My Headlines

Sunday, March 30, 2008

Interesting Tidbits from Jeffrey Jones Windows Vista One Year Vulnerability Report

By Don Burnett

I seem to have ruffled the feathers of a lot of Mac folks, with some statistics and suggestions that Vista was a lot more secure than Mac OS X (10.4) and Windows XP.. People are offended apparently at the number of days it took to hack a MacBook Air (two days)..

Here are some statistics from Jeffrey Jones Report. I suggest you sit down and read the entire report. You will see that this isn't political, but a fair and honest assessment. It's just tracking of the numbers of patches/vulnerabilities and what actually happened. You can download it right HERE...

HIGHLIGHTS

Note: This is all from Mr. Jones report and I am quoting it all here...

"

vulnerabilities1 "

... "

vulnerabilities2 "

I suggest you read the entire report for yourself.. Numbers are reality, and all the Mac Fanatics in the world can't change the reality of these numbers, or any amount of spin from the "Steve Meister"... This is what happened with each of these systems/platforms.. You can't argue with numbers. Take that.. Mac-vs-PC television ads..

 

3 comments:

Unknown said...

Nice quote from the report.

'More generally, if a theoretical “silent fix” (in any product) actually is easily rediscoverable and is proven to be so for any vendor’s product, then it will join the publicly disclosed set of vulnerabilities in due course and can be measured as well. '

It's a known fact that MS has updated pieces of the OS without any user interaction. What he is saying is that if it is found by someone, then they'll count it in their estimates, eventually. If it isn't found, then we'll just pretend it never happened.

Yes, on the surface it appears like a good research, but when I read that part in the FAQ it really called the legitimacy of the research into question.

In the end I think that Vista is far more secure than XP. But this article had little weight because of that FAQ answer. He works for MS, he should have found all the "hidden" updates and counted them. Taking the approach he did was lazy. It would be okay for a third party that was not privy to that info, but he is, so he should have taken advantage of it. But the problem is then he would have to expose everything MS had done "silently", and that would have really turned the report around I feel.

Joe Morrison said...

Hi Don you are right and the facts you are with simply reals it out that the vulnerability threats seen by Vista is far more less then its predecessors.

But it is still not the favorable one when it comes to counting on it, and that might be because of the High Hardware consumption needs in terms of memory requirement, HDD and other.

But then that is the way vista is and that's why the graph's are being favorable on their part.

Don Burnett said...

Dude, I think you are splitting hairs here.. Most things like updates including stuff you wouldn't see would get recorded and set with a restore point.

Your known fact, really is conjecture on your part. Because if it's true at Microsoft, it's probably true at the other vendors as well.

The reality of this for me is not what's hidden from the companies mentioned but "known quantities" at the time and public info, like the number of times patch events happened..

It's really easy to undermine someone's findings.. Someone once said, ".. there are lies, damned lies, and benchmarks".

I think even if what you are saying is true, the "publicly known quantities" which is obviously what he is reporting is still a great case for Vista's security and makes it very comparable and competitive with other OSes..

I don't really know who you are, but I don't think your argument holds water for me, if he could even get at the info of "hidden updates" who's to say he could get that same info at the other companies, so why not disclude that information from the study anyway..

No offense, while trying to sound official it's obvious that you seem to be trying to discredit this guy due to his employment and you mention that first anyway..

I don't feel Microsoft does anything more "silently" than any other company does and frankly I'd love to see you try to prove your "conspiracy theory" about that with regard to Vista and any other company (Apple, Red Hat, Ubuntu).. In the meantime, I'll start blogging about JFK, Marilyn, Bobby, and Princess Diana and see where we get with that..