Defending The Kingdom

Microsoft says that Windows Vista, during its first year on our computers, had fewer known vulnerabilities than Windows XP, Red Hat Enterprise Linux, Ubuntu 6.06, and Mac OS X 10.4.

Compiler, a Wired blog, rebuts:

This doesn’t mean that Vista is inherently more secure than these other OSes. All the study proves is that Vista had a better security track record than the other OSes over their first year of release.

I’m not sure how sharp a criticism this is. True, the comparison doesn’t show which operating system is the least vulnerable right now, but first-year performance says something important about the security mindedness of those who were most involved in building the system.

This complaint is, perhaps, more plausible:

Furthermore, other commenters point out that Microsoft’s report offers zero transparency with regards to how it decides what is a serious security vulnerability and what isn’t. And since security problems are not often surfaced by automatic bug reporting, there may be many smaller vulnerabilities which aren’t being reported, but which users of Linux and Mac OS X may be more apt to notice, given the less consumer-heavy user bases of those OSes.

Still, Microsoft appears to be making an effort at being more security conscious than it has in the past, with some success. Consider Internet Explorer 7 – the company’s update to the woefully dangerous Internet Explorer 6 – which is now virtually as safe as Firefox according to Secunia, a security consultancy.