Very few organizations operate in a one OS vendor world. Sometimes there are good reasons to choose a different OS for a particular application or task. Sometimes it’s a technical decision, sometimes it’s political. And times though, it’s rather like a battle between religion beliefs.
Microsoft often gets beat up based on the popular perception that the Windows operating systems are not as secure as other operating systems. There are a whole lotta different ways to spin the data and sadly even the most enlightened discussions seem to quickly degenerate into the classic, not-so-constructive, “my OS is better!”/”no my OS is better!” argument.
That’s why I like people like Jeff Jones. Yes, he works for Microsoft and may or may not be biased, but he takes a look at the numbers, puts them together and then invites discussion. He posted his Operating System Vulnerability Scorecard for February last week which compares fixed vulnerabilities in popular client OS’s (Vista, XP, Novell SLED10, RHEL4WS, Ubuntu LTS and Mac OS X) and server OS’s (Windows 2003, RHEL4AS and Sun Solaris 10). There is a whole thread on why he used fixed vulnerabilities and not all vulnerabilities in the comments below his January Scorecard posting, so I won’t have that discussion here, but suffice to say that the Windows OS’s do quite well, as does Mac OS X. Jeff is quite transparent about his methodology and is very open to constructive criticisms. He’ll be publishing these scorecards on a regular basis.
In case you still think Jeff is simply towing the company line, check out Internetnews.com’s recent article “Report Says Windows Gets the Fastest Repairs” and then read through the referenced report on Internet security threats researched and published by Symantec.
Sure we can improve and we are striving to do that every day. Keep criticizing us, keep giving us feedback, keep talking about what could be better. Let’s have constructive discussions that deal with facts and let’s make it easier and better to do business going forward.