Defending The Kingdom

Microsoft says that Windows Vista, during its first year on our computers, had fewer known vulnerabilities than Windows XP, Red Hat Enterprise Linux, Ubuntu 6.06, and Mac OS X 10.4.

Compiler, a Wired blog, rebuts:

This doesn’t mean that Vista is inherently more secure than these other OSes. All the study proves is that Vista had a better security track record than the other OSes over their first year of release.

I’m not sure how sharp a criticism this is. True, the comparison doesn’t show which operating system is the least vulnerable right now, but first-year performance says something important about the security mindedness of those who were most involved in building the system.

This complaint is, perhaps, more plausible:

Furthermore, other commenters point out that Microsoft’s report offers zero transparency with regards to how it decides what is a serious security vulnerability and what isn’t. And since security problems are not often surfaced by automatic bug reporting, there may be many smaller vulnerabilities which aren’t being reported, but which users of Linux and Mac OS X may be more apt to notice, given the less consumer-heavy user bases of those OSes.

Still, Microsoft appears to be making an effort at being more security conscious than it has in the past, with some success. Consider Internet Explorer 7 – the company’s update to the woefully dangerous Internet Explorer 6 – which is now virtually as safe as Firefox according to Secunia, a security consultancy.

From Wired News blog Threat Level:

Bringing what he sees in the world to ToorCon, infamous security expert Beetle says that the web community — and hackers — are missing the point and mis-estimating the dangers of the web.

The danger lies not in government monitoring, that’s been thoroughly recognized and railed against, Beetle says. It’s what we’re willing to let people do to our stuff so we can get it for free. Google’s autoscrubbing our searches for words to sell us stuff in the future is more dangerous to our privacy and future than pointless government monitoring, he says.

Do people understand the dangers and accept them? Or do they underestimate the dangers, and so never have a chance to work out the costs and benefits?