Apple's Mac OS X, Windows XP, and several Linux distributions all had more vulnerabilities in their first year of release than Windows Vista. That's the claim Microsoft Security Strategy Director Jeff Jones has put forward in an interesting new report published on Microsoft's TechNet blog.
Jones' report lists the number of vulnerability disclosures and security updates released during the one-year stretch between Vista's enterprise launch in November 2006 and November 2007. The report then compares the numbers to those for Windows XP, Red Hat Enterprise Linux 4 Workstation, Ubuntu Linux 6.06 LTS, and Mac OS X 10.4 Tiger over their respective first years of release. The results are interesting: in a side-by-side comparison, Windows Vista does best, with Windows XP second, Mac OS X 10.4 third, Ubuntu in fourth place, and Red Hat Enterprise Linux dead last.
According to Jones, the number of fixed and unfixed vulnerabilities for Vista was just under 70 in its first year, compared to over 100 for XP, over 150 for OS X, and 200-400 for the two Linux distributions. Vista's security updates were also introduced across just nine patch events, while the other OSes in the comparison had between 15 and 39 patch events in total.
The numbers do indeed suggest that Vista is faring well compared to its peers in terms of reliability. However, one could argue that the comparisons aren't entirely fair. For instance, Linux distributions often ship with more third-party applications than Windows, leading to more potential holes. Also, not all patches and vulnerabilities may be publicly disclosed