Attention Linux, Vista, and Apple fan boys: put on your gloves... it's time to rumble! A 6-month vulnerability report issued by Jeff "Security Guy" Jones has caught the eye of Redmond and the ire of places beyond. The report which bases its security assessment upon vulnerabilities found (not
actually exploited) claims that Vista is "more secure than OS X and Linux." In fact, the much maligned XP even crushes the competition using their calculations. Of course, it's worth noting that Jeff is a member of Microsoft's Security business unit which will probably sway your opinion as to the integrity of the data. Still, as incomplete as the assessment may be, it certainly appears to be a good showing for Vista considering the vast community of hackers attempting to thwart its security. We can predict what
Billy G's probably saying right about now: Dy-no-mite JJ!
[Via
vnunet]
Read -- 6 Month Vulnerability Report [warning: PDF]
Read -- JJ's blog entry
posted Jun 22nd 2007 7:58AM
The fact that he has XP so low might also raise a few flags...
Well, that and the low adoption rate of Vista.
Let the flames begin.
Isn't it also funny that they profile the distributions that won't sign the "protection agreement"...
I'm not sure this proves anything except how quickly OSes are adopted in the first six months. Windows OSes have the lowest number of exploits because fewer people are finding exploits due to low adoption rates. Next highest is Apple. And most apple users wait until a new machine to get the latest OS. Then Ubuntu, which is free to all. Then SLED and Red Hat which are used for servers, meaning both buying the upgrade AND finding exploits are high priorities. I'd like to see this data over a two year period, which the statistics on exploits broken down into three month increments.
That's the great thing about statistics...you can make them say whatever you want...
This is misleading. The Linux OSes include a whole host of software which are also being counted here, hence giving them such big bars, whilst Windows and OS X are jus operating systems without the exta software.
If we were to compare apples with apples, and not include software included with Linux which does more than a basic Windows/OS X install, then we'll find the Linux bars shrink dramatically.
Lies, damn lies, and statistics.
You are mistaken, OS X also includes several open source packages which are included in the count, like Apache, PHP, phyton, etc.
If you actually bothered to read the report you will notice he actually also reports on the linux distributions minus all the pre-loaded software that doesn't have a Windows equivilent in the base install.
Of course, lets not accuse engaget of using the graph they did just to be sensationalistic? :)
So the real lesson is to only release patches once a month regardless of need :)
I'm sorry–Vista is more secure becuse it patched more vulnerabilities? Doesn't that logic assume the same number of vulnerabilities across all the operating systems? Look at the chart. Vista has done more work because they've had more work to do. Its like saying we make the best product because out complaint line is th busiest.
Chart Reading 101: The total height of the bars in this graph indicates the number of vulnerablities found. The height if the blue section of each bar indicates the number of vulnerabilities that have already been fixed. How you interpret the data is completely up to you, but there are several ways to look at it, none of which include Vista having more vulnerabilities.
First, you could look at the chart and see that, across the board, Vista has had the least amount of vulnerabilities discovered. You could take that and say that a) Vista is the most secure, with the least number of vulnerabilities OR b) Nobody is using Vista, so they're just not finding the vulnerabilities yet.
Or you could look at the chart and notice that XP has the least amount of unfixed vulnerabilities, and low number found. You could use this to say that XP is the most secure - or that MS is spending a lot more time working on XP than Vista.
Or you could look at the chart and notice that although Vista has the lowest number of vulnerabilities found, it also has the lowest fix percentage. So you could assume that either working on Vista is a real pain, and bug fixing is going to be a real problem or that Vista isn't being improved very much right now.
And of course, the chart gives minimal detail on anything, including vulnerability severity, so you an also say that it means nothing at all.
Charts are fun!
check the read link for high severity problems....
It sounds like non-Windows operating systems have more security flaws, but nobody exploits them. Probably because the Windows install-base is overwhelmingly large.
In other news...no report will make anyone happy
News ticker
*flamebait is in full force....man acuses dog of murder...*
i believe the vista part thanks to uac and ie7 protected mode and things like that, but the fact that he has xp rated so well, disturbs me.
"it's worth noting that Jeff is a member of Microsoft's Security business unit which will probably sway your opinion"
Yep. But can anyone find any non-biased security info? There's no exact benchmark to measure security across OSs, and this graph bears arguing which is more important - MS's ability to patch and safeguard better and faster than Linux, or Linux's ability to not have its vulnerabilities attacked by every hacker on the planet.
The actual virus/attack rate of each system graphed out would be the opposite of what's above - but that isn't any more accurate.
"MS's ability to patch and safeguard better and faster than Linux"
Heh. Thanks I needed a laugh this morning.
"MS's ability to patch and safeguard better and faster than Linux"
Which is why that chart still lists ~50% of Vista's bugs as unfixed. Given the low number of bugs (at least according to the chart) that would tell me that Linux builds are quicker to fix these bugs..
The title of this story should read "Microsoft Report: Vista more secure than OS X and Linux" ;)
Can someone grab me a copy of Windows XP: Jeff Jones edition? It looks much better than the public builds.
Here's my statistics:
Number of active exploits affecting users out in the wild:
XP: 100s of thousands
Vista: 100s of thousands
OS X: 0
Linux (any): 0
Seriously... I was expecting more from Vista. When I look at critical security fixes from Microsoft, and read the accompanying advisory page, it almost always says "IE7, Win XP AND Vista". So where's that added security when most new exploits work on Vista just as well as on XP?
All that chart tells me is that Vista has the lowest number of fixed vulnerabilities, and that it has the lowest number of disclosed vulnerabilities, and that we all know what Microsoft is like for keeping vulnerabilities UNdisclosed.
Exactly what I was thinking. Open Source OS's disclose all vulnerabilities, hence the larger bars for the Linuxes.
That was the first thing I thought when I saw this chart :D
MUHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA! you guys at Engadget are so FUNNY!
Is it possible to find an unbiased opinion? It doesn't seem to do much for MS when every one of these "surprise" reports has breadcrumbs leading back to them.
ok, I'm a dork. I reacted to the headline and posted without examining the labels at the bottom. please ignore my rantings.
At least you can admit it. Dork.
"Vista more secure than OS X and Linux"
Allow me to redo the title of this article:
Vista more secure than OS X and Linux?
Well, damn! I just don't understand anything anymore! If everyone is patent infringing on Microsoft, wouldn't the amount of vulnerabilities be the same?!
You gotta love ditch efforts to sway user opinion!
April fools was, um, in April.
So I guess this is just a fool's joke, which is exactly what we are if we take this at face value.
"Of course, it's worth noting that Jeff is a member of Microsoft's Security business unit which will probably sway your opinion as to the integrity of the data."
Shouldn't that disqualify this report and cause the writer to burn in his patched infested activation hell?
In other news:
Budweiser employed beer specialist claims Budweiser is better than Coors or Corona.. White paper forthcoming.
90% of the world uses PC, Vista, XP, windows 2000. of course they are going to have alot more attackers! someone is going to sit around for days trying to make a hack for all 10 linux users LOL!!
Apple had to pay some hacker $10,000 because he was able to hack into the all powerful gift from god OSX, there was a contest from Apple daring people to try to hack it. thats why you guys have to pay $500 for an iPhone! lol. I also read a report that said the same thing a few weeks ago. look at safari for pc, it only took hours before someone hacked the piece of garbage. see what happens when apple try's to play with the big boys, they get sent back home with there tails between there legs! lol. don't get me wrong I like apple too, I have a MAC as well as a PC at home. so don't think I'm all PC!!
Then I'm sure you know the Safari vulnerabilities were fixed mere hours after the release. It's also worth mentioning that Safari 3 is a *Public Beta* ... *BETA*.
I'm not quite sure what you're talking about with the iPhone, but I'm not so sure you know either.
So much mis-information and distortions in one post.
It was not Apple that offered the reward which was $10,000 (Canadian $s) plus the target MacBook Pro. It was the sponsors of the CanSecWest conference.
The exploit that was utilized to compromise the MacBook Pro was an exploit of a vulnerability in Java that impacts all Java capable browsers, not just Macs. In addition, the contest was won only after the sponsors lowered the bar and a contest referee navigated the MacBook Pro's browser to a pre-configured website and clicked on a link placed there by the hacker. The Java script linked to gained the hacker user level access to the MacBook but not Root. The contest to achieve root level, another MacBook Pro laptop, went unclaimed.
By the way, I do not believe you own a MAC (sic).
your Right I don't own a mac, I own 2 Ibook and and a g5, I work in the advertising biz, I need them.
Apple had to make Safari for Windows flawed or it wouldn't have fit in with the Windows OS or any of the other programs : )
Um.... if this is true, it's probably due to the fact that the report only looks 6 months out. Look out longer than that, and I'm sure you'll see an enormous spike for XP... and the same will likely happen for Vista.
You should note that this graph only covers the FIRST SIX MONTHS of vulnerabilities in these OS-s. This is either a example of cherry-picking data in favor of Vista or an interesting (but theoretically valid) way of evaluating security.
I mean, how would you compare the security of OS's which have been out for different periods of time? If you only compared TOTAL number of exploits without normalizing for time (as they KIND OF are doing here).
For instance, if you assume that vulnerabilities are found at a linear (or near linear) rate and the that the total number of possible exploits is significantly larger than what has been found, then it makes sense to only compare the first six months (As they did here).
What would be nice though would be a real normalized comparison. Compare for instance RATE OF DISCOVERY normalized against instantaneous number of users or some such.
It's sorta hard to report on 12 monthly figures for an OS that has only been out 6 months, hmm?
Exactly. I'd like to see the statistics of amount of damage (in dollars and cents) caused by OS vulnerabilities. That would make some interesting comparisons.
MS just screws around with statistics. Balmer said recently that the Zune had 20 or 25 per cent market share! Adding, as an aside that this was in the hard disk category. Then a few weeks ago, some MS shill wrote that MS had smashed through their sales target of selling a million Zunes in a year - when they hadn't - and still haven't.
John Davis
Yeah, but you can't really fault them for that. They are a business and all businesses lie or overstate the success or capabilities of their products. I mean, look at Apple, they downright lie not only about their own products but about the products at others. Did you see the PC guy/Mac guy commercial where they implied that PC's can't connect to a digicam that a Mac can? Tell me what camera will connect to a Mac but not a PC. Or when they said that Mac's don't have any preloaded crapware (which they do)? Not to mention the incredible hyperbole they always employ.
But like I said, I can't fault a business for doing anything they can get away with to sell their product, I wouldn't invest in one that didn't.
If only Microsoft used attack ads, it seems they are above that.
Bill has been daring people to hack vista since the beta came out, you know for a fact the hatters at engadget would post the day someone does it. so far nothing.
Should also note that many of the "XP vulnerabilities" you're thinking of were actually OUTLOOK or INTERNET EXPLORER vulnerabilities and not failures of the OS itself.
According to "Mr. JJ" himself he included all applications bundled with the operating system. (Which is a tad unfair to Linux builds since they now include a lot of software...)
Yeah, I would see including other apps would invalidate this study. Anyone could install netbus on their computer, doesn't mean any OS is unstable.
Internet Explorer is PART of XP. It is actually used by the OS for navigation, not just web browsing.
Microsoft says Vista/XP are the most secure?
And I'm the coolest person in the world.
can I get your autograph fonzy??
Only if let you me infiltrate your security holes
LOL!! nice try. if you can find one sure. by then you'll be to old to be cool anway so never mind LOL!!
where is the "Mac OS X has exploit once released" stat. come from?
Than I should write, Vista has thousands of exploit once released.
I'm not mistaken. OS X includes *some* of the Linux apps I have in mind, but nowhere near all of them, not by a long chalk.
I have to say, to all the people who are saying Vista's adoption rate is slow, that it actually has been adopted faster than XP was. Also, I have Vista on my computer with avast! antivirus for virus protection and Windows Defender/ Ad-Aware SE for spyware/adware protection, and I haven't had any problems.
I have both an Ubuntu 7 and Windows XP with no anti-virus software and have yet to have a problem. What's your point?
I have a Mac mini with OS X, no anti-virus software, and no spyware detection software. Zero problems here. What's your point?
bull
This chart is *NOT* what it appears. See the report (click on the image). This is actually the number of vulnerabilities during the first 6 months of each product's life, so each bar covers a totally different time period. For Vista, it covers Nov 06 - May 07. For Ubuntu, Jun 06 - Dec 06. Red Hat covers Feb 05 - Aug 05.
It also demonstates a different approach to shipping - Vista tried to have all known bugs fixed by release and delayed that release accordingly; Red Hat shipped with bugs but simultaneously supplied fixes for 64 of them. Ubuntu, shipping later, had incorporated the Rad Hat fixes, and also delayed release by 2 months allowing further fixes. Which approach is "better" - well, depends on what you mean by "better".
Jeff Jones has tried harder than most to document methodology and point out unfair comparisons. The graph knowingly has some apples-to-oranges comparisons, but you need to read the whole report to see it's not claiming "Vista is more secure". What it does claim is another matter...
Its not that Linux and OSX have more vulnerabilities, they just disclose them, unlike Microsoft. Do I need to list the benefits of Linux vs. Windows?
I believe every system has a benifit and a weakness to say one is better than the other in everything is bull. I work with Solaris, MAC's and WINDOWS, I've seen the good the bad and the ugly of all 3. you say you can show me the benifits of linux, I can show you the benifits of Windows. it's an ongoing war lol, no one will win.
Does nobody bother to actually read anymore?
1) The argument that the installed software is different. READ the methodoligy
[quote]
I exclude any component that is not installed by default, which includes all optional “server” components that ship with rhel4ws. I additionally exclude text-internet, graphics (the gimp stuff) and office (OpenOffice) and Development Tools (gcc, etc) installation groups. I use the rpm command to list out all packages that get installed and use that package list to filter vulnerabilities.[/quote]
He does the same for the other oses tyring to get as close to an apples to apples comparison as possbile. To the person that said windows is just the OS, get real Media Player, Internet Explorer, etc. those are applications.
2) It doesn't list undisclosed vulnerablities. This is true, but the same can be said for all vendors. He is using public Vulnerabilty databases (include the US govt).
3) Instead of taking a glance, and pronouncing him a Microsoft Shill why don't you bother READING the report and try to find flaws in his methodolgy. Without that the chart is useless.
"2) It doesn't list undisclosed vulnerablities. This is true, but the same can be said for all vendors. He is using public Vulnerabilty databases (include the US govt)."
A). Open source doesn't have undisclosed bugs.
B). Microsoft doesn't fully report to the vulnerability database in question run by the govt.
He doesn't list out the rpms...
Why are the three Linux distributions that he tested against have such a gap? They essentially use the same kernel, and libraries, unless the build are different...
He also fails to mention what is running after the install. By default applications like Apache, and yes Apache is in the WS media, isn't running by default until the end user turns it on...
Have you looked at the vulnerabilities listed for Vista? "CVE-2007-1534 - DFSR.exe remains available for remote connections for 2 minutes after Windows Meeting Space is closed - Medium." How the F does one say that leaving a door open for two minutes is a Medium vulnerability?
Engadget itself is guilty of not reading... The Title is misleading it is stating that Windows is more secure of an OS that the listed OS. No where in the article does the author state that. It is just making the position for the first six months of its GA, windows OS have less "disclosed" vulnerabilities than the others. Also Engadget used the all encompassing graph rather than the compared OS graph to get Windows fanboys to continue to drink the kool-aid.
Gianni:: AHHH so now we have to go to the personal attacks, we just can't have a discussion, it looks like that go to you!! lol good! like they say " i'm rubber your glue.." lol what a loser.
You have got to admit, it's a novel way to pad a report and technically not lie about it. Genius, even if it is a little wrong.
in light of the longer posts ive been seeing in engadget comments...
this seems like the perfect time to mention that i am an extremely heavy downloader that downloads gigabytes per day using torrents and newsgroups.
i used to used windows xp, and i now use windows vista. i use no firewall or anti-virus software and have had no virus problems in the last 5 years. you get viruses by downloading the wrong stuff, not just by using a computer.
further, windows vista seems really secure in that every time a setup program is run, you are prompted to see whether you really want to run it.
AND this one might be the kicker to a bunch of you fanbois, but OS X BLOWS. i go to a college where an honest 40% uses the os, so im ultimately faced with using the laptops on occasion or even more commonly using the the imacs in the library because all of the dells are taken. OS X is advertised as this really easy to use OS that never crashes, but in all of my experiences with it, its not easy to use. for most people, the windows interface is familiar and the new vista interface is beautiful. if you use windows a lot, you are going to want to commit suicide when you try to right click and its just not there. and computers crash. all computers crash. my computer crashes extremely rarely, but in all honesty, it does happen, and in my experiences with os x, it crashes too. if you do too much with your computer, its gonna crash or at least slow down to the point where it might as well have crashed. the beauty is that with newer software, all of your data is autosaved pretty frequently, so you wont have a problem.
ultimately, what im saying is for the GREAT MAJORITY of users, OS X is completely inferior to windows. the small minority that i think mac is great for are people who are editing/creating music, video, and photos.
thank you, and good night.
These are some of the more ridiculous posts I've seen in a while. First of all, to the post further above, Apple didn't pay anyone 10K to hack anything - C|Net had a contest, and they had to keep changing the rules until they made them so unrealistic and impossible that someone could exploit something with the user's consent several times. I don't find that to be much of an exploit.
Second of all, why does an operating system blow because you don't like it? Try this: put a one-year-old child in the driver's seat of a car. Can it drive it? No? Okay, how about a five-year-old? Ten? At some point, that child is TAUGHT how to operate that equipment, and when it actually uses the equipment, it keeps learning it until it (hopefully) masters the basics, then perhaps more advanced items. The same is frigging true of a computer - you've been taught how to use Windows, perhaps first through observation, then by practice, etc. Windows is not easier, nor is Mac. Mac is considered to be more intuitive to learn w/out instruction, and in my experience with thousands of Mac and PC users, this has proven true; but once you're taught something, you hopefully retain and build upon that knowledge. And of course there has been right-clicking on the Mac for over ten years, so that's just a comment from ignorance. I would say that the real criteria for an OS 'blowing' would be its security, its [lack of] capabilities - neither of which are problematic on the Mac OS. I'm not sure I follow the logic of Safari on Windows beta having security issues being a reflection of anything other that Window's own security issues, but this chart is not talking about browser exploits (consistently at least).
I have found that for the 'great majority' of computer users, they are finding that they no longer are chained to any OS, because when all they do is read e-mail and look on eBay, just about anything will do. Based upon needs and not preference, all modern OSs meet the needs of the 'majority'. Therefore, people choose OSs on other factors - sw/hw investments, security, preference, etc. and, quite frankly, when security and viruses come into play, users abandon Windows OSs. This chart won't change their personal experiences, nor their perceptions of how bad MS security is.
Hmm, are you talking about OS 9? If you aren't, then you are retarted. Please join the Special Education program.
No right click? seriously man, get with the times! OS X HAS RIGHT CLICK, RETARD.
there is no right click. i stand behind this statement. when i go up to all the imacs at school , the mouse has no right click. its not a "right click" if you hold a button down and then click, thats just alternate clicking. you cant right click god damnit! its annoying as can be, windows has a 95+% worldwide market share and that means that most people are familiar with the windows user interface, and its easy to them, therefore it would take additional effort to learn a new os and this is no less than useless.
the effort that has been put into learning windows is considered sunk cost, because it is time that is already gone and you cant ever get it back, so that is an advantage to windows whether you like it or not.
and windows lack of capabilities? wazaah? wahht???? i do a lot with my computer and while i will concede that the mac os is more capable with editing/creating media hardcore, i dont think that is an honest flaw of windows because 99.99% (literally) of computer users don't ever do that kind of stuff.
and as you said, most people just use the computer to send email and search the web, and as i said, windows is a better interface for this because most people are already familiar with the interface, so theres no point to switch. windows doesnt have holes in the security. its not about the os, its about not downloading the wrong crap. if you are running mac and you download a lot of crap software, youre gonna have crap popping up all the time.
OS X IS NOT INTUITIVE. i just completely disagree with anyone who says otherwise. its freaking complicated. even moreso for someone who is already familiar with windows. im an 18 year old college kid who (not to sound too proud or anything) knows his way around a computer and consumer electronics moreover.
You want Intuitive? Check out the Cross Media Bar (XMB) on sonys new gizmos. im no fanboi, but i will concede a better windows interface when it presents itself, and XMB is just beautiful and soooooo easy to pick up. ive asked older people what theyve thought of it, and they all love it and pick it up really quickly. the problem with XMB is that it (obviously) isnt going to have the full fledged functionality of windows or osx.
and to conclude once more.... OS X blows. most users should just stay away. i stand behind these statements because people are already familiar with windows and os x is not better imo. i dont think it is AT ALL more intuitive and i dont think its smart to ask people to re-learn how to use a computer.
functionality, practicality, control vs. cute animations, time waste, money waste
... i can do this forever baby.
Bob Delani: "i use no firewall or anti-virus software and have had no virus problems in the last 5 years."
How do you know that you didn't have a virus with your Windows susceptible to 100,000+ viruses when you are not using Anti-Virus-Software? This reminds me of a relative of mine who also swore he never had problems with viruses either. He isn't exactly an expert in computer security but one day he decided to run a virus check anyway. Later he said that he stopped the scan prematurely after more than 7000 viruses and trojans were found on his fine machine.
DISCLAIMER: I totally agree with you that being conscious and aware about IT security will also allow you to do just fine with Windows. For people like my relative however (and these make up the majority of computer users nowadays, not the tech-savy readers of a gadget blog), well I think he would be better off with a Mac and OS X for which viruses just don't exist so far.
I would stand behind the statement that you haven't seen the new mighty mouse from apple. (check out http://www.apple.com/mightymouse/) It detects and discerns a right click from a left click. No extra keyboard input needed. As for windows having this magical right click functionality, go out and buy a single button mouse and there goes your right click. Not a valid point.
Next point, Mac OS not being intuitive? I grew up on Macs. Started playing Oregon Trail on a Apple IIc, graduated through the Mac OS systems through out grade, middle, and even high school. OS X is a piece of cake. There's the icon for the program I want, I click it. Once I'm done, I click the X box. How is that not just as intuitive Windows. There you have your start menu, then programs, then manufactures folder, then possibly a submenu. So how is that more intuitive? Desktop icons you say? (thats what the dock of OS X is...but more organized) If you grow up with a system you know it, it doesn't matter if its Windows or Mac OS. If you were to go onto a Linux or pure UNIX machine you most likely wouldn't have a clue whats going on because you didn't grow up with it.
"and to conclude once more.... OS X blows. most users should just stay away. i stand behind these statements because people are already familiar with windows and os x is not better imo. i dont think it is AT ALL more intuitive and i dont think its smart to ask people to re-learn how to use a computer."
Ouch man! My parents got on a computer because of me, which means they get a fresh start. No biases from having been taught one convention or the next. Could they have started on a Linux box...sure why not, they wouldn't know any better. Why not get them started using the "universal WINDOWS system" since 99.9% of the population knows Windows and why shouldn't they? Or they could sit down, click on the Firefox icon in OS X and know everything they need to know.
Quite simply your arguments only hold base if the only thing you want to look at is past experience and ignore change. If that were the case, inovation as we know it would not exist. Wake up and see the world.
"there is no right click. i stand behind this statement. when i go up to all the imacs at school , the mouse has no right click. its not a "right click" if you hold a button down and then click, thats just alternate clicking. you cant right click god damnit! its annoying as can be, windows has a 95+% worldwide market share and that means that most people are familiar with the windows user interface, and its easy to them, therefore it would take additional effort to learn a new os and this is no less than useless."
Gee. that's very strange, Bob. I am right clicking right now... on my Mac... with a multi-button mouse. Your assertions that "there is no right click" flies in the face of every Mac user who knows what he is doing.
You stand behind your ignorance of the system. No need for frothing at the mouth; Ignorance is curable. The next time you go to use an iMac, select "System Preferences" under the Blue Apple Menu... then choose Keyboard & Mouse Preference Pane and TURN ON the Right Button. Or just plug in any USB two or more button mouse. Problem solved.
" if you are running mac and you download a lot of crap software, youre gonna have crap popping up all the time. "
Actually, no, Bob. I am a cross platform IT consultant that supports both Macs and Windows PCs for small businesses. I have never seen any "crap" popping up on any of the Macs. Sorry to say, I cannot say the same about the Windows PCs... although it is much better since SP2 on XP. I still make a very good living from cleaning up the messes users make of supposedly locked down, secure Windows computers, because they tend not to leave them that way. The ONLY reason I see my Mac clients is to install updates properly and occasional system maintenance which is part of my services on retainer. I charge a higher retainer per machine for Windows PCs... because they will cost me more time when I am called to clean up the mess.
By the way, while we're talking about functionality of buttons on mouses, etc., there is a key just to the left of your Z key and to the right of your apostrophe key... why don't you use it? Or does your Windows machine lack a functional Shift key?
Well, I'm about to dump OSX and Umbutu for Jeff XP version, think about it! XP is more secure than OSX! knowing that I would have never bought a Mac, I'm switching back right now ! ;-)
Maybe George Bush should release some statistics saying how good he is. "See this bar, this bar goes all the way to ten. Thats the top of the tops."
This just goes to show that you can make information match ANYTHING you want. The key is how vulnerable are they NOW? not how vulnerable were they when they were first released. Guess what, if I'm using linux or OSX, I'm using them NOW. I'm not using some time warped, stuck in the past version. So why don't we compare apples to... well you know what I mean.
How does this show that windows is more secure than other OS'es? It shows that there is by the authors definition, less Vulnerabilities than the other any other OS during the first 6 months. I would like to see the rpm -qa report for all of the Linux OS. There are tons of packages that RedHat, SuSE, Ubuntu install that are not necessary and not needed by default. There may be "Vulnerabilities" disclosed with some of these products, but if you read the reports 90% of them are usually DoS issues, and not the typical windows "I'll just leave this hole open for two minutes."
Also to the User who claims he doesn't use anti virus on his Windows boxes, I say "*** STOP: 0x0000007B (0xF201B84C,0xC0000034,0x00000000,0x00000000) INACCESSIBLE_BOOT_DEVICE"
THAT MAKES SOOO MUCH SENSE!
Maybe that would explain why I have fucking spyware ALL OVER my Vista partition, but NONE on my OS X partition! BIASED PIECE OF SHIT.
> Apple had to pay some hacker $10,000 because he was
> able to hack into the all powerful gift from god
> OSX, there was a contest from Apple daring people
> to try to hack it. thats why you guys have to pay
> $500 for an iPhone! lol.
It's not as if Windows hackers haven't been paid off for similar challenges. And you're telling only half the story... no one was able to hack OS X on the first day of the two-day contest, so they relaxed the rules to on the second day to make it easier. Also noteworthy is that this is a Quicktime security hole that affects both Windows and OS X users.
Of course, OS X isn't invulnerable and at some point there will be more widespread hacking of it. But this chart is meaningless; it shows that XP had few vulnerabilities, yet XP is over-run with security problems. So the headline "Vista more secure than OS X and Linux" is certainly sensationalistic and misleading.
Also (as someone else mentioned), it wasn't Apple who paid the prize you mentioned.
It seems to me that the flaws are discovered easier due to the open source nature of the Linux OS. How long does it take to discover a flaw in a Windows system? Flaws in Windows XP went undiscovered for years. First six months of vulnerabilities you say? Yeah, that sounds about right.
WOW...let's see...
Huh...Spyware/Adware is still finding crap in my XP/Vista, while my Antivirus/Defender/Firewall is sucking more resources and OneLive Care still charges you for protecting your own OS.
Good thing....they are not needed with my MAC and Ubuntu....no thanks.
Would someone report to me when SANS does the evaluation, not some ID10T!!!
Here is an interesting article countering this claim.
http://security.itworld.com/4347/070622vistapatching/page_1.html
Wow that makes as much sence as that gates quote...
Funny. This is like Hillary Clinton writing that Democrats are better
than Republicans.
If everyone would read the report (before you comment) you would have a bigger understanding of the thought process. And Yes for Modern releases, Windows Vista is the most secure in its first six months. Thats not to say it will be the most secure three years from now! And don't take "Slow Addoption" rates since MS has sold over 20 million copies way more than would buy OSX or download Ubuntu in 6 Months.
And lastly for people that complain about bundled software with Linux... if you read the report you would understand he removed vulnerabilities found in GCC or OpenOffice etc... as they didn't count!!
"MS has sold over 20 million copies way more than would buy OSX or download Ubuntu in 6 Months"
To OEMs. Considering there were some 40 million PCs sold in the same period of time... I don't think that 20 million number if very impressive at all.
Sounds like JJ is getting a raise over at MS.
you know i'm sure this has nothing to do with the fact that redhat is patching an entire userspace while microsoft is not although i could be wrong you know :O
He? Ok, let me think - what are OS about in first place anyway? Environment for running applications! And what do they do to make this environment secure for data and applications?
The security of OS should be measured as how OS secures applications against other applications, or data against applications. Who cares about just OS?
Let me suggest other test: take normal user give him some malicious application and test how malicious application can damage integrity of whole system if user decides wrong - to install or run it... Can it delete permanently your Word files? Who can on first sight see what application will do to my system? Shouldn't somebody protect me and my data from judgements, which are just base on something that application is claiming but can do other way?
I always hear that users are stupid if they install software they know nothing about, but hey, I need a program to tune my guitar, to convert acc to mp3, and many many other things and... and in this way OS is nothing but burden - any application can in fact delete my whole hardisk by installing it and I just get notice "Warning: do you really want to install this application?" That's this MOST secure OS?
Current model for modern OS is the worst you can get, the model is simply stupid old and need very security aware people behind it. Most of the flaws are people's mistakes, and OS does nothing to protect itself from them... It's like you meet somebody on street and he just asks you - will you trust me and give me your keys? How dafuck should I know? But if I don't give them to them, I get nothing...
Vista security is DYNO_MITE !!!!
That graph seems somewhat skewed. I will say, though, that it appears to me that Microsoft has been paying a lot more attention to security flaws lately than in the past, and I'm happy about it--even though I'm primarily an OS X user. I hope the trend continues, honestly; I'd love to see Windows have more and more of its problems sorted out (although I believe some of them are due to the basic design philosophy of the OS).
As far as comparing operating systems, there are two questions that tend to get conflated: 1) which is the better operating system and 2) which is better to be using. If you care about #1 then the number of bugs is important. If you care about #2 then the number of exploited bugs is the more important. As a user, rather than as an operating system programmer, I care more about #2. Unless there is a reason to think that the Windows market share is going to drop dramatically in the near future and the hackers are going to start focusing on the other operating systems, I really don't care too much about #1. Thus, I use a Mac and don't worry about viruses etc. Whether it is actually better or worse than a PC (from the standpoint of a programmer) is irrelevant to me.
Joe
One other thing I was thinking about... are these OS X security issues from 10.4 or from 10.0 to 10.4? That's quiet a few years of fixes for OS X vs. the few months of Vista. I would also like to know the value of these security risks. A risk that someone might see how many times I've sent emails in a day is a lot different than some malware on Windows that corrupts all my information.
Just because these securities problems are fixed or there arnt that many doesn't mean MS can go around saying its safe, there are some security issues, and they WILL/ARE being exploited.
Though apple inparticular need to pick up there game, those people living on Mac island (including myself) maybe need to seriously consider how secure our OS is.
The amount of security issues is a problem, the biggest is how many people try to exploit them.
Luke
Long before this article there was a "hacker's convention" of sorts (and no, I'm not a hacker). The idea was to see if the new Windows Vista could be hacked. The poor thing didn't stand a chance. Not only was it hacked often, but it was done fairly quickly. Makes me wonder why less than half of their "disclosed" vulnerabilities have been fixed.
To top that off, I have several friends who stick with PCs because of the higher cost of Macs. Many of them installed Vista, but turned around and reinstalled XP within a week. Turns out the fact that Vista asks you to confirm or deny just about every move you make really reduces how efficiently you can work on it. However, if you disable it, then you're back to XP, which unfortunately does not perform anywhere near as well as the results above would lead us to believe.
If you're going to read this, read the whole thing. Don't take my points out of context unless you're just hunting for a war, in which case, f**k you.
If you know what you're doing, Windows is just as secure as (and in my case, much faster than) OSX for anything and everything. Period. Please, call me a fanboy if you want, and confirm your own Apple-bound hypocrisy.
If you're computer-illiterate and/or don't want to worry about what your computer is doing behind closed doors, buy a Mac. There's nothing wrong with that. I help people remove viruses and spyware from their Windows boxes quite frequently (though to this date I've never had to go back to the same box twice), and often one of the things I suggest is that they look into buying a Mac, so please don't label me as just another MS soldier.
Now here's the flip side.
I personally have a hard time using OSX due to the overly bloated and slow interface (yeah, I said it). Apple made a bad decision by sacrificing speed in favor of pretty animations and two inches of clearcoat varnish. Basically, I work faster than it does, and I like to know what my computer is doing and be able to strip it down for maximum performance when the time comes, therefore I dual-boot XP and Ubuntu. But if you ask me, it's all about the best tool for the job.
For the record, I do visual effects work (3D animation, fluid simulations, compositing, etc.) with 2k/4k frame sizes, and you just can't do what I do in OSX. You can't. The way the OS addresses memory and cache, and the fact that it's still stuck with OpenGL or poor software emulation all make it much too slow for high-level content creation. Plenty of artists I know use their own personal Macs for concept art, but the line gets drawn after that. OSX just doesn't fit in anywhere. Not for modeling or animation, not for rendering, not for compositing and post, not for sound design, and DEFINITELY not for editing and mastering the final cut.
And for every Mac user who claims OSX is the cream of the crop for photo/video creation, there's an entire visual effects house making hundreds of millions of dollars on a Windows/Linux/SGI pipeline.
Thank you for your time, and remember: what I just said means nothing to you. Do what you want.
I just lost a lot of respect for Engadget for posting this slanted "report" made by a Microsoft stooge.
What the report doesn't tell you is that the nature of open source exposes vulnerabilities to the light, allowing them to be fixed. Vista and XP are closed source, so there tons of vulnerabilities will be hidden, and exploited until a small team at Microsoft find it and decide to patch it (usually taking much longer than at open source camps).
Notice how it says 'full' on the bottom of Linux distributions? I can only guess that means the distribution plus the 'full' software set. That is over 15,000 applications for each one of those three. I don't know why they did that, but then again, I am sure throwing in 15,000 third-party applications that run on Windows would not introduce more vulnerabilities....
@Kamalot
"It sounds like non-Windows operating systems have more security flaws, but nobody exploits them. Probably because the Windows install-base is overwhelmingly large."
Non-windows OS's almost certainly do not have more security flaws, their flaws are just open to the public, since they feel it is important to let everyone know they are at risk, instead of keeping it secret from them. If it were an install-base issue, then certainly the large portion of servers running Linux and unix-likes would suffer from the same symptoms as Windows.
Face it, fundamentally, Linux is more secure. True multi-user, modular, and security minded. Windows is not true multi-user, is not as modular, and makes it easy for people to screw it up.
Why Engadget posted this crap is beyond me. The comparison is apples v. oranges and doesn't divulge into any real substance involving the actual security of these operating systems.
This shows that you can say whatever you want or what you are paid to say about your company when compared to others. However, I must compliment Engadget for putting this is perspective [source warning]. Keep up the good work guys and keep informing me of all the new tech toys that are available! I just counted that I have no toes. Of course, I counted with my shoes on.