Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
Microsoft touted Windows Vista's lower patch count this week, saying it required about 20 percent fewer fixes in 2007 than the four-year-old Windows XP Service Pack 2.
Jeff Jones, a security strategy director in the company's Trustworthy Computing group who regularly cites vulnerability statistics, said that Microsoft plugged 45 holes in Vista during 2007 compared to 56 in Windows XP Service Pack 2 (SP2), the version of the aging operating system that was supplanted by SP3 only last week.
Microsoft also patched fewer flaws marked "critical" and "important" -- the top two rankings in its four-level vulnerability scoring system -- in Vista (36 total) than in XP SP2 (50 total). By Microsoft's numbers, the company quashed 28% fewer critical or important bugs last year in Vista than in XP SP2.
Jones' analysis came in response to users' comments about a similar report he published in January that trumpeted Vista's security status on its first anniversary, he said. "In the wake of my Windows Vista One Year Vulnerability Report, which compared the 'first year of availability' of several products, I received many comments along the lines of "of course Windows Vista beats Windows XP as it shipped in 2001, but what about the current Windows XP SP2?"
In the January report, Jones had compared Vista with the original version of XP, and called out statistics that said Vista had posted about half as many vulnerabilities in its first full year of availability as Windows XP did in its opening 12 months.
At the time, some users griped that the comparison was unfair because 2004's XP SP2 was the edition most commonly deployed, and had substantially upgraded Windows XP's security provisions.
"XP was introduced a long time ago when security was not the requirement it is today," said a user identified as "Jim" in a comment to a January Computerworld story on Jones' Vista-XP match-up. "A much better comparison would be to compare Vista with XP TODAY."
Even as Jones touted Vista, he downplayed the significance of the vulnerability statistics. "This is not an analysis of 'the security' of these operating systems," he said, acknowledging that just one factor -- in this case the patch count -- "can't measure the absolute 'security' of an OS.
"[But] all other things being equal, is it easier to mediate risk on a system that has 10 vulnerabilities in a year or one that has 100 vulnerabilities in a year?" Jones asked rhetorically. "Which has a more negative impact on your security team and risk management process -- deploying 10 security updates per year or deploying 100 security updates per year?"
Jones' latest report can be downloaded from the Microsoft site (download PDF).
ARN Member Login
D-Link Australia & New Zealand
D-Link is the global leader in connectivity for small, medium and large enterprise business networking. The company is an award-winning designer, developer and manufacturer of networking, broadband, digital electronics, voice and video communication.
To Find out more about D-Link solutions visit www.dlink.com.au
D-Link Australia & New Zealand
Featured Products
- GREEN ETHERNET WEBSMART
DGS-1200 Series Managed Switch
D-Link has integrated its Eco-friendly Green Ethernet technology into the WebSmart switch family. WebSmart switches also known as the DGS-1200 series are ideal for the small organisations that wants high speed Gigabit connectivity and don't need many major management features. - DIGITAL HOME
DSM-330 HD Media Player
Leverage your PC power and enjoy fast, smooth, stutter-free video, music and photo playback in a rich, remote-controlled TV interface. The new generation D-Link DivX Connected™ HD media play is now available. - NETWORK ATTACHED STORAGE
DNS-343, 4-Bay NAS Box
The highly anticipated 4-bay NAS box has just arrived. Following the great success of its brother 2-bay NAS box the DNS-323. This unit is versatile and can be used in the home to share multi-media with the family or even in the office to store and share files.
New Products
-
BUSINESS GRADE FIBRE SWITCH
DGS-3100-24TG Managed L2 Gigabit Stackable SFP Switch
Providing 8 Gigabit Ethernet ports, 16 SFP ports and 2 HDMI ports for high speed switch stacking. This is the ideal device for WAN aggregation and use in commercial environments requiring fibre links. - POWER OVER ETHERNET SWITCH
DES-1008P, 8-Port PoE Switch
D-Links entry level PoE switch. Featuring 4 PoE Ports users can easily connect and supply power up to 15.4 Watts, a total PoE budget of 56 Watts. Ideal to be used with a variety of PoE clients such as D-Links IP Camera's or wireless access points. - SOHO VPN ROUTER
DIR-130, 8-Port Broadband VPN Router
DIR-130 is an easy-to-deploy routing 10/100 switching, VPN, and firewall designed specifically for the small office home office.
Download
- Product Selection Guide Issue 3, 08 (3.2MB PDF)
- D-Lifestyle Magazine Issue 11 (3.7MB PDF)
- D-Link Power Up Your Business Poster (1.7MB PDF)
Case Studies
- Commercial Grade Wireless - Four Points Sheraton Hotel Case Study (300K PDF)
- Business Class Switching - Microsoft Campus Case Study (800K PDF)
- High Bandwidth Networking Solution - Team Emirates New Zealand Case Study (751K PDF)
Whitepapers
D-Link TV
Watch videos about D-Link products and much morehttp://www.dlinktv.com
D-Link Training
Find out more about D-Link products trainings and certification programhttp://training.dlink.com.au
WebCentral boosts Security and Reliability with Windows Server 2008
WebCentral, Australia's largest web and application hosting company, relies on Microsoft Windows Server 2008 to deliver the security, manageability and reliability their customers require.
Subscribe to ARN
