Vista's one-year security checkup
Microsoft releases details on number and severity of vulnerabilities for Vista, saying it compares favorably to XP in its early days as well as to current competitors.
Note: This is one in a series of blogs looking at Windows Vista on the first anniversary of its consumer launch.
Microsoft took Windows Vista in for a one-year security checkup and came back with, if not a completely clean bill of health, at least signs that the infant is healthier than most babies.
According to the report, Microsoft issued 17 security updates fixing 36 vulnerabilities in Vista in the 12 months following its commercial launch in November 2006. By comparison, the company issued 30 security updates encompassing 65 vulnerabilities in XP's first year.
The report's author, Microsoft's Jeffrey Jones, says those numbers compare with more than 100 vulnerabilities fixed in Mac OS X Tiger's first year, more than 220 flaws in Ubuntu version 6.06 in its first year, and 360 flaws fixed for Red Hat enterprise Linux 4 in its first year.
Jones does acknowledge that some might consider his research suspect, given his employer, but said he welcomes other researchers to look at his methods.
"That is ultimately my goal--to get people to actively question and dig into why the results turn out the way they do," Jones wrote in his report.
Jones is quick to say that his study is not a complete analysis of the operating system's "security," but rather a quantitative look at the number and severity of the vulnerabilities found thus far.
For me, the highest testament to Vista's security comes not from a comparison of patches or vulnerabilities, but from the grumbling praise given to the operating system by the hacker crowd at last year's Blue Hat.
"Vista is the most difficult mainstream OS to break into that I've ever seen," security researcher Halvar Flake told me at the time.