over 15 for XP and more than 30 for Tiger. Jones' conclusions were similar in his next report.
"During the first 6 months for Windows Vista, Microsoft released 4 Security Bulletins and corresponding updates that address 12 total vulnerabilities affecting Windows Vista," Jones stated in the second paper. "The results of the analysis show that Windows Vista continues to show a trend of fewer total and fewer High severity vulnerabilities at the 6 month mark compared to its predecessor product Windows XP (which did not benefit from the SDL) and compared to other modern competitive workstation Oses."
Jones revisited his Windows Vista - 90 Day Vulnerability Report recently with a focus on Ubuntu, following a report claiming that the Linux operating system has no unpatched vulnerabilities in March, according to data from Secunia. Jones counted the vulnerabilities disclosed before March 23, impacting Ubuntu and found eight critical, six medium and 15 low security flaws. And again, Vista came on top.
But the fact of the matter is that although the code quality in various Linux distributions and in Mac OS X Tiger fails to rise to the level of Vista, the two platforms are inherently perceived as secure. Simply counting vulnerabilities does not equal an accurate illustration of security. And no matter how many security vulnerabilities Ubuntu and Tiger gather, as long as their threat environment is calm, Windows will continue to take the barrage of fire. But is this the calm before the storm?