In comp.os.linux.advocacy, Moshe Goldfarb
<brick.n.straw@xxxxxxxxx>
wrote
on Thu, 24 Jan 2008 14:53:54 -0500
<u3tjuwykw9ld.1gdwbdlhxs90$.dlg@xxxxxxxxxx>:
> http://digg.com/security/Windows_Vista_s_one_year_security_report_will_surprise_you
>
> http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx
By Jeffrey R. Jones Security Guy (and Microsoft Director).
Clearly this is an unbiased, glowing report on Vista
security, and we should accept his output without question.
Riiiiiight. Color me slightly skeptical.
My copy of gpdf has some problems actually reading the
thing; the title page is OK but the rest doesn't clear the
screen between pages properly. xpdf fares a bit better.
I suspect a bug in gpdf but can't say I know what it is
offhand. The combination pdftops and ggv did not have
any problems, though my copy of ggv apparently doesn't
have options for font aliasing, resulting in a slight
amount of jagginess. (Presumably at some point ggv will
be retrofitted with cairo or pango. I'm not sure whom
should fix this, but in theory I could, with a lot of work.)
Page 12 indicates that Vista had 36 vulnerabilities fixed
compared to XP's 65, and 17 security updates compared to
XP's 30, after one year.
RedHat 4ws and Ubuntu had far more patches (64, 65) and
fixed vulnerabilities (360, 224)...however, it is far
from clear judging solely from this report how serious
the vulnerabilities and how extensive the patches actually
were.
Vista indeed compares well using the number of patches
and/or repaired vulnerabilities as a metric. The question
is how good a metric that is.
>
> http://tinyurl.com/ypj4p9
>
> Notice Schestowitz going into damage control and, as usual, referring to
> his own site as "proof".
Poking around Roy's blog suggests that Roy has yet to
directly tackle this particular report, but he did mention
an earlier report
http://www.csoonline.com/pdf/6_Month_Vista_Vuln_Report.pdf
which suggests that Vista after 6 months was more secure
as well. Same guy as the 1 year report.
Hmmmmmmmmmmmmmmmm..................
Googling "Security 1 year Vista Red Hat"
coughs up the first link above as its top link.
However, it also coughs up
http://www.engadget.com/2008/01/24/microsoft-vista-has-fewer-first-year-vulnerabilities-than-any-m/
which asks a rather interesting question:
As contentious as the report is, is anyone else
reflecting on the fact that Vista is more than a year
old for businesses (almost exactly one for consumers)
yet XP continues to ship standard on many PCs?
Hello, Microsoft Marketing Machine? Clue phone, line three...
That question may be dismissable as many factors contribute
to corporate decisions to use XP instead of Vista (worker
annoyance being the primary one, presumably), but it's
still rather interesting.
Note, BTW, the amount of yellow in XP and Vista; it's about
the same size as the blue. Contrast that to the amount of
yellow in the MacOSX (maybe 1/4), the Ubuntu (1/10?) and
RHEL4 (1/9?) bars. While it is true that RHEL has far
more fixes than Vista, it had a lower ratioleft unfixed.
>
> Gotta keep those benefactors happy now, right Roy.
--
#191, ewill3@xxxxxxxxxxxxx
Linux. Because vaporware only goes so far.
--
Posted via a free Usenet account from http://www.teranews.com
|
|
