digg

Join DiggAbout

Introducing Digg Dialogg!
Check out the first Digg Dialogg with Nancy Pelosi. More guests to be announced soon!

Warning: The Content in this Article May be Inaccurate

Readers have reported that this story contains information that may not be accurate.
See the original image at gizmodo.com

Microsoft Says Vista More Secure Than XP, OSX and Linux

gizmodo.com — They have a complete argument with graphs and stuff. We're in full duck n' cover mode.

Bury
show profanity settings
expand all
  • heartless_, on 01/24/2008, -9/+98I don't know what is worse: Gizmodo making a bunch of assumptions or the Microsoft guy failing again to explain differences between each OSes idea of a "patch" or "security fix". To me, both sides are just as stupid.
    • mlostracco, on 01/24/2008, -5/+9Just don't factor in the degree of potential fallout from a certain security hole, how many total security issues the OS had from the start, whether the security threats were major or minor, the danger of legacy versions of the OS (and how many of them are still being used), the cost of maintaining overall security, or how many of Microsoft's "few" patches fixed a whole slew of problems at once.
      • grumpyrain, on 01/25/2008, -0/+3As well as the more important (IMO) factor of how long it takes a vendor to fix an issue once it is discovered and the quality of that fix. The table is pretty pointless because anyone can achieve just 9 patch days, just hold the fixes until patch day. You also can not simplify the numbers to the extend Microsoft would like them to. An exploit that allows a malicious local user to elevate privilege is less problematic than one that allows a malicious remote user to execute arbitrary code. You can not simply compare OS vulnerabilities on one hand, and complete environment vulnerabilities on the other. If you want to count flaws in Open Office towards the Ubuntu, you need to count the Office 2007 flaws towards Vista.

        There is no doubt in my mind that Vista is the most secure consumer breed of Windows to date. UAC, Protected Mode, ASLR, Defender and a more powerful firewall make this a no-brainer. But to use deliberately misleading figures to prove a point is pretty futile. It is a noble goal for the Windows team to have less flaws than [insert other OS]. It is not however something for the marketing department to spin. Ultimately any measure that tries to simplify security down to a number is doomed to fail.
    • Myonosken, on 01/24/2008, -4/+84What's most annoying is the obvious fanboy who has posted this under Apple. Because that's not trying to attract a specific response.
    • Hickeroar, on 01/24/2008, -9/+30And who's to say Vista's security holes aren't being covered up or ignored? Based on their definition of "secure," NOT patching Vista makes it more secure.

      All "security" things aside, Vista still sucks wore than any of the other OS's listed there.
      • dkoon, on 01/24/2008, -7/+8Ubuntu 7.10 - 38 Secunia advisories - http://secunia.com/product/16251/?task=statistics_ ...
        Vista - 21 Secunia advisories - http://secunia.com/product/13223/?task=advisories_ ...
        Redhat EL4 - 373 Secunia advisories - http://secunia.com/product/4670/?task=statistics_2 ...

        Anyways! EVERYTHING aside, we trust your opinion more than anyone else.
        • vibrokatana, on 01/24/2008, -2/+14The same site states that they should not be used to compare or use as statistics for an OS.
        • Hickeroar, on 01/24/2008, -3/+5with the amount of crap that secunia MISSES, it's a wonder anyone uses them as a source for ANYTHING.
        • dkoon, on 01/24/2008, -6/+3“Red Hat has the highest number of applications included, so the number of vulnerabilities that affect it is bound to be higher.”
          When you market Linux to people you tell them it includes the most apps; when it comes to counting vulnerabilities, you tell us OMG it's not our fault it's all those apps problem, you shouldn't include those apps.
          How about this? “Windows has the highest number of users, so the number of vulnerabilities that affect it is bound to be higher.”
          • trogdoor, on 01/24/2008, -2/+7"When you market Linux to people you tell them it includes the most apps; when it comes to counting vulnerabilities, you tell us OMG it's not our fault it's all those apps problem, you shouldn't include those apps."

            Saying that you can install thousands of applications is not the same as saying that you should have them all installed at once, a basic security principle is that, to the extent reasonable, a production machine should be running only the software absolutely required for the task and NOTHING more. Please explain to me why you consider the two statements contradictory because your argument has such a lack of basis and logic it actually makes it harder to refute point by point, you don't even give me something to work with :)
          • dkoon, on 01/24/2008, -5/+1Lack of basis and logic? Most of the Windows or Internet Explorer Virus and Trojan problem is users download those files not knowing that it's a virus. According to what you the apps can be install doesn't mean it should be install; then I guess it's fair to not count all those virus and trojan security problems with Windows?
            It's contradictory because it comes with the OS, honesty, think about it if Windows ships with trojan files in a program which let you choose to install or not, is that Microsoft's problem? What do you think you Linux fanatics would react?
            Please try not be such a hypocrite, you don't count the Apps that comes with Linux, but you blame everything on Microsoft for their users downloading virus and trojans? And when Vista came out you guys slam Vista for asking the users everything before running and executable file?
          • trogdoor, on 01/24/2008, -3/+1"According to what you the apps can be install doesn't mean it should be install; then I guess it's fair to not count all those virus and trojan security problems with Windows?"
            Yes, exactly. What's your point?

            "It's contradictory because it comes with the OS, honesty, think about it if Windows ships with trojan files in a program which let you choose to install or not, is that Microsoft's problem?" We are not talking about anything shipping with malicious code, just insecure code. Again, what's your point?

            "Please try not be such a hypocrite, you don't count the Apps that comes with Linux, but you blame everything on Microsoft for their users downloading virus and trojans? And when Vista came out you guys slam Vista for asking the users everything before running and executable file?"

            I have never done either of those things, in fact I have made comments applauding Microsoft for Vista's security, but I guess you prefer to just make completely unbased assumptions.

            Also, to clarify, when you talk about security vulnerabilities in Debian for instance you are not talking about a "default" or base installation, you are talking about any program in the repositories. So if I am worried about the security of my database server why should I care about vulnerabilities in Debian's Open Office or Firefox packages?
          • trogdoor, on 01/24/2008, -3/+1After re-reading your comment I see that you were talking in terms of Desktop distros where this study and my comment were aimed at production server concerns. None the less I still think you misunderstood that even with Ubuntu, the Secunda vulnerabilities do NOT just count applications installed by default, but instead all applications which are available to install and which Canonial has said they provide security updates and assurances for. So a vulnerability in Emacs is counted as a "Vulnerability in Ubuntu" even though IIRC it is not installed by default in any version of Ubuntu, and because I do not use it is not of concern to me ( or likely most Ubuntu users )

            PS: vim FTW :)
    • ElbertF, on 01/24/2008, -4/+9At least they admit they have more unfixed bugs then Ubuntu.
    • crimsonnblue, on 01/24/2008, -0/+5Oh boy... this is going to attract so many trolls, from every direction...!
    • natenovs, on 01/24/2008, -1/+10read the damn paper:

      "I think it worth spending a moment to discuss what this analysis covers, why it might be useful to some people and, perhaps most importantly, what it does not say.

      If it was possible to measure “security” in one metric, it would have to encompass a complex combination of factors including (but not limited to) the software quality, administrative controls, physical controls, and much more – and even then, it would all be in the context of whatever security policy was defined for the systems in question.

      So, this is not an analysis of “the security”. I don’t look at protective mechanisms and see how they might protect in certain scenarios. Nor do I look at security features and see how they might enable better privacy or help secure business process. And I certainly don’t look at how easy it is to manage the security policy for these products.

      Is there anything in this analysis which will prove one piece of software is “more secure” than another? No, that is not my intention.

      This report is a vulnerability analysis, which may provide some elements that could be part of a broader security analysis. I fundamentally believe that security and non-security features need to be built upon a foundation of good engineering and solid security quality if they are to perform as we expect and not be misused to the detriment of security."

      nobody claimed vista was more secure than anything!
      all this study is used for is to show that the Secure Development Lifecycle, safe libraries, /gs flag, and other security initiatives are actually producing better code. honestly, what's wrong with that?


    • oriondr, on 01/24/2008, -0/+9For all we know from reading the article alone, Microsoft DID explain the difference, but the gizmodo guy (with very blatant bias) neglected to include it. He's basing his article off another 3rd party article. The original blog post is here:
      http://blogs.technet.com/security/archive/2008/01/ ...
    • PhoebusApollo, on 01/24/2008, -2/+26Two things:

      1. It's not wrong for the Microsoft rep to taught patching rate and vulnerability figures for Vista. Any software developer has a right to flaunt such figures when Vista is doing so well with it. People should compliment Microsoft for figures like that, and to say no one is using it is completely baseless, adoption rates are very high and you people would know that if did any research.

      2. The Gizmodo article is completely worthless, considering that if the author actually did find examples of specific vulnerabilities that are Vista-specific, he would find, CLEARLY, that Vista is considerably more secure than XP was during its first year, not just in number of vulnerabilities but in degrees of severity and exploitability. Most of you clowns haven't even switched to Vista yet because of how convinced you are of its insecurities, despite few to no major news stories about ACTUAL vulnerabilities/insecurities existing. Do you think it was like that when XP came out? I know most of you have short term memories, but the answer is clearly "no", when XP came out it was chastised for its security problems. When it came out, people would often switch back to 98 SE or 2000. History repeats itself quite frequently, didn't mean XP was the worse operating system then, nor does it mean Vista is the worst one now. Most computer user's fears of Vista are simply completely baseless.

      Finally, to say Vista is more secure than popular Linux platforms or Mac OSX is not completely wrong. While XP/Vista both share the "Windows dillemna" - the unavoidable consequence of being the most used operating system for home computer use, making the platform the biggest target for vulnerabiltiies - vulnerabilities for Mac OSX are little to laugh at (in fact if you read about some of them, they're downright scary), especially when people get smart and start exploiting them, and vulnerabilities for Linux based platforms have for a long time grossly negatively affected uptime of webservices on the internet. While there are a bevy of Windows users who were a victim of identity theft because they got infected by a virus (the vast majority of the time through USER ERROR not SECURITY VULNERABILITY), someone has hacked a Linux box with a webserver and stolen thousands of usernames, credit card numbers, personal information, etc.

      You can't argue Vista is inherently insecure because it's not. If so, produce a Vista-specific vulernability and show some history of it being exploited. I bet you'd have time finding one that isn't some proof of concept that was patched before any actual exploit launched for it. Fact is, the reason Windows users get malicious software is because they are stupid and download it themselves, but of course that's ALSO Microsoft's fault, I guess.
      • buddyfarr, on 01/24/2008, -4/+7nice reply! thank you for being one person that uses common sense when stating their opinion. I myself have used vista and switched back to XP because though vista is nice it is DEAD slow on even my brand new core 2 duo laptop with 2GB of ram.
      • MacParrot, on 01/24/2008, -1/+5Nicely put. I don't talk about Windows viruses or malware/spyware etc because most of the time it's the users own fault that it happened. If you install dodgy software from some site that claims it's the greatest screensaver since Jesus walked the earth and then find out your system has been compromised, who's fault is it really?
        Neither Microsoft, Apple, or the various Linux distro can protect a computer from a user determined to do something stupid. Apple has it's own security issues, fortunately most of them require the user to do something truly ignorant...just like most security issues with Windows. Use the OS that let's you do what you want to use a computer for and try not to do anything dumb while doing so.
      • init100, on 01/24/2008, -3/+2"Finally, to say Vista is more secure than popular Linux platforms or Mac OSX is not completely wrong."

        In this case, and in all cases only based on counting (publicly reported) vulnerabilities, it is completely wrong.

        "vulnerabilities for Linux based platforms have for a long time grossly negatively affected uptime of webservices on the internet."

        That's *****. Security problems on Linux-based web servers are almost always due to incompetently written PHP scripts, which cannot really be counted as vulnerabilities in the platform.

        "Fact is, the reason Windows users get malicious software is because they are stupid and download it themselves"

        And a fact is that the reason for almost all Linux-based web server cracks are due to incompetent PHP programmers.
    • nologo, on 01/24/2008, -4/+0Interesting post on redhat's website:
      http://truthhappens.redhatmagazine.com/2008/01/16/ ...
    • ventralnet, on 01/24/2008, -6/+2vista being more secure than xp kinda catches me off gaurd
      • ventralnet, on 01/24/2008, -0/+7troll
      • fuzzynyanko, on 01/24/2008, -2/+1Actually, Vista hasn't been out that long. I'm surprised that there aren't more vulnerabilities reported.
  • herkalees, on 01/24/2008, -26/+12That's cool - we all know the real truth anyway. A waste of their time I'd say.
    • Twindagger, on 01/24/2008, -4/+8We do - but the people who this is targeting do not. This is just like graphics cards manufacturers touting their benchmarks. Marketing at its finest
      • dkoon, on 01/24/2008, -4/+9OMG, can I lick your shoes? You two are the only one who know the truth! Can you please be our next President?
        • herkalees, on 01/24/2008, -2/+2Sure, I'll send you my home address... what's your email address?
      • herkalees, on 01/24/2008, -2/+1Luckily for me, I only care about what I know.
  • balilanai, on 01/24/2008, -44/+433 diggs and why is this on page 1?
    • nights0223, on 01/24/2008, -1/+26We really don't need a comment like that in every story.
    • djphazer, on 01/24/2008, -1/+14Because it's rising very quickly. Digg has changed things up with their popularity algorithms.
      Now you know, so you can shut up about it.
  • metapop, on 01/24/2008, -59/+151final words of a dying OS
    • pyronik, on 01/24/2008, -31/+29microsoft will probably be around longer than you with that kind of backward thinking
    • ligyron, on 01/24/2008, -20/+1Don't worry, it'll be revived within the next couple months when Service Pack 1 launches
      • Hickeroar, on 01/24/2008, -8/+18I've installed the SP1-RC, and trust me, there's nothing in there that's going to magically make Vista attractive. It's still utter bloatware, utterly unreliable, and an utter disappointment.
        • ligyron, on 01/24/2008, -6/+13I got a new computer yesterday that has Vista on it. I think it's great. The only annoying thing I noticed is that for some actions you have to confirm that you did the action, but that's nothing compared to all the coolness of Vista. I don't understand why people think it is so bad, and making more of a fuss about it than Windows ME (which I can confirm was crap)
          • schul155, on 01/24/2008, -5/+4Wait 6 months!
          • dkoon, on 01/24/2008, -4/+8ligyron, you shouldn't even "think" it's great.
            dude, trust us, we know everything. Just listen to what we tell you, we are always right.
          • al13n, on 01/24/2008, -0/+4Turn off the user account control and it wont ask you to confirm everything you do ;)
    • norman619, on 01/24/2008, -26/+36Dying OS? They have well over 90% of the market. You are aware of that right? Of the OS's needing users it's OSX. When was the last time you saw a Linux TV ad urging people to buy it? When was the last time you saw a Windows ad urging people to buy it other than the few Vista release ads? How often do you see an Apple ad for OSX begging you to buy? Everyday. Vista has a guaranteed user base. It will inherit the XP user base just like XP inherited the Windows 2000 user base.
      • KyferEz, on 01/24/2008, -16/+22No, it ***** won't inherit the XP user base, at least not the entire one. I'm one of many using XP, flat out refusing Vista, and slowly switching to Ubuntu! Those who do use Vista hate nearly every aspect of it. The one thing they like: being able to use flash drives to increase system ram. There are many others who will wait out Vista until the next OS.
        • ligyron, on 01/24/2008, -12/+8Wait out Vista until the next OS? What kind of broken logic is that
          Not like they're just going to forget Vista and the years of work they put into it and make a new OS. This is the *business* world. Time is money. They are going to fix/improve everything in Vista as best they can. The next OS won't be around until at least another 4 years. By then, there'll likely be more Vista users than XP as it becomes increasingly more stable and secure
        • darkecho, on 01/24/2008, -6/+13"Those who do use Vista hate nearly every aspect of it." Ive been using Vista since it was first released in Nov 06. Its my everyday machine. I love and don't want to switch back to XP. The only people I have heard trash Vista, that have actually used it, are the retards who buy the $500 laptop expecting it to run like a bad ass machine.

          I tend to hear more and more Mac users trying out Vista and loving it. Do they switch to Vista, no. However they run both.

          - From a person who loves and uses several *nix distros everyday along with Windows
          • bejayel, on 01/24/2008, -3/+3I have a core 2 duo E6750, 2 gigs of ram, geforce 8800 gts, asus p5b, 800 W powersupply and I ***** hate vista. Vista really needs a tool like nliteos. My Reduced XP is amazing. I think a pre-configured, heavily reduced vista with better user interface choices (not making you have to click 500 ***** links to change my networking properties) would be enough to convince me to switch.
          • MrSteamTank, on 01/24/2008, -2/+2Could it occur to you that Vista is simply buggy? I installed it and 2 weeks after I installed it my computer crashed and I had to reformat. Vista ran completely fine on my athlon 3500 with 3 gigs of ram radeon 1600 pro. It's the crashing that forced to reformat that made me change back. Problems like this are not easy to ignore.

            I'm sure I'll move over to Vista in due time. That time is not now though.
          • brownspank, on 01/25/2008, -0/+1I happen to have a $500 laptop, and Vista runs pretty fast, IMO. Granted, it's Basic, but that's all I really need.
        • souer1, on 01/24/2008, -3/+2ligyron :By then, there'll likely be more Vista users than XP as it becomes increasingly more stable and secure

          Wanna bet my friend ? Windows is slowing on the descending slope. PPl will resist te Vista upgrade because it is a useless upgrade.
          go see this http://youtube.com/watch?v=PaazsXnUyhg
          and this video is more than 6 months old so a lot more reason not to upgrade have appeared since then...
        • buddyfarr, on 01/24/2008, -2/+4@Darkecho - actually I have vista on my brand new core 2 duo laptop with 2GB ram and the upgraded video card and it still runs slow. it is nice, but XP would run super fast on this machine. other than that everything is good. if it were leaner and faster it would be great.

          but MS is supposedly going to try to get the next version of windows out by 2009 not in 4 or more years...but by then they will probably delay it for quite a while so you might be right. as far as xp users switching, home users yes because that is what it comes with. but I don't know of any companies switching because there is no value add. all systems would have to be replaced because of the hardware requirements. it just won't run on current or old HW unless the current is brand new. too much money for no advantages. plus all the extra user training they would need. plus they would have to turn on XP compatibility for all of their applications to work and if they do thay then why did they upgrade??
          • bejayel, on 01/24/2008, -3/+2What? I though the target year for windows 7 was 2011, which actually means 2013 by their standards. I dont know where you figured the next windows was targeted for 2009, but that number is WAY off.

            The strategy for backwards compatability that windows will be using is virtualization by the way. It was announced way back.
        • wageslaven, on 01/25/2008, -0/+3"No, it ***** won't inherit the XP user base"

          Your ***** delusional.
      • metapop, on 01/24/2008, -9/+7"when is the last time you saw a windows ad urging people to buy it..." perhaps that's one of the reasons why vista sales are in the trash.

        "vista has a guaranteed user base" therefore we can put ***** in a box and people will be forced to buy it. arrogance like this is part of the reason why people hate windows, and why they are inevitably losing their grip on the OS market if not through people switching to mac, becoming linux users.
        • bosssmiley, on 01/24/2008, -1/+3But even a lot of the corporate "No one was ever sacked for buying "HP / IBM / M$" middle management drones are listening to their tech depts and avoiding Vista. As I understand it a lot of companies are either sticking with XP, or looking to move over to *NIX.
      • mcgarry83, on 01/24/2008, -9/+15Vista did not inherit me! Thats for damn sure. In fact, I completely disowned windows altogether. Thank you Linus for saving me from a fate worse than death.
      • norman619, on 01/24/2008, -7/+9I love how you guys ignore reality.
        • hplasm, on 01/24/2008, -5/+5If Microsoft can do it. so can everyone else!
        • bejayel, on 01/24/2008, -6/+3How are we ignoring reality? Less security holes is not better in microsofts case. You are the one who is ignoring reality.

          Umm, just for Norman: Less != better because even with less, the security holes in Any Microsoft OS is absolutely stupid. PLUS microsoft only counts it os, while it counts all software included with ubuntu and rhel.
      • init100, on 01/24/2008, -1/+2"When was the last time you saw a Windows ad urging people to buy it other than the few Vista release ads?"

        Windows does not need advertising, since Microsoft has made sure that almost all suppliers of PCs install Windows by default. Many won't even sell a computer without Windows if you ask for it. It is either a Windows computer or no computer at all.
    • enchantedsky, on 01/24/2008, -24/+18Windows Vista SP1 disables DVD ripping......that's more than enough reason not to upgrade to it: http://blogs.pcworld.com/staffblog/archives/006322 ...
      • MioTheGreat, on 01/24/2008, -0/+15Uh, no.

        That's a case of one particular piece of ***** software not working with a rather major OS upgrade. Every other piece of DVD-Ripping software still works with SP1.
      • Trixrox, on 01/24/2008, -1/+10I rip DVDs with SP1, something must be wrong here..
        • estvir, on 01/24/2008, -0/+4You're not a moron, that's what is wrong.
      • pcpimpster, on 01/25/2008, -1/+2I'm listening to estvir, mio and tri, you are a moron. The crazy thing about windows is when one app does not work, there are like 100+ to fill its space.
    • KarthVader, on 01/24/2008, -8/+19As soon as I read the headline, all I could say was, "I'll believe that when me ***** turns purple and smells like rainbow sherbert."
      • norman619, on 01/24/2008, -1/+10That would be quite a day indeed.
      • mcgarry83, on 01/24/2008, -1/+9That would truly be a blessed day!
      • funsac22, on 01/24/2008, -1/+1GREAT QUOTE! :)
      • fuzzynyanko, on 01/24/2008, -1/+2Actually, some of these food colorings doesn't get digested in the stomach or small intestine... If you eat a rainbow sherbert that's has a lot of red and blue, your ***** might very well turn purple.
      • estvir, on 01/24/2008, -1/+3RTFA.
    • pcpimpster, on 01/24/2008, -7/+28"dying OS" is really delusional.
      • souer1, on 01/24/2008, -9/+1you start to die when you stop to grow and windows has reached that point. Wake up windows Fan boys out there. Windows will always remain broken. it would need a full architecture overhaul and that wont happen.
        when you can boot a windows without the GUI showing then may be we can talk..
        • trogdoor, on 01/24/2008, -1/+8"when you can boot a windows without the GUI showing then may be we can talk.."

          http://www.microsoft.com/windowsserver2008/serverc ...
        • pcpimpster, on 01/24/2008, -1/+4Windows losing ‘marginal’ market share is only showing that there are other contenders in the ring. So be it, competition is good for all. None of these contenders though have any sort of K.O. punch to take out Windows. Else its market share would be dropping hand over fist. It is not. Macs are still too exspensive and Linux still lacks certain usability by the common user. People have been speaking of the Windows demise for the 10 years I’ve been a Windows developer, admin and support pro. I'll check back here 5 years from now to say: "I told you so." Not much has changed in 10 years as far as market share. . Your whole thing about Windows without a GUI shows me how pigeon holed your view on what an OS should be is. There is the other 99% who don’t give a ***** about Windows booting without its GUI. And trogdoor has even countered your claim on that.
    • Lukesed, on 01/24/2008, -11/+4Well, you see, there are millions more windows computers that haven't been hacked than mac and linux ones, therefore, windows computers are harder to hack.
    • oriondr, on 01/24/2008, -3/+10I really doubt you would say that if you had, oh I don't know.. ever USED vista. Why do people pass judgment based on obviously subjective articles like these.
    • MioTheGreat, on 01/24/2008, -5/+15Dying? It's already got a larger market share than Linux, OSX, and every pre-XP version of Windows combined.
      • metapop, on 01/24/2008, -5/+2see raytown's previous comment.
        "That's because they count OEM installs as "sales" and sales as in "left the warehouse". I don't know one person that has actually BOUGHT Vista."
        • acitcratnA, on 01/25/2008, -0/+4Me, I bought Vista and I like it.
          Now we kind of have something in common.
          I know one person who owns a Mac, and you know one person who owns Vista.
    • chris9902, on 01/24/2008, -2/+18If by dying you mean outselling OS X 50:1 then yes you are correct.
      • Raytown, on 01/24/2008, -5/+3That's because they count OEM installs as "sales" and sales as in "left the warehouse". I don't know one person that has actually BOUGHT Vista.
        • pcpimpster, on 01/24/2008, -1/+3A sale is a sale my friend. If by "OEM" sale you mean 100+$ a piece ""does not"" go to MS, then and only then do you have a point.
  • 3amboo, on 01/24/2008, -21/+6o rly?
  • xdvx, on 01/24/2008, -17/+6Is this a joke, or I don't understand something?
  • cscalfani, on 01/24/2008, -37/+83That's 'cause no ones running it :-)
    • apzdsx, on 01/24/2008, -13/+46More people are running Vista than Linux and OSX combined. :O)

      http://marketshare.hitslink.com/report.aspx?qprid= ...
      • KyferEz, on 01/24/2008, -14/+27THAT'S ONLY BECAUSE IT'S BEING SOLD ON NEW PCS!!!
        • LightSpeed4, on 01/24/2008, -15/+8then dont say ***** that noones running it if u dont have your facts straight, ***** idiot.
          • wellyuk, on 01/24/2008, -3/+4He didn't, cscalfani did. Can't you read?
        • jakem1, on 01/24/2008, -3/+10So what's your point? People are buying those PCs and there's a good chance that they're buying them BECAUSE Vista is on them.
        • wire02, on 01/24/2008, -1/+8And new mac's come out with the new OSX...whats your ***** point?
        • secleinteer, on 01/24/2008, -4/+3@jakem1:
          Actually they probably don't know or care what Vista is, or how it is different from XP.
    • yournamehere, on 01/24/2008, -5/+20i think Vistas market share is greater than Apple's OS.. so who's the joke on?
      • KyferEz, on 01/24/2008, -17/+8THAT'S ONLY BECAUSE IT'S BEING SOLD ON NEW PCS!!!
        • azurepalm, on 01/24/2008, -5/+16and OS X isn't sold with new Macs?
          • sonicjosh, on 01/24/2008, -6/+2It's because there is really clueless (stupid) people who think windows in the ONLY thing out there, they are the same crowd who think the internet is that blue e on their screen with a picture (desktop) IS the internet.
          • acitcratnA, on 01/25/2008, -2/+3Uhhh...I think everyone knows that Apple exists, it's a widely reconized brand.
            Therefore, there can't be that much "stupid" people who think Windows is the only thing out there...
        • norman619, on 01/24/2008, -2/+10And why is it sold on new PC's?
        • objectcode, on 01/24/2008, -6/+2"And why is it sold on new PC's?"

          because only new PCs can run it
      • bosssmiley, on 01/24/2008, -8/+3Answer: the poor ***** schmucks who were conned into taking a bloatware monstrosity like Vista on their new Winbox.
    • norman619, on 01/24/2008, -6/+9I think he meant in his imaginary world no one is running it.
    • halobender, on 01/24/2008, -9/+2I've used it on two machines. Upgrading from XP to Vista is a nightmare tons of broken drivers and software. Just installing fresh Vista is OK.
    • chris9902, on 01/24/2008, -0/+898 million more than OS X.
    • wellyuk, on 01/24/2008, -7/+2Does Vista outselling Linux and Mac mean that we should all pack our Mac and Linux using bags and move over to Vista? I'm a little unsure what the point of the comment is.

      Britney Spears has sold over 83 million records as opposed to my friend's prog rock band which has possibly sold a few hundred albums. In my opinion, his album is far, far superior to ANYTHING Britney Spears has produced, and anyone who doesn't possess a pair of cloth ears would undoubtedly agree.

      That Britney, and other artists, have outsold Humanfly has absolutely no effect on my choice of listening material.

      So what's everyone's point? Well done Microsoft, you've sold more copies of Vista than OS X and Linux combined.. and that means.... ?
      • wire02, on 01/24/2008, -2/+2People like it....
        • wellyuk, on 01/24/2008, -2/+3Great! But in this particular story, what does that have to do with anything? Does it mean Mac/Linux users are wrong and Windows users are right? Despite my comment being dugg down, I'm still no clearer on the point that is being made.

          It doesn't take a rocket scientist to realise that XP and Vista is going to far outsell OS X - there's more PCs sold a year than Macs.

          So does anyone want to enlighten me on the point of Vista's popularity in relation to the story in question?
        • MacParrot, on 01/24/2008, -2/+3I would love to see a comparison of retail sales for Vista and OS X Leopard. Take the pre-installs out of the equation. There's a difference between what comes with a product at purchase and what people will plunk cash down for. According Jobs (=Apple marketing), almost 20% of the installed base has purchased Leopard. I doubt Vista is that high.
          And no I don't hate Microsoft (I plan on buying Office 08 for the Mac very soon and use an XP box at work everyday that I have absolutely no issues with)
          • wageslaven, on 01/25/2008, -1/+1Would you? You cant be serious.

            See a point update, 10.x to 10.x+1 is little more than what Microsoft gives away for free as a Service Pack.

            The upgrade from XP to Vista is the same as MacOS to OSX -- totally new OS. The upgrade from 10.x to 10.x+1 is NOTHING like this.

            *AND* the reason 10.x upgrades "sell", is because they often become necessary for 3rd party applications to operate (ive encountered this myself on my Mac owning cousin's computer after he had to buy a 10.x update to run a new Adobe distiller, luckily he bought a new Vista Ultimate laptop, so he'll be getting his updates for free now)

            For your understanding; OS2 & Windows 3.x were Windows "3"; Windows NT4 was Windows "4"; Windows 2000 & XP were Windows "5" and Vista is Windows "6".
      • designerutah, on 01/24/2008, -1/+2Not true. From a marketing perspective, people originally "bought" it due to the contractual obligations that MS was able to enforce due to their control of the original DOS. Since then, the cost for most people and most businesses has been higher to change than it is to remain the same. Just like it is harder for people to get off their asses and exercise than it is to watch another episode of American Idol... and look at the rise in obesity to see how human nature taking the path of least resistance helps pile the numbers up.
      • wellyuk, on 01/24/2008, -0/+2Ah, I see. cscalfani asserted that people aren't using/buying Vista. He's obviously a plonker.
    • kaelyiesta, on 01/24/2008, -1/+1"Of course, from what our tiny brains make of the case, such an argument doesn't take into account factors like just how many people are trying to exploit a particular platform/vulnerability, or just how damaging each exploit can be."

      Usually I hear this argument in defense of Microsoft products, not the other way around. But back to the topic, which OS has more market share? Presumably, the more mainstream the OS is, the more interest in breaking it there is. This argument is a great one but without that crucial info on how many are running each OS, they've proved nothing.
  • apzdsx, on 01/24/2008, -8/+49Well, reading that was a waste of time.
  • bxblox, on 01/24/2008, -29/+5One comment, 40 digs, and front page..... is there some kind of gizmodo/digg partnership i dont know about
  • Tejiant, on 01/24/2008, -19/+2This story has been up for over an hour (nearing 2) and only 1 person has commented. I can almost hear our fellow Diggers' heads exploding, and MS has managed to make them all completely speechless.
    • init100, on 01/24/2008, -1/+2No, but explaining why they are wrong for the umpteenth time is really boring.
  • justice7, on 01/24/2008, -12/+35Do you really think microsoft would say anything different here? They are trying to sell a product. Also, it is impossible to really compare them because its all apples and oranges, it is all about your perception on the issue.
    • Miche1987, on 01/24/2008, -4/+18apples and penguins*
    • norman619, on 01/24/2008, -2/+6How many home users do you know that go out and buy a stand alone copy of Windows? It comes pre-installed on the computers they buy. The people who buy a copy of Windows are system builders for the most part. Take a good look at their market share. It's pretty obvious you don't know anything about the computer industry. I also recommend you check out what happened with XP during its initial release and how it became the dominant OS.
      • init100, on 01/24/2008, -1/+2"The people who buy a copy of Windows are system builders for the most part."

        Or Windows fanboys. :)
    • estvir, on 01/24/2008, -4/+2Try reading the RTFA, seriously.
    • Xill, on 01/24/2008, -3/+2Yeah, I can "perceive" my MAC had 0 crash while doing a thesis and leaving all my programs running for 1 year and a half. It's just perception, has nothing to do with the fact that OSX is damn stable.
  • digitallysick, on 01/24/2008, -18/+5Its safer because no one is running it, so less attacks and exploits on it.
    • MonsterChaOS, on 01/24/2008, -5/+12Actually, there are about 4x the people running vista than there are running OSX, so I don't wanna hear that BS.

      http://marketshare.hitslink.com/report.aspx?qprid= ...

      Besides, isn't security by obscurity an OSX trait?
      • maexus, on 01/24/2008, -4/+8Actually no, the security is from the Unix backbone. I love when uneducated people decide to voice their opinions.
        • csw1342, on 01/24/2008, -1/+2Bush 08
        • MioTheGreat, on 01/24/2008, -1/+5OSX may be a UNIX implementation, but that doesn't stop it from having a relatively ***** exploit record.
        • objectcode, on 01/24/2008, -0/+2lets have a look at those exploits
  • DeMoNX4187, on 01/24/2008, -18/+10At a loss for words...literally stunned.
  • briansearles, on 01/24/2008, -23/+28It very well may be more secure. Why? Because you can't do anything in it!
    • Uchikoma, on 01/24/2008, -2/+7...and given a fair amount of the population that uses Windows, it's probably a good thing. It's not my fault that some people open every attachment and email that they get.
    • estvir, on 01/24/2008, -6/+4I just played several videogames.

      It's a good thing I wasn't using Linux or Mac OS.
  • rigorious, on 01/24/2008, -11/+2dugg for pain!
  • Subpoena, on 01/24/2008, -22/+7They've compared it to Mac OS 10.4? Leopard is out, did Microsoft just forget about that?
    • Twindagger, on 01/24/2008, -2/+17They don't have a year of history for Leopard. Honestly, some people here are totally biased idiots. I don't run Vista on my PC and I own a Mac, but you really can't fault Microsoft for selling a product. Are all the MS Fanbois going to protest when Apple claims "300 new features in Leapord?"
      • Woecip, on 01/24/2008, -4/+3"Are all the MS Fanbois going to protest when Apple claims "300 new features in Leapord?""

        Now whos the idiot?
      • MioTheGreat, on 01/24/2008, -2/+8No one protested when Apple claimed 300 new features. We all just realized that if you consider Leapord to have '300 new features', than you have to consider that Vista has several thousand.
        • azurepalm, on 01/24/2008, -0/+2300 you say?
          THIS IS VISTA!!! AAAARRR!
    • kentifer, on 01/24/2008, -0/+7RTFA. It's all over the span of the first year of release.
  • jetcopter, on 01/24/2008, -8/+76They have graphs!
    • plizard, on 01/24/2008, -1/+5yeah but they are late on their tps reports
  • REUYL, on 01/24/2008, -17/+10So... more people are using Red Hat than Vista, then?
  • f4nt0m4s, on 01/24/2008, -4/+113I think it's agreeable to say that all the modern OSes are pretty secure as long as you have a firewall, an AVG-equivalent scanner, and you don't spend all day surfing German Warez sites. If I had to rate secureness I would rate it by the dumbness of the user.
    • fishbert, on 01/24/2008, -7/+4you forget the scripting exploits found in ad images on such non-German Warez sites as MySpace and Tom's Hardware.
    • leerayIG88, on 01/24/2008, -1/+3I just surf Internet for pr0n and digg articles.
    • ja1217, on 01/24/2008, -4/+13Also, don't forget about security from hackers. While the average user is most likely never going to be targeted, businesses and governments may often be targeted. I recently took part in a cyber defense competition with my college. Unfortunately for us, we forgot to change the default password on our BSD box and we got owned pretty badly through that. However, I was able to come back for the next round and watch the hackers in action. While the Windows machines were not fully up to date with patches, neither were the linux and unix machines. However, within the first seconds of the tournament, they had owned just about everyones windows machines. However, the only way they got into the Linux machines were through default passwords that didn't get changed fast enough.

      However, the hackers were able to do some hilarious stuff to the windows machines. At one point, the hackers ran a joke program on one of the competitors machines that made it look like the computer was going through the Vista upgrade procedure. It was hilarious, cause we could watch exactly what was happening as one of the other hackers was running a screen capture on that machine. We also ran over to the room where the competitors were and they were like "WTF? Its upgrading to Vista and I can't stop it." All in all, it was a fun competition and I learned a lot. And it also affirmed my belief that Windows is far more insecure than any *nix box.
      • wageslaven, on 01/25/2008, -1/+1"While the Windows machines were not fully up to date with patches, neither were the linux and unix machines."

        I'd love to see what lab they set-up - Default XP install and a 2 week-old Linux distro... ?
    • jake6730, on 01/24/2008, -7/+4Vista may very well be more secure though, in my experiences it seems just as secure as Linux. I say this because Microsoft has the overwhelming market share and thus an overwhelming share of attackers. This allows Microsoft to find these holes and patch them. So Vista has a good probability of being more secure than Linux or OS X because these two don't necessarily have to worry about their security holes as much.
    • rnelsonee, on 01/24/2008, -4/+3I see your point, but you can tell how bad Microsoft has made our expectations from your comment. If you need to run a scanner to look for security threats that have *already infiltrated your system*, your OS isn't secure, plain and simple. You don't need a scanner for most OSes out there. And a firewall is the same thing. If you need to add a firewall to go on the Internet, you're doing it wrong. The only point of contention there is that some people would say a firewall shouldn't be part of an OS, which I could agree with. Then a hardware firewall or a top-level application makes sense. But Vista and OSX already have firewalls in and on by default so you don't need an 'extra' one.
      • addiktion, on 01/28/2008, -0/+1Your going to always find that someone makes a better product then even good ole Microsoft. I agree Microsoft should put more attention to those things but they fail to do so on a regular basis. Hardware firewalls far exceed software firewalls in my opinion because its much easier to find bugs in software then it is to exploit read only firmware. If Microsoft built the "one all nobodies better then us" solution then many of their clients wouldn't have a way to profit by making a better product that enhances windows capabilities so all in all it keeps the tech industry going by having millions of bugs and hackers digging through your operating system.

        Point is get Spybot S&D, Adaware, AVG or better, and a better software firewall, and I personally disable any services that I don't need and close out most the ports that aren't being used. Make sure to close out ports on your router too. By default these days most routers do this automatically though.
    • Jeezoflip, on 01/25/2008, -0/+2i agree with you. I have never had virus scanners on my windows machines because im not dumb and open weird, obscure files or anything else like that. i never got viruses on my computers because of that.
    • addiktion, on 01/25/2008, -0/+1I remember when I got my first virus when I was 13 or so. I remember people would always reboot my computer randomly and cause all kinds of havoc. Now 10 years later I've never gotten another one. I think we all learn at some point but it's not hard to avoid viruses. I can surf most "warez" sites and still avoid viruses but best practices keep me away from such a thing these days.
  • sh333ts, on 01/24/2008, -7/+48Its great that Microsoft admits only half of their discovered vulnerabilities were fixed in the first year for both XP and Vista.
    • ocauTMM, on 01/24/2008, -1/+2Yeh LOL. Ubuntu still has less unfixed vulnerabilities overall, period.
    • wageslaven, on 01/25/2008, -1/+1Its great to know that its Apple's policy to not disclose its unfixed vulnerabilities, ignore 3rd parties who advise them of vulnerabilities and threaten them if they want to disclose them.

      Apple is a totally closed shop w/r/t security.
  • JasonCox, on 01/24/2008, -32/+17Dugg because it's true.
    • metapop, on 01/24/2008, -17/+12buried because it isn't.
    • oriondr, on 01/24/2008, -2/+2Buried because the article is rife with bias.
    • init100, on 01/24/2008, -1/+2Buried because it's just plain wrong.
  • damnyooneek, on 01/24/2008, -18/+5Microsoft's graphs are comparing their newest OS, Vista, to the older 10.4 OSX. Its up to 10.5 now get with it.
    • Aeuta, on 01/24/2008, -0/+9But 10.5 hasn't been out for a year neither has ubuntu 7.10...
    • damnyooneek, on 01/24/2008, -1/+1It's not a fair comparison then
  • clak, on 01/24/2008, -12/+19Vista has security through obscurity?
    • oriondr, on 01/24/2008, -0/+6What do you call Mac OSX then? Open source?
      • mennis, on 01/24/2008, -3/+5I call apache, python, perl, x11, ruby, freebsd 5 (it's associated network stack), mach 3.0, gnu compiler collection, samba/CIFS, postfix etc. open source yes.
    • wageslaven, on 01/25/2008, -1/+1Vista is less obscure than OSX, Linux and all non XP Windows COMBINED. And, I imagine 3rd party researchers have been working PRETTY hard on Vista in its first year...
  • Lionhart, on 01/24/2008, -5/+59Why is this filed under Apple?
    • oriondr, on 01/24/2008, -0/+6Did you read the article? It heavily favors Mac OS/Linux.
    • jake6730, on 01/24/2008, -0/+9Because the writer knows that Apple users will be quick to digg any article bashing Winodws.
      • tjv1tjv1, on 01/24/2008, -0/+1Ain't it the truth...Maybe somebodies working on self esteem issues... :S
      • wageslaven, on 01/25/2008, -1/+1And any Gizmodo article can be relied on to take ALL MS news and find a way to paint it as a negative.

        Story: "Microsoft triples sales"
        Gizmodo headline: "Microsoft sales arent growing as fast as they wish they were"
    • MyNameIsJoe, on 01/24/2008, -4/+3Because a lot more people check the Apple upcoming stories than the Microsoft ones, so putting it in the Apple category greatly increases the chance it will get Dugg.
      • acitcratnA, on 01/25/2008, -0/+3Do you have a graph to prove this?
        Microsoft does.
    • wvdavis, on 01/24/2008, -2/+5Because the submitter knows that if he filed it under Microsoft... it would never make the front page.
  • reed311, on 01/24/2008, -9/+32From my personal experience, Vista has been more secure and more reliable then XP was in it's early years. The big difference is that gaming in Vista pretty much sucks, but it is getting better with newer patches for games, etc.
    • KyferEz, on 01/24/2008, -16/+4OMG!!! You actually USE Vista? I feel VERY sorry for you!
      • crimsonnblue, on 01/24/2008, -4/+6It actually runs very stable if you have 4 gigs of ram and don't try to run Legacy apps...
        • mrbutter, on 01/24/2008, -2/+8I actualy run vista just fine (as fast as XP but with more features etc.) with only 1 gig of ram.

          I play CS:S and I get pretty good fps with an 8600gt and 4400+

          Having said that, with 2gigs of ram (i can only drea of 4 haha) it would definately be FASTER than xp.

          This is filed under apple to generate all the vista hate which quite frankly is unfounded. Apple fanboys claim that vista sucks and that everyone who runs it hates it. Well, sorry to break it to you but the only peolpe who hate it are the ones who have used it for less than 20 minutes (or not at all) OR the users who are just retarded and don't know anything about computers.

          Vista is a great OS and it deserves a lot more credit than it is getting.
    • MioTheGreat, on 01/24/2008, -1/+10Upgrade your graphics drivers, and install all of the performance and reliability updates for Vista.

      After doing that, you should have a very negligable performance drop in Vista gaming. There was a bug with Virtual memory that would cause d3d games in Vista to balloon in memory, but that was fixed months ago. And the driver situation is pretty much on par with XP right now (I personally feel that the drivers are more stable in Vista)

      Here's some benchmarks: http://www.firingsquad.com/hardware/amd_nvidia_win ...
    • jake6730, on 01/24/2008, -1/+8Finally someone who hasn't jumped on the Vista Bash Wagon. We should be friends!

      BTW, I used Vista with 1 gig of ram, 128 MB integrated video, and it was noticeably faster than XP.
    • init100, on 01/24/2008, -1/+2"From my personal experience, Vista has been more secure and more reliable then XP was in it's early years."

      It would be strange if it wasn't the case, because XP security in the early years was *really bad*. They'd have to make a serious effort to have worse security than that.
  • Aeuta, on 01/24/2008, -10/+26I love how nearly half of their vulnerabilities are still unfixed...
    • ElbertF, on 01/24/2008, -1/+3Both XP and Vista.
    • oriondr, on 01/24/2008, -3/+4That could be said if an operating system had 2 vulnerabilities in a year and only 1 was fixed. What a biased and stupid thing to say. The number of unfixed vulnerability margins on the graphs for each operating system are about the same.
      • ElbertF, on 01/24/2008, -2/+4If you have only 2 bugs a year why not fix them both?
        • azurepalm, on 01/24/2008, -0/+2OK sir, it is NOT easy to create secure or reliable software. If it is, then there won't be a bug in the first place.
      • mithrasinvictus, on 01/24/2008, -1/+3They have not fixed half of their security bugs BY THEIR OWN ADMISSION, what they say about the competition is irrelevant.
  • totorototoro, on 01/24/2008, -5/+13This guy again? Note that just like last time, once the ***** hits the fan, he'll backtrack and claim he's not speaking for Microsoft, but as an "independent" researcher just crunching some numbers. *nudge nudge, wink wink*

  • raymix, on 01/24/2008, -9/+3few threat, but more harmful
  • godzillaWax, on 01/24/2008, -15/+11The perfect nexus of Linux fanboys, Apple fanboys, Microsoft-hating fanboys and hack 'journalists'.
  • alex1015, on 01/24/2008, -5/+18Why is this listed under apple?
    • mrbutter, on 01/24/2008, -1/+6to generate vista hate obviously lol.
    • designerutah, on 01/24/2008, -0/+2He's just trolling for vitriol... and getting some too!
  • damnyooneek, on 01/24/2008, -18/+7OSX current version is 10.5 they're comparing Vista to an older OS.
    • gstep, on 01/24/2008, -1/+8I'm amazed how many of you failed to read the article and hence made this comment. It's comparing vulnerabilities in the first year of release. Therefore Leopard is not yet a candidate for comparison because it's only been out a few months.
      • damnyooneek, on 01/24/2008, -1/+1then its a pointless comparison if theyre comparing their top of the line OS to an outdated version of an OS.
    • Trevahaha, on 01/24/2008, -1/+5Because this is comparing the vulnerabilities of OSs released in their *first year*. Leopard hasn't been out for a whole year yet, which is why it's not shown.
  • rstarr, on 01/24/2008, -14/+3HA!
  • Aeuta, on 01/24/2008, -8/+5umm...also as you will notice it says XP followed by 10.4 have the most unfixed vulnerabilities

    Thanks for supporting the Linux community microsoft...we thank you...
  • Allibaster, on 01/24/2008, -17/+22Anytime you see a post that starts with, "Microsoft says," you just know it's going to be a bunch of *****.
  • RSJ115, on 01/24/2008, -7/+32Wait, Ubuntu LTS and Red Hat are less secure because they address their security issues quickly, and implement patches at a fast rate?
    • init100, on 01/24/2008, -1/+4They are also "less secure" because they ship their operating systems with boatloads of software, including many network servers, all of whose vulnerabilities are counted in those numbers that the article mentions, even though most of those packages are not installed by default. If they would remove enough packages to have comparable functionality with Vista, the vulnerability numbers would be very different.
  • andycr512, on 01/24/2008, -9/+30This is a strawman. They are comparing the numbers of published vulnerabilities, not actual exploits. Obviously Microsoft won't publish a vulnerability before they fix it unless they have to, but Linux users will since everything is discussed on public channels in most projects. More eyes seeing the code in Linux also means that more security vulnerabilities will be discovered by peer review before they are ever used in the wild.

    In short, citing a low published vulnerability count as meaning high security is like saying your airport is more secure because you let far less security inspectors in and thus they find fewer holes. At best it means that you have better security (very rare), at worst it means you have more vulnerabilities than the competition but the fact that the internals are encased in cement (no source code available) means that people just cannot see them as easily.
    • ThinkFr33ly, on 01/24/2008, -16/+9Your argument is a strawman and a false/unproven premise. You're assuming that Microsoft has "hidden" vulnerabilities, yet you have no evidence. You're also assuming that more eyes = more security, despite the fact that studies show that this isn't necessarily true.

      In short, you're citing absolutely nothing to support your argument.

      See this more detailed explanation of why your reasoning is flawed: http://www.robertdowney.com/2006/07/unsupported-as ...
      • andycr512, on 01/24/2008, -6/+9"You're assuming that Microsoft has "hidden" vulnerabilities, yet you have no evidence."

        All you need there is logic. It's pretty obvious that somewhere in the binary blobs Microsoft ships are security vulnerabilities the outside world has yet to discover, just as there are with Linux. It would only make sense from a business standpoint for Microsoft to keep quiet about them until a fix was out, since otherwise they would be putting their users in jeopardy.

        "You're also assuming that more eyes = more security,"

        Again, simple logic. More people looking at the code = more people who can spot vulnerabilities. It's not hard to come to that conclusion.

        "despite the fact that studies show that this isn't necessarily true."

        Link?

        "See this more detailed explanation of why your reasoning is flawed: http://www.robertdowney.com/2006/07/unsupported-as ..."

        Thank you for the link. I have read it. I have a few problems with it, but I will only point out one at the moment.

        "It's an assumption that more people actually look at the source code when it's open. It's also an assumption that more eyes will result in more discovered vulnerabilities. In fact, many types of security issues require highly trained eyes to be detected. The kinds of eyes that companies like Microsoft employee many of and that are paid to look at the code day after day."

        Many government agencies look at Open Source project source code with the "highly trained eyes" this article refers to. They find security vulnerabilities, and send them to the project maintainers where they are quickly fixed. Open Source does not lack this mechanism.

        "In short, you're citing absolutely nothing to support your argument."

        As I asked you last time we discussed this (before you asked any evidence from me), do you have any evidence that there is a direct relationship between high published vulnerability counts and actual exploits? It's an honest question that I wish you would answer.
        • ThinkFr33ly, on 01/24/2008, -4/+4"As I asked you last time we discussed this (before you asked any evidence from me), do you have any evidence that there is a direct relationship between high published vulnerability counts and actual exploits? It's an honest question that I wish you would answer."

          All I have to do is rely on your "logic" argument... higher vulnerability counts would make it far easier for bad guys to find and implement exploits, therefor there must be more exploits.

          That is, in essence, the basis reasoning for your entire argument.

          As far as the government agencies argument, I partially agree. There have certainly examples been large scale participation in open source projects by governments, such as some of the SELinux work done by the US government.
          • andycr512, on 01/24/2008, -2/+4"All I have to do is rely on your "logic" argument... higher vulnerability counts would make it far easier for bad guys to find and implement exploits, therefor there must be more exploits.

            That is, in essence, the basis reasoning for your entire argument."

            That was not unanticipated, but if I were willing to go only with numbers for the sake of argument, shouldn't you be as well? I still haven't gotten a straight answer: where is the hard data showing that vulnerability counts = actual exploits?

            At any rate, if you are still unwilling to argue the point based on hard numbers (as you seemed so eager to do previously), I suppose I will have to go on the basis of logic.

            "higher vulnerability counts would make it far easier for bad guys to find and implement exploits, therefor there must be more exploits."

            Ah, but there aren't. See the blue part of the graph? Those are -fixed- vulnerabilities. Those don't count anymore. If you eliminate them, what do you get? You get the current vulnerability counts. I have done a quick edit job (so please excuse the looks) to simply cut out the fixed vulnerabilities, leaving the current ones that could actually be exploited:

            http://i32.tinypic.com/2uidnj6.jpg

            So, by your own logic, Ubuntu is about 3 times as secure as Vista. Do I agree that this is the correct way to measure security? Obviously not; the only purpose of this was to show that your argument didn't apply.
          • init100, on 01/24/2008, -1/+3@andycr512

            "I have done a quick edit job (so please excuse the looks) to simply cut out the fixed vulnerabilities, leaving the current ones that could actually be exploited"

            An more interesting graph would be the numbers of unfixed vulnerabilities divided by the number of fixed vulnerabilities. In other words, your graph gives the impression that Microsoft and Red Hat are fairly equal. This does not take into account that Microsoft fixed 50% of their vulnerabilities, while Red Hat fixed >95% of theirs.
          • andycr512, on 01/25/2008, -0/+1@init100: Very good point. I have made that chart. http://i25.tinypic.com/sw8k6x.jpg

            It certainly tells a different, and in my opinion more useful, story...
      • init100, on 01/24/2008, -1/+3"You're assuming that Microsoft has "hidden" vulnerabilities, yet you have no evidence."

        Since we cannot know for a fact, the only prudent assumption is that there *are* vulnerabilities that are only known to black hats and Microsoft.
        • wageslaven, on 01/25/2008, -2/+1Since we cannot know for a fact, the only prudent assumption is that there....*are*....vulnerabilities?

          Really? Are you serious? Since I dont know for a fact that Steve Jobs eats babies, the only prudent assumption is that he *DOES*? Huh?
    • 21chrisp, on 01/24/2008, -1/+4He's correct on this. Additionally since all of the OS's other than Vista use common open source software by default, a security report in any of these packages gets reported for each OS that uses it. In the case of Linux, 99% of the applications are installed through the distribution which means that virtually ever single application bug counts as a windows bug.

      It's comparing Apples and Oranges, there's no true accurate comparison. You could get a lot closer by comparing Vista bugs specifically to Kernel+default shell bugs only for both OSX and Linux (since Vista doesn't ship with much more than that). Or you could compile all bugs for all Vista and OSX applications and compare that to Linux. None of these ever match up so you can really make these graphs say whatever you want and most people are too dumb to know the difference.
      • init100, on 01/24/2008, -1/+3"Additionally since all of the OS's other than Vista use common open source software by default, a security report in any of these packages gets reported for each OS that uses it."

        That's very true. Another reason why people should take these biased reports with a ton of salt.

        "In the case of Linux, 99% of the applications are installed through the distribution which means that virtually ever single application bug counts as a windows bug."

        Windows bug? Other than that, you are correct. Linux distributions come with thousands of packages, and vulnerabilities in every one of them is counted as a vulnerability in the operating system, which erroneously tilts the numbers in Microsoft's favor. If those distributions would be stripped of packages to reach a functionality on par with a plain Windows installation, the vulnerability counts would be very different.
  • ulfhednar, on 01/24/2008, -14/+7This just in: Vista cures World Hunger! No, really!!
  • Cmstech, on 01/24/2008, -1/+35Buried for incorrect title, MS didn't say it was more secure, they said it had the lease first-year vulnerabilities compared to other OSes.

    Engadget got it right:
    http://www.engadget.com/2008/01/24/microsoft-vista ...
    • Cmstech, on 01/24/2008, -4/+1oops, sorry put in the link wrong: http://tinyurl.com/yut2ba
    • Trevahaha, on 01/24/2008, -1/+7Exactly! People are reading the headline and not the actual article. It's not claiming more secure, less secure, etc. It's just saying that here are the results for vulnerabilities in the "1st year released"
      • init100, on 01/24/2008, -1/+2But why list those numbers unless they expect people to read between the lines? Listing vulnerability counts for widely different operating systems is worthless. The only interesting comparison in that article is between Vista and XP.
  • godzillaWax, on 01/24/2008, -3/+16Can someone please also summon the grammar nazi's on the gizmodo guy? It's *fewer* vulnerabilities, not less.
    If you get paid to write for a living, you should at least be able to afford a $5 grammar reference.
    • PabloMac, on 01/24/2008, -2/+9Grammar nazi's?
      • mennis, on 01/24/2008, -0/+1Weird who knew they had an 'on' ? I wonder if they have an 'off' as well.
      • godzillaWax, on 01/24/2008, -0/+2Yeah, but I don't get paid to write for a living.
  • hasslinthehoff, on 01/24/2008, -12/+7Don't you have to have someone using Vista to make any claims about secure use?
  • fishbert, on 01/24/2008, -5/+14As I read the graph, MS has fixed only about 50% of the identified vulnerabilities of both Vista and XP. That's the worst patch rate of the lot.

    And, having a lower number of identified vulnerabilities may indicate a lack of interest/effort in identifying vulnerabilities. Not something I'd shout from a rooftop (certainly not with the aforementioned 50% patch rate).
    • jstone, on 01/24/2008, -2/+1Or it means they're finding exploits, patching them, and keeping quiet about it.
      • fishbert, on 01/24/2008, -1/+3Or it means that other organizations find the exploits, MS convinces them to keep quiet about it, and a year later the discovering organization releases the exploit information because they're sick of waiting... then MS releases a patch (50% of the time).
      • init100, on 01/24/2008, -1/+3Or it means that they have lots of vulnerabilities that they don't know about (which means that they can't fix them). As you can see, there are many ways to interpret those numbers.
      • wageslaven, on 01/25/2008, -3/+1Or it means they're finding exploits, patching them, and publishing it in their regular security channels.

        Which is exactly what is taking place.
  • B3000, on 01/24/2008, -9/+16Hate on it all you want but I have been running Vista for 7 months now and I have not gotten a single virus, trojan, adware, spyware or anything of the sort. And I've taken my computer to some seedy places.
    • drgooch, on 01/25/2008, -8/+7B3000 wants to communicate with you, do you want to allow it?
      • MioTheGreat, on 01/24/2008, -3/+7That would only happen if that kind of communication needed to write to Windows, Program Files, or needed Admin access to the system for some other reason.

        Seriously. The joke is old. UAC only pops up for ***** software or writing in Admin-only areas of the system.
      • chugger1992, on 01/24/2008, -1/+3deny. B3000 is obviously trying to hack my system, or else I wouldn't be getting this message.
    • DrSpud, on 01/24/2008, -4/+6Your fallacy of logic: anecdotal evidence.
      Experiences such as yours may suggest evidence of good security, but prove nothing either way.
    • fishbert, on 01/24/2008, -6/+8"Hate on it all you want but I have been running Vista for 7 months now and I have not gotten a single virus, trojan, adware, spyware or anything of the sort."
      ... that you know of. Mwa-ha-ha-ha-ha!
    • cncsiu, on 01/24/2008, -4/+3not running IE? If you are, you better check your spyware situation again. HAHAHAHA
      • MioTheGreat, on 01/24/2008, -2/+9IE7 in Vista is inherently more secure than Firefox for things like Spyware. It's very simple, and very obvious once you know why.

        Protected Mode IE causes the IE browsing process to run with a "Low" Integrity Level. Even if some MASSIVE exploit was discovered in IE that allowed a simple html tag to anything it wanted to the process, It would be useless for installing spyware. The IE process has _NO_ access to any relevant parts of your computer. It can write to LocalLow, and a specific subset of the registry. That's it.

        Even if IE is completely hijacked, it can't put an icon on your desktop, delete something from your documents folder, or put something in your startup folder. It simply _can't_.
    • init100, on 01/24/2008, -0/+3One sample isn't a great foundation for statistical analysis.
  • bcamp1973, on 01/24/2008, -5/+10of course they do. and they would be wrong. they're pretty much always wrong. more marketing ***** from spin-masters....
  • brickbat, on 01/24/2008, -8/+3The most important part of this story is the first 2 words of the title. You don't need to read any more after that.
  • MasterRex, on 01/24/2008, -8/+3Charts, eh? Maybe they should try surfing porn sites.
    • pcpimpster, on 01/24/2008, -1/+5You should try not clicking yes and install to those .exe "video codecs" while surfing porn sites.


    • MioTheGreat, on 01/24/2008, -2/+3Go on, do it. Protected Mode IE has your back. Even if an exploit is discovered in IE that allows for arbitrary code execution or filesystem access, the IE process can't even write to your desktop, let alone the startup folder.
  • fittysix, on 01/24/2008, -13/+21Wow,
    The vista haters are all starting to sound like zealot fanboys here. No one here is providing any sort of proofs, noone here is actually doing any work to dispute those claims. Almost every comment on this story so far is the equivalent of "zomg no its not you're wrong I'm right!"
    If you don't like the OS then don't use it, but consider for a second that perhaps this fact is true. The OS might be slower, have a 'bad' UI because it's not the one you're familiar with, and your computer might suck too much to run it, but just maybe it is in fact a very secure OS.

    It seems everyone has made up their minds on the OS, so everything they seem to think about it must be true anyways.
    • reginaldino, on 01/24/2008, -6/+5did you actually look at how he came up with those numbers and what he thought they meant? that's enough proof. we don't need to supply it
    • spinemangler, on 01/24/2008, -3/+10Hey!

      Take it easy with the logic. You know how digg reacts to logic.
    • h3lx, on 01/24/2008, -2/+9You can't just pop in and apply some semblance of logic to a fanboy circle jerk. Accepting a moderate position carefully considering the pros and cons and reevaluating your preconceived notions against the status quo isn't going to make you friends here, you either fanatically support these results or you attack it with religious fervor. No middle ground here.
    • P5ycHo, on 01/24/2008, -5/+2Respect is something that doesn't grow easily. MS has some ass-kissing to do. This is not is.
    • init100, on 01/25/2008, -1/+3"but consider for a second that perhaps this fact is true."

      You cannot draw such a conclusion from those numbers. Measuring security through counting publicly reported vulnerabilities is a method with several serious flaws.
      • wageslaven, on 01/25/2008, -1/+1Instead of reading Gizmodo's FUD on the article, read the article itself. Gizmodo is misrepresenting the article.
    • rville, on 01/25/2008, -0/+0No you are wronggg.. Linux is always more secure than anything in this planet..
    • LingNoi, on 01/25/2008, -0/+2You do realise that a security patch on Linux resembles something like "Solitare config doesn't parse config correctly". Yes that would be included as a security bug in Mr Microsoft Director's (Security Guy!) report here...

      Why is it a security vulnerability? Well it "could be" one if someone already had access to the system.

      Now if you look at some of the bugs in his PDF, they're all remote exploits.
  • beathermit, on 01/24/2008, -2/+12will it also lower my thetan levels
  • gnoshme, on 01/24/2008, -13/+1This guy would make a great politician
  • drgooch, on 01/25/2008, -19/+5Bah ha ha ha ha ha!!!! OSX rox. Windows sux.
  • batista86, on 01/24/2008, -0/+2There is just alot of Microsoft haters now a days. Vista works really well.
  • Fetching more discussions...
    Show 51 - 100 of 146 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.