Vista's one-year security checkup

Note: This is one in a series of blogs looking at Windows Vista on the first anniversary of its consumer launch.

Microsoft took Windows Vista in for a one-year security checkup and came back with, if not a completely clean bill of health, at least signs that the infant is healthier than most babies.

According to the report, Microsoft issued 17 security updates fixing 36 vulnerabilities in Vista in the 12 months following its commercial launch in November 2006. By comparison, the company issued 30 security updates encompassing 65 vulnerabilities in XP's first year.

The report's author, Microsoft's Jeffrey Jones, says those numbers compare with more than 100 vulnerabilities fixed in Mac OS X Tiger's first year, more than 220 flaws in Ubuntu version 6.06 in its first year, and 360 flaws fixed for Red Hat enterprise Linux 4 in its first year.

Jones does acknowledge that some might consider his research suspect, given his employer, but said he welcomes other researchers to look at his methods.

"That is ultimately my goal--to get people to actively question and dig into why the results turn out the way they do," Jones wrote in his report.

Jones is quick to say that his study is not a complete analysis of the operating system's "security," but rather a quantitative look at the number and severity of the vulnerabilities found thus far.

For me, the highest testament to Vista's security comes not from a comparison of patches or vulnerabilities, but from the grumbling praise given to the operating system by the hacker crowd at last year's Blue Hat.

"Vista is the most difficult mainstream OS to break into that I've ever seen," security researcher Halvar Flake told me at the time.

[kjaristy]

For a very picky person... greatly impressed!

I've practically used all Windows operating systems out there, immediately as they come out, and I must say that Vista DOES deserve a standing ovation in comparison with other operating systems first full year of service.

[cb3431]

I agree...

I am running Vista Business on a new Dell laptop and Vista Ultimate on an old P4 system. I use the laptop for every day use and I haven't had a single problem with it. I use the P4 system as a media computer and the only problem I had was getting my ATI remote to work.

[paulocuiaba]

Sure Vista has less flaws...but...

Can you open something without the system asking if you REALLY want to open? It even blocks my Adobe Software Update. LOL...
I prefer Xp Lite. Runs fast and smooth on low memory computers. Vista? Only if you have a REALLY good machine, and don't mind losing performance...

[kjaristy]

It certainly has less flaws...

When I got my laptop approximately 1 year ago, it sure did annoy with the pop-ups asking if i wanted to open it. I just dissabled the feature. Also, to improve performance just terminate all unuseful startup programs, such as Aero (which really consumes lots of memory!). About Vista blocking your updates, for different programs, check the Windows Firewall configuration to see if the program is not checked fot it to be allowed to function properly.

[mvpcarl]

"REALLY Good System"?

Or do you mean that you just can't use it on a garbage system? Just to clear up a few of your problems with Vista:

1.) You cannot format your Windows 95 system, and install Windows Vista.
2.) Just because your system meets the minimum requirements for Windows XP, DOES NOT mean that Windows Vista will work properly on your system.

Have you heard of Moore's Law, it basically states that computers will get exponentially faster (2x faster every 2 years) with time.

If systems are doubling their speed and memory every 2 years, then why shouldn't an operating system have more features and require more memory. Have you seen ANY operating systems be released that uses less memory than it's predecessor? Or takes up less hard drive space? Why should we waste all the improvements in technology by locking us into low requirement operating systems? Switch back to DOS if you're that concerned.

[Vonmaxx]

Vista need a good machine

Vista runs on my wife's PC a quad core with 3 gigs of ram. But it
has bugs in it as does Norton 360. Hope both come out with an
update soon.
My PowerBook g4 with 876mz with 3/4 a gig of ram and OS
10.4.11 is just as fast as my wife's PC.

[dswatik]

You Can Turn It Off

Well firstly I would like to say I have had my trials and tribulations with Vista and still am to some degree... but to increase performance just turn off all the eye candy... who needs it unless you have a machine that can handle it anyhow..

Secondly, all the annoying popup questions and security features can easily be turned off just do a google for User Access Controls+Vista and you will see how to do so

[Noah Diehl]

This is tooo funny....

All I know is 6 months ago, it was nothing but VISTA SUCKS!....my how opinions have changed, LOL. I remember when XP came out...the exact same thing happened....I have personally liked Vista sence day one...got a bundled machine, so I had no problems...had to hunt for a few drivers and patches here and there, but nothing that I could not find with a little looking...really I have had nothing that is truly incompatable. But MS did the right thing along time ago with the live updates. Still wanna give a MAC a try someday... kind of wish they would team up on something at some point and kind of offer the best of both worlds to the people out there stuck bouncing between machines...really they both have there ups and downs...I just wish they would not charge so much for copies of their OS's...really $100 really should be the max, a lot of poeple like to buld there own machines and get screwed when it comes time to buy a copy of the OS. Good job to both Apple and MS with the new versions...can't wait to see what the come up with in the next ten years......but I give it an hour before the MS bashers start popping up.

[B.E2]

This is based on _reported_ flaws

This same report was in the news 2 months ago. and it was found that the number of flaws reported to be that were found does not reflect the actual number.

Moreover, because this is a close source product we can not be absolutly sure that the number of public vulnerabilities equals the total number of actual vulnerabilities(the product may have vulnerabilities that it have been fixed, but have not been disclosed).

Also in the report it also shows that once Microsoft has found a flaw(and is published), it isn't fixed nearly half of the time. were as with the others the percentage is considerably less.

Also the report is on Linux distributions rather than the Linux kernel it's self. This means that although 3rd applications have a lot of vulnerabilities, the kernel it's self does not. Moreover, the hacker can run with to the users permissions, and therefore a a lot less critical than Vista's vulnerabilities.