14 DAY TRIAL // Windows Vista is untouchable as far as security is concerned, according to Microsoft. In what has become a traditional operating system vulnerability measuring contest, Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group, has compared Windows Vista, Windows XP SP2, Red Hat Enterprise Linux Desktop (v. 5 client), Red Hat Enterprise Linux WS (V. 4), Ubuntu 6.06 LTS Desktop, Apple Mac OS X 10.5 (Leopard) and Apple Mac OS X 10.4 (Tiger). In terms of the sheer volume of vulnerabilities, Vista, with the least amount of security flaws, managed to come on top of all rival operating systems, with Jones placing a focus on Mac OS X.
"For January through March of 2008, Mac OS X users experienced the highest number of vulnerabilities as well as the highest number of High severity vulnerabilities while Windows Vista users experienced the fewest and the fewest High severity vulnerabilities", Jones stated, taking a shot at Apple's operating system advertised as secure by default. But at the same time neither Apple's marketing, nor Microsoft's vulnerability hunting games are an accurate measure of the security delivered by the operating systems enumerated in the first paragraph.
In the first quarter of 2008, Microsoft released 6 Security Bulletins patching 6 Critical and 3 Important vulnerabilities in Vista. No less than 8 Security Bulletins were needed in order to address 12 holes in XP SP2, including 7 Critical, 3 Important, and 2 Moderate vulnerabilities.
"During the first three months of 2008, Red Hat released a total of 19 Security Advisories in 12 different patch events that addressed 60 vulnerabilities in the desktop components of RHELD5. (...) During the first three months of 2008, Red Hat released a total of 18 Security Advisories in 14 different patch events that addressed 75 vulnerabilities in the desktop components of RHEL4WS", Jones added.
Ubuntu 6.06 LTS had a total of 54 security vulnerabilities patched via 15 Security Notices in the first three months of this year. No less than 17 of the vulnerabilities carried a severity rating of Critical. During the same time, Jones revealed that "Apple released a total of 6 Security Updates in 5 different patch events that addressed 83 vulnerabilities in Mac OS X 10.5 (Leopard). [And] 5 Security Updates in 5 patch events that addressed 81 vulnerabilities in Mac OS X 10.4 (Tiger)."
Jones turned to the CVSSv2 ratings from the NVD for the severity of Mac OS X vulnerabilities and found that 28 flaws affecting Leopard were High, 48 Medium and 7 Low. At the same time 25 vulnerabilities in Tiger were labeled with a severity rating of High, 54 Medium and 2 vulnerabilities Low.
"Users of Mac OS X 10.5 (Leopard) fared the worst for the first 3 months of the year, experiencing triple the number of High severity vulnerabilities of Windows Vista users (double the number of High severity vulnerabilities as the latest Red Hat desktop client)", Jones concluded.
