informa
/
Commentary

Vista is the Most Secure OS. At Least Microsoft Says So

Microsoft tells us that Vista is the most secure of all the desktop operating systems. And my mother thinks I'm the smartest person ever. While both may or may not be true, the real question is: Is that all that matters?
Microsoft tells us that Vista is the most secure of all the desktop operating systems. And my mother thinks I'm the smartest person ever. While both may or may not be true, the real question is: Is that all that matters?Jeff Jones, a security expert at Microsoft, just released a one year vulnerability report on Vista.

The report found that Vista was hit by fewer security flaws in its first year than Windows XP and open source OSs in their first years.

The question is, as PC World notes, do comparisons work?

Writes Matthew Broersma: "Comparisons between different types of operating systems on the basis of numbers of public bug reports are often downplayed by security experts, who say they are only part of the picture. For instance, Linux-based OSs are composed mainly of third-party components whose bug reports are all known publicly, whereas third-party components play a small part in Windows and many bugs may be uncovered but not made public."

Wired's Michael Calore is even more direct. "This doesn't mean that Vista is inherently more secure than these other OSes. All the study proves is that Vista had a better security track record than the other OSes over their first year of release."

Also, as Calore points out, commenters on the Web have noted "that Microsoft's report offers zero transparency with regards to how it decides what is a serious security vulnerability and what isn't. And since security problems are not often surfaced by automatic bug reporting, there may be many smaller vulnerabilities which aren't being reported, but which users of Linux and Mac OS X may be more apt to notice, given the less consumer-heavy user bases of those OSes."

Gizmodo also notes that the report is heavily skewed towards Microsoft-think: "And since your argument seems to boil down to the logic: the less vulnerabilities, the less fixes, the more secure, Vista wins. Of course, from what our tiny brains make of the case, such an argument doesn't take into account factors like just how many people are trying to exploit a particular platform/vulnerability, or just how damaging each exploit can be. But from that strategic commander chair, you seems to think that these issues balance themselves out. Maybe you are right."

Maybe, maybe Microsoft is right. Maybe Vista is the most, or at least very, secure. But the real issue what Microsoft is not addressing.

Calore says it best: "Finally, what some bloggers and commenters are declaring an oversight is actually just a caveat: this report is all about security. It makes no mention of the non-security related fixes, bugs, technical issues and failures in Vista. Bluetooth crapping out, flaky wireless, video drivers that don't work, the slow, memory-intensive Aero interface -- that's another report entirely."