Vista 'more secure than OS X and Linux'

Microsoft has boasted in a new study that Windows Vista has needed fewer security patches than any other recently released desktop operating system. 

"Windows Vista has an improved security vulnerability profile over its predecessor and a significantly better profile to comparable modern competitive operating systems," stated Jeff Jones, director of the Trustworthy Computing initiative at Microsoft's Security Business Unit.

The Windows Vista 6-month Vulnerability Report (PDF) compared the number of flaws during the 90 days after the application's launch for Windows Vista, Windows XP, Red Hat Enterprise Linux 4 (RHEL4) Workstation, Ubuntu 6.06 LTS, SuSE Linux Enterprise Desktop 10 (SLED10) and Apple Mac OS X.

Vista beat the other operating systems on nearly all fronts, according to the report, logging the fewest fixed vulnerabilities and the fewest repairs with a severity rating of 'high'.

Microsoft's operating system ranked second in the number of unpatched flaws after 90 days, trailing behind only Windows XP.

Apple's OS X ranked third behind the two Windows versions, followed by Ubuntu, SLED10 and RHEL4.

Comparing the number of patched and disclosed vulnerabilities is a controversial method of comparing the security between products. Different operating systems have different features, offering attackers diverse ways to hit the software.

Jones attempted to pre-empt criticism over features by including a tweaked version of the three Linux distributions in his test.

The adapted version had been stripped of bundled applications that are not found in Windows or OS X, such as the OpenOffice productivity suite, as well as graphics and developer tools.

The number of fixes also failed to consider the popularity with attackers and security researchers. Because Windows is the predominant operating system, users run a greater risk of getting hit.

But this has also caused the software to be closely scrutinised by Microsoft and independent security researchers as they attempt to protect their clients.

Researchers, meanwhile, have started to closely track Apple software. This has been sparked by frustration over the firm's arrogant attitude towards outside researchers as well as the refusal by so-called Mac fan boys to acknowledge that Apple software is not bullet-proof.

This has prompted the disclosure of a slew of security flaws in the days after the firm launched its Safari 3 beta for Windows.

Jones's report is bound to receive criticism for his security claims, but he seemed well aware of that risk. In closing the 14-page study, he wrote:

"Jeff actively encourages readers to challenge his assumptions, analysis and conclusions and provide critical feedback – but asks for equal (or better) rigour in methodology and analysis to support the challenges, as opposed to enthusiastic espousal of unsupported evangelistic fervour."

Copyright ©v3.co.uk

and linux more os secure software than vista x