Windows Vista Deemed 'Most Secure' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
06:45 PM
Connect Directly

Windows Vista Deemed 'Most Secure'

A new report from Microsoft bases the claim on the 36 vulnerabilities fixed in Windows Vista during its first year, compared to the 65 found in Windows XP, but analysts remain skeptical.

Windows Vista gets high marks for security, from Microsoft at least.

"I think that it's fair to say that Windows Vista is proving to be the most secure version of the Windows to date," said Austin Wilson, director in Microsoft's Windows client group, in a blog post on Wednesday. "Our investments in the SDL [Security Development Lifecycle] and our defense in depth approach to building Windows Vista seem to be paying off."

Windows Vista also exhibited fewer vulnerabilities than other operating systems over a one year period, according to a report published by Jeff Jones, security strategy director in Microsoft's Trustworthy Computing group. The report claims that there were 36 vulnerabilities fixed in Windows Vista during its first year, compared to 65 in Windows XP, 360 in Red Hat RHEL4 reduced, 224 in Ubuntu 6.06 LTS reduced, and 116 in Mac OS X 10.4, also known as Tiger.

"My analysis found that researchers found and disclosed significantly fewer vulnerabilities in Windows Vista than either it predecessor product, Windows XP, or other operating systems such as Red Hat Enterprise Linux, Ubuntu, and Apple Mac OS X 10.4," said Jones in his report.

Eric Schultze, chief technology officer of St. Paul, Minn.-based Shavlik Technologies, considers such metrics to be apples-to-oranges comparisons. "When you start counting vulnerabilities, it's a matter of defining vulnerabilities," he said. "For example, if a bulletin is released for Internet Explorer, that's one patch for IE. Microsoft may have broken it out to say there are five distinct issues fixed in this patch. Is that five vulnerabilities or is that one vulnerability because it's one patch?"

Setting aside questionable comparisons to other operating systems, Vista's superiority to its Windows ancestors may not seem particularly surprising or noteworthy. But Wilson makes the case that Vista's security features like User Account Control and Internet Explorer Protected Mode reduce the risk and severity of security vulnerabilities and give companies more time to deploy patches.

Wilson points out that Windows Vista makes it easier to run standard user accounts rather than administrative accounts, which are more dangerous when compromised. This, he says, diminishes the impact of vulnerabilities.

"Of the 23 security bulletins that have been released for Windows Vista through January 2008, 12 specifically call out a lower impact for those running without administrative privileges: MS07-033, 034, 040, 042, 045, 047, 048, 050, 057, 064, 068, and 069," explained Wilson. "This is a great illustration of the importance of User Account Control and why we included it in the product. It's also the reason I personally run as a standard user on every machine I use."

Wilson also singles out Internet Explorer Protected Mode as a reason that Vista is more secure than XP. Protected Mode in Vista prevents Internet Explorer 7 from altering user or system files, and various settings, without consent from the user. This diminishes the effectiveness of malicious Web sites, if the user is paying attention.

As evidence of the impact of Protected Mode, Wilson cites the MS07-056 security bulletin from October 2007. It was rated "Important" on Windows Vista and "Critical" on Windows XP. He also notes that IE 7 and Vista are blocking almost 1 million phishing attempts every week.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll