| #1. Posted at 09:37 AM on Jun 22nd 2007 | Edit Reply |
|
Scratch75 |
How widely deployed is Vista relative to the others? Also, what is the count of "Undisclosed Vulnerabilities"?
 |
| Edit Reply |
|
Vertigo |
The security vulnerability counts for linux distributions include literally thousands of 3rd-party application packages that are available for installation. If you were to take those out, you would probably get a much different (and more accurate) picture.
|
| Edit Reply |
|
sjpeters79 |
I'm not so sure, I mean I've been running vista for some time now and sure it may have all that security built-in (enough to annoy you at times) but I still don't think it as strong as they say they are. Just yesterday I did a virus scan and found a hole slew viruses ranging from worms to Trojans and of course the usual spyware. I'm running vista and latest mcafre software with the current virus defs.
But perhaps the reason it may so secure in their eyes is the fact that the OS is really unpredictable at the moment especially considering how applications just seem to freeze up every once in a while or the whole gui goes to basic whenever an application that apparently is not supported by the interface goes nuts. And then there is the more obvious reason. Vista is new so it'll take some time figure out many of its major flaws and once those are found and they will be, the OS will return to it previous position. |
| Edit Reply |
| Edit Reply |
|
sigher |
So MS is saying that mimicking linux/OSX is starting to pay off then eh, good for them, pity that they did manage to include daft obvious holes and some shoddy issues regarding drivers and permissions forcing user to circumvent security to get things to run, negating the 'secure OS' concept.
|
| Edit Reply |
|
Squibby |
All the statistics are based on MSRC classifications, which are extremely conservative (as they should be). Take the animated cursor bug for example (MS07-017). MSRC labeled it a critical bug on Vista, but what effect the exploits have on Vista running in a default configuration? None. Protected Mode IE saved it. Of course, it’s possible (but really dumb) to turn off Protected Mode, so it’s a critical bug. I doubt other vendors would classify their own problems as conservatively, so looking at the numbers is far from an apples to apples comparison.
Along the same lines, I think Vista takes the right approach to security (even if some things like UAC aren’t the ideal solution). Basically, it assumes that there will be security holes in the code (it’s dumb to assume there won’t be any in any reasonably sized project), and it tries to limit the exploitability of those holes. ASLR, NX, /GS, UAC, Protected Mode IE (and hopefully other reduced privilege apps later), etc. make it hard to exploit any hole. It’s not going to be impossible, but I’d be very surprised if we see someone make it through all of those anytime soon. The new problems will probably be more social engineering hacks than technical. |
| Edit Reply |
|
Shinare |
"fewer serious security vulnerabilities have been found "
Thats the key here. Thats not saying they dont exist, they just havent been "found".... yet. |
| Edit Reply |
|
herothezero |
Six months isn't much to go on, but it's still a good sign. As to Linux' inherent insecurity, that has as much to do with build options as anything else. Still, I tire of hearing how secure Linux is vis a vis anything else.
|
| Edit Reply |
|
derFunkenstein |
amusing, Apple says their OS is the most secure, MS thinks their OS is secure, and penguins think Linux is the best...surprise!
|