The Microsoft 6 month vulnerability report

In yet another play on numbers (not to mention another attempt to persuade consumers that Vista is the greatest thing since sliced bread), yesterday Microsoft released a report titled “Microsft Vista Has Fewest Vulnerabilities at 6-Month Mark”, (PDF) implying that Vista has turned out to be an exceptionally secure operating system (OS)…much more secure than various versions of Linux, Mac OS X and Windows XP.

The report was written by Jeff Jones, the Security Strategy Director of the Microsoft Trustworthy Computing group (no, it’s not an oxymoron). He writes that for Vista’s first 6 months (remember, it was released to businesses on November 30, 2006), 12 out of 27 disclosed vulnerabilities were patched. For Windows XP, 36 out of 39 disclosed vulnerabilities were patched in the same time frame. I don’t mention the the Linux or OS X vulnerabilities because they’re not important, nor should they be compared to Windows. Those are entirely seperate entities.

“In all four cases studied for the 6 month period after ship, Windows Vista appears to have a lower vulnerability fix and disclosure rate than other products analyzed, including the reduced Linux installations. This affirms the early results we found after 90 days and provides a supporting indicator that Microsoft Security Development Lifecycle process and heightened focus on security is having a positive impact on Microsoft Windows in terms of fewer vulnerabilities” writes Jones.

Several analysts and news writers / bloggers aren’t buying it. For that matter, I’m not either. Several online media outlets are reporting that Microsoft is better at patching XP than Vista (if you look at the numbers on his report, it’s easy to see it that way but apparently he didn’t notice that). It also neglects to mention that one of the primary reasons there are “fewer vulnerabilities” is that there are far fewer people using it. In all actuality, the report is, for the most part, meaningless. If and when more people start using Vista, there will be more hackers looking at it too. In all probability it will be hit with some major vulnerabilities.

One other interesting thing to mention is an article by zdnet writer Ryan Naraine titled “Skeletons in Microsoft’s Patch Day Closet” that details how Microsoft is also secretly patching undisclosed vulnerabilities. On one hand, it makes sense that Microsoft doesn’t disclose all vulnerabilities since it could be used maliciously in the wrong hands. On the other hand, you have to wonder exactly what secrets are being kept by Microsoft by patching undisclosed vulnerabilities.

It also makes you wonder about the 15 other vulnerabilities found in Vista that haven’t been patched yet, let alone IF Microsoft is capable of patching them. Vista SP1 is supposed to be released by the end of this year as a result of a complaint to the Department of Justice by Google regarding the search function built into Vista. According to Microsoft, SP1 will address some “high impact” issues. Exactly what “high impact” issues? This is the most perfect, most secure OS ever designed. It’s innovative.

While you’re answering that question, Sam Varghese at would like to know why his computer running Windows Vista Ultimate is connecting to and while it’s sitting idle. I would too.

Well heck. While I’m in the Microsoft questing asking mood I may as well ask them one more. With all the uproar you caused involving Linux patent infringements why was Ubuntu Linux available on your Windows Marketplace? spotted that one. You’ve removed it since then, but at the time of this writing Google Cache had a copy of the page when it was active.

Unfortunately for Microsoft, people aren’t buying into Vista, and they aren’t as gullible as Microsoft would like to believe. You wouldn’t believe some of the emails I get from people who were traumatized by the Vista experience. Even with brand spanking new “Designed for Vista” computers. I’ve personally had the pleasure of witnessing 2 flavors of Vista bringing a screeching halt on equipment that is more than capably equipped. Thanks to them my barber is losing business. On rare occasions I get an email that says Vista’s ok.

I will not buy any version of Vista until the Licensing is changed, or until the Digital Rights Management BS and the User Account Control are either changed or removed. The licensing alone is enough to scare experienced computer users away. If I wanted to be nagged every time I wanted to do something I’d remarry my first wife. (Long story. Don’t ask)

There isn’t a whole lot that Vista does that can’t be done with XP with third party add-ons. People are happy with XP. Third party add-ons work with XP. It’s stable, reliable and doesn’t require special hardware (or for most consumers, most likely a brand new computer) to function correctly. You’ve got an excellent foundation, not to mention the largest user base in the world built upon with XP. You can make it look just as pretty as Windows Vista.

Here’s a quote from Mark Minasi, a very well known, highly respected Windows expert and author from a recent University of Virginia training session: “Microsoft’s main competitor for Vista is not Linux or Apple OS X, but Windows XP SP2. I don’t know anyone who is excited about supporting Vista.”

Note to Microsoft: quit playing these stupid ass games and trying to make people believe that this heap of crap OS you spent ungodly amounts of money to create and released before it was ready is worth the over-inflated price you’re asking for it.

Quit claiming you listen to your customers when you’re not. People are sick and tired of the games and the BS, and your desperation is beginning to look pathetic. This is a perfect example of what happens when one of the largest monopolies in the world begins to lose control, and then tries to branch out in too many directions.

If you put half as much time and effort into your technology as you do your marketing you wouldn’t have to worry about it. You already have enough control of every Windows users computer. You don’t need total control over it or to tell me how to run my computer.

Back to Bill’s Blog | Bill’s Links and More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.