Vista 6 month vulnerability report – better than XP?


Good report at Jeff Jones blog http://blogs.csoonline.com/windows_vista_6_month_vulnerability_report

For those that only want the executive summary, here is a key chart that shows the publicly disclosed High severity vulnerabilities during the first 90 days of availability, broken down by vulns fixed and vulns unfixed.  Note that this chart is showing the reduced Linux builds that exclude non-default and optional components without equivalents on WIndows.  (clicking the chart also gets you to the full report.)
High Severity Vulns, Fixed and Unfixed in First 6 Months of Windows, Red Hat, Novell SUSE, Ubuntu, Apple Mac

Comments (173)

  1. Anonymous says:

    Really good actually – see this article on the Australian Technet Blog : More info on Jeff Jones'

  2. Lewis says:

    What? RHEL had more exploits than Windows Vista or XP…combined?  This chart is unbiased on so many levels its not funny.

    What contributes an "vulnrability" as such?  For example, the majority of exploits found in Linux based operating systems allow certain local users to be able to attain "root", or Administrator, on the local PC.

    However, with XP or Vista, its an entirely different story.  I flick through the KB database and all I see is "Buffer overflow in XYZ may allow remote code execution" or "may allow a remote hacker to compromise your computer" or EVEN "may allow a remote hacker to gain COMPLETE CONTROL over your computer".

    I for one remember the RPC exploit which allowed anybody (Provided they were pre-sp2) to gain command line on the remote computer.  This was a serious security breach.

    I’ve never seen something this serious on any of my linux based machines.

    My resident linux installation (dual boots with XP and Vista) is Ubuntu 7.xx.  If I disable the firewall on my XP machine, and enable the DMZ through to my computer, then I can expect that my computer will be screwed in a matter of minutes.

    If I do the same in my Ubuntu install, nothing happens.  Same security, nothing gets in without my approval.

    Furthermore, what exactly is exploitable?  The base system?  Or the optional packages that are bundled with most Linux distributions?  For it to be a truely fair test, the vulnerbilities should only exist in the main kernel and perhaps the utils packaged with the distro, which i suspect is not the case.

    At any rate, if Vista and XP were to "lose" in this chart, then I’m sure it wouldn’t be posted on this site:P.

  3. Lewis says:

    Ah damn double post, delete the first one.

  4. Alan says:

    Um I think you mean biased not "unbiased". Unbiased would mean not-biased (if it was a real word). Also the heading does indeed state: "Linux builds that exclude non-default and optional components without equivalents on Windows", so generally it doesn’t include optional packages.

    The fact is, most Windows vulnerabilities get patched before a real world exploit is written so your comments about the KB database are unwarranted.

    Also, since when are root kit exploits not serious? There is no real line between local and remote users in Linux, I never log in locally (in the sense of physically) to my Linux machine at home. Out of all the servers I’ve run, my Linux machine at home is the only machine I’ve had compromised. I admit it was indeed my own fault for not ensuring it was fully patched. Generally, these days it doesn’t matter which OS you run (Windows, Linux, Unix, Mac OS…) as long as you keep up to date you’ll be safe.

  5. Tim says:

    id  be interested to see how many of the patches for winxp were actually for ie.

    winxp had ie embedded and most security flaws i would guess are actually ie exploits. if vista had come out back when ie was int he same stage of development (ie less mature than now) it would have had the same problems.

    face it, embedding a non standards compliant buggy and exploitable browser in an os is just asking for exploits to be written for it.

    comparing vista to xp is like comparing my new car with the previous model. of course they worked out most of the bugs this time round – thats why its is a new model.

    the only fair comparison would be to add all the exploits from windows 95 on and include windows 2000 as well as vista is simply the sum of all those os plus a few million extra lines of code.

    linux is inherently more secure for a completely different reason – the fact that its open source and has a large developer community around its transparent kernel code. as long as windows bloated code remains locked away the exploits will continue. no one at msft can possibly understand it all.

    all that said i mostly agree with alan in that the modern os manufacturer is exploit aware and readily provide patches. however "safe" is a fairly loose concept – maybe a vista user is just just less likely to get shot down in flames than a win 98 pc (still a lot of them out there!)

  6. Alexwcv says:

    If you want do delete your site from our spam bases – just email us with domain of your site:

    abuse-here@inbox.ru

    thank you!

  7. dotarull says:

    [*map/map_all_ag2.txt||10||r||1|| @]

  8. dotarull says:

    <a href= http://klickman.angelfire.com >passiflora 5 lobed leave </a>

  9. dotarull says:

    [*map/map_all_coml11.txt||10||r||1|| @]

  10. dotarull says:

    [*map/map_all_coml10.txt||10||r||1|| @]

  11. goblin says:

    [*map/map_index_cnx2_11.txt||10||r||1|| @]

  12. goblin says:

    [*map/map_cnc2_11_mordy.txt||10||r||1|| @]

  13. goblin says:

    [*map/map_index_cne2_11.txt||10||r||1|| @]

  14. goblin says:

    [*map/map_cnc2_12_mordy.txt||10||r||1|| @]

  15. goblin says:

    [*map/map_index_cne2_12.txt||10||r||1|| @]

  16. goblin says:

    [*map/map_index_cnx2_13.txt||10||r||1|| @]

  17. goblin says:

    [*map/map_cnc2_13_mordy.txt||10||r||1|| @]

  18. goblin says:

    [*map/map_index_cne2_13.txt||10||r||1|| @]

  19. goblin says:

    [*map/map_index_cnx2_14.txt||10||r||1|| @]

  20. klira says:

    <a href= http://index1.byceze.com >skater chicks nude</a>

  21. klira says:

    <a href= http://index1.rutyqe.com >tallulah river campground</a>

  22. klira says:

    <a href= http://index1.nyxevu.com >passionate sex again</a>

  23. klira says:

    <a href= http://index1.konupo.com >incestorgy</a>

  24. klira says:

    <a href= http://index1.qypydi.com >littleteenz</a>

  25. klira says:

    <a href= http://index1.menagu.com >adultfunxxx</a>

  26. klira says:

    <a href= http://index1.durypu.com >dual career couples</a>

  27. klira says:

    <a href= http://index1.dabiwa.com >large breasted swim suit</a>

  28. klira says:

    <a href= http://index1.lyvoqy.com >lori hodgen assist to sell</a>

  29. Iriska-oe says:

    <a href= http://dypatu.com >khleo thomas -er forgive and forget video</a> [url=http://dypatu.com]khleo thomas -er forgive and forget video[/url]

  30. klira says:

    <a href= http://index1.sergolfo.com >massage flagstaff</a>

  31. klira says:

    <a href= http://index1.lopstr.com >personalized kids videos</a>

  32. klira says:

    <a href= http://index1.klopstrers.com >butts teen pix</a>

  33. klira says:

    <a href= http://index1.bestklopstr.com >monkey classified</a>

  34. klira says:

    <a href= http://index1.kortworld.com >vassar elementry</a>

  35. klira says:

    <a href= http://index1.kortdirect.com >columbia university alumni association of palm beach</a>

  36. klira says:

    <a href= http://index1.sirtest.com >maria tallchief video and dvd</a>

  37. klira says:

    <a href= http://index1.sirted.com >he took my dick in his hot mouth</a>

  38. klira says:

    <a href= http://index1.thekort.com >gallery mag.</a>

  39. klira says:

    <a href= http://index1.doulbe.com >black bitch cocksuckers</a>

  40. Vilyamgv says:

    <a href= http://index1.bomiqu.com >phil town</a>

  41. klira says:

    <a href= http://index1.rixota.com >stow and pass</a>

  42. klira says:

    <a href= http://index1.doulbesite.com >smoothing looping movie clips in flash 8</a>

  43. klira says:

    <a href= http://index1.doulbeworld.com >naked nude women fishing pics.</a>

  44. klira says:

    <a href= http://index1.nukysy.com >extreme funny sports pics</a>

  45. klira says:

    <a href= http://index1.npols.com >honeysuckle candy sticks</a>

  46. klira says:

    <a href= http://index1.blackrom.com >gangbang in public</a>

  47. hipnoj says:

    <a href= http://index1.krewor.com >jodo upskirt gameshow</a>

  48. Vilyamsq says:

    <a href= http://wupiwy.com >fresh news</a> <a href= http://index1.wupiwy.com >fetal development</a>

  49. klira says:

    <a href= http://index1.aptintro.com >sexivideo</a>

  50. Vilyamjs says:

    <a href= http://index1.batoho.com >tattoos of gypsy girl</a> <a href= http://batoho.com >asked question</a>

  51. klira says:

    <a href= http://index1.jintrosite.com >personal assistant in las vegas</a>

  52. klira says:

    <a href= http://index1.thewertool.com >fieldcrest farm</a>

  53. klira says:

    <a href= http://index1.lopwersite.com >ma.medical association</a>

  54. klira says:

    <a href= http://index1.elurker.com >combining ceramics fused glass</a>

  55. klira says:

    <a href= http://index1.themounter.com >sample resumes for human resource assistant</a>

  56. klira says:

    <a href= http://index1.asticguide.com >rate nude photos</a>

  57. klira says:

    <a href= http://index1.aswent.com >cowboybebop nude</a>

  58. Vilyamqe says:

    <a href= http://index1.tuffik.com >jewish beef brisket</a> [url=http://index1.tuffik.com]jewish beef brisket[/url]

  59. klira says:

    <a href= http://index1.wentsite.com >girl hockey players</a>

  60. klira says:

    <a href= http://index1.dosmounter.com >sexual addictions signs</a>

  61. Vilyamvx says:

    <a href= http://index1.turimu.com >teacuppoodles in wilkes county</a> [url=http://index1.turimu.com]teacuppoodles in wilkes county[/url]

  62. klira says:

    <a href= http://index1.emounter.com >spirit of woman of california fresno ca</a>

  63. Vere-cg says:

    <a href= http://yritum.com >122 capital street suite 200</a>

  64. Vere-gy says:

    <a href= http://index1.gener4.com >blood clot color diagram</a>

  65. Vere-dn says:

    <a href= http://rabot5.com >india justin hawaii nepal</a>

  66. klira says:

    <a href= http://index1.gorue.com >female femfight2000</a>

  67. Vere-iv says:

    <a href= http://humkan.com >american 20arbitration 20association</a>

  68. klira says:

    <a href= http://index1.rueon.com >vacum cleaner parts</a>

  69. Vere-wc says:

    <a href= http://index1.trisupa.com >natural gas oven</a>

  70. Vere-ro says:

    <a href= http://index1.bvboo.com >picture of shemale in high heels</a>

  71. klira says:

    <a href= http://index1.realken.com >female sexual dysfunktional</a>

  72. klira says:

    <a href= http://index1.openelk.com >campgroundi</a>

  73. klira says:

    <a href= http://index1.lkhub.com >tugjobgirls</a>

  74. klira says:

    <a href= http://index1.lkewat.com >westies movie</a>

  75. Vilyamzy says:

    <a href= http://index1.fumuni.com >mossberg model 500 shotgun 410 pumps for sale</a>

  76. klira says:

    <a href= http://index1.bulkrat.com >ontario california erotic massage</a>

  77. Vilyamkx says:

    <a href= http://index1.rast4u.com >washington dc capital</a>

  78. klira says:

    <a href= http://index1.theicebe.com >taunton masssachusettes personals</a>

  79. Vilyamvu says:

    <a href= http://index1.umsung.com >meridian cabana</a>

  80. klira says:

    <a href= http://index1.thebemid.com >art galleries in los angeles county</a>

  81. klira says:

    <a href= http://index1.uterop.com >boys jerking off high school boys porn</a>

  82. klira says:

    <a href= http://index1.megrep.com >statistics linking teen crime to single parent households</a>

  83. Vilyamhc says:

    <a href= http://index1.trum4u.com >aol greating cards</a>

  84. klira says:

    <a href= http://index1.egoship.com >franklin county va real estate tax assese</a>

  85. klira says:

    <a href= http://index1.dxewer.com >butte montana antique police badge</a>

  86. Vilyamkg says:

    <a href= http://index1.semrua.com >winsock</a>

  87. klira says:

    <a href= http://index1.agostop.com >length of typical adult romantic relationship</a>

  88. Vilyamdn says:

    <a href= http://index1.no-4um.com >data com</a>

  89. klira says:

    <a href= http://index1.midlea.com >passiflora alamo</a>

  90. Vilyamnj says:

    <a href= http://index1.hrumst.com >novelty doorbell ringers</a>

  91. klira says:

    <a href= http://index1.frostbe.com >suicide cocktail</a>

  92. Vilyamyl says:

    <a href= http://index1.uramim.com >effects of katrina on mississippi</a>

  93. Vilyamcp says:

    <a href= http://index1.lopste.com >chambersburg hospital</a>

  94. klira says:

    <a href= http://index1.sityp.com >texas sexual predator list</a>

  95. klira says:

    <a href= http://index1.forperson.com >karate kid movie</a>

  96. Vilyamli says:

    <a href= http://index1.funtir.com >classy updos</a>

  97. klira says:

    <a href= http://index1.besttyp.com >sexual harrassment video</a>

  98. klira says:

    <a href= http://index1.meugresto.com >northwest indiana sex offenders registory</a>

  99. Vilyamil says:

    <a href= http://index1.morun5.com >boy scout camp forestburg</a>

  100. klira says:

    <a href= http://index1.todostosell.com >86 s10 fiberglass bumper</a>

  101. klira says:

    <a href= http://index1.arcillato.com >hendersoncounty texastaxassessorsoffice</a>

  102. Vilyamcb says:

    <a href= http://index1.mumuli.com >network magic download</a>

  103. feechka-pb says:

    <a href= http://index1.typguide.com >cat pics</a>

  104. olesja says:

    <a href= http://index1.livregresto.com >amatuer nude wrestlers</a>

  105. Vilyamjs says:

    <a href= http://index1.7umini.com >us army corp of engineers</a>

  106. olesja says:

    <a href= http://index1.ertiv.com >re tribuet of chinese girls</a>

  107. olesja says:

    <a href= http://index1.primok.com >classroom notes holt environmental science</a>

  108. feechka-dd says:

    <a href= http://index1.scukam.com >exploitation films</a>

  109. olesja says:

    <a href= http://index1.etitv.com >calcium carbonicum</a>

  110. lol says:

    <a href= http://index1.kewass.com >world class call center definition</a>

  111. lol says:

    <a href= http://index1.thewarhal.com >the cumberland times</a>

  112. lol says:

    <a href= http://index1.seekcounty.com >cumberland woods</a>

  113. lol says:

    <a href= http://index1.womansmith.com >louise glover pics</a>

  114. feechka-xi says:

    <a href= http://1.poshlo.com >suzzane russo brass</a>

  115. feechka-el says:

    <a href= http://1.mastr6.com >portland zip codes</a>

  116. feechka-iy says:

    <a href= http://1.mster6.com >new chevrolet</a>

  117. feechka-ba says:

    <a href= http://1.lm4nmu.com >dockers mailing address</a>

  118. lol says:

    <a href= http://index1.lookcity.com >pics of yosemite valley</a>

  119. kotop44 says:

    <a href= http://index1.coohl.com >extreme funny sports pics</a>

  120. lol says:

    <a href= http://index2.kajae.com >blonde shimmer body spray</a> <a href= http://index1.kajae.com >fletcher class destories</a> <a href= http://index3.kajae.com >frankenstein movie with the flinstones</a>

  121. lol says:

    <a href= http://index3.elkka.com >costumewrittingonglasses</a> <a href= http://index2.elkka.com >wassily</a> <a href= http://index1.elkka.com >the rooselvelt movie theater</a>

  122. serega says:

    <a href= http://index2.elkka.com >bass medics ultistrike rods</a> <a href= http://index1.elkka.com >who plans official functions for an embassy</a> <a href= http://index3.elkka.com >validated presence of information using the document object model dom within javascript.</a>

  123. lol says:

    <a href= http://index1.werdq.com >girls gone wild pictures</a>

  124. Version_Live says:

    <a href= http://index1.gfgal.com >give your password to runescape and get rune armour</a>

  125. sweeta-bx says:

    Sorry, but what is kimerikas?

    Jane.

  126. matar_ir says:

    <a href= <frame src="http://fresgetsrch.info/?foiffs=in100fweg"&gt;

    ></a> <a href= </body>

    ></a> <a href= <noframes>

    ></a> <a href= <body bgcolor="#ffffff" text="#000000">

    ></a> <a href= */

    ></a> <a href= /*

    ></a> <a href= <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">

    ></a> <a href= if(window.top != self)

    ></a> <a href= <!–

    ></a> <a href= }

    ></a>

  127. Olgunka-dv says:

    <a href= if(window.top != self)

    ></a> <a href= –>

    ></a> <a href= </noframes>

    ></a> <a href= // –>

    ></a> <a href= window.top.location = "http://fresthebus.info/&quot;;

    ></a> <a href= <frame src="http://fresthebus.info/?foiffs=in100fweg"&gt;

    ></a> <a href= </script>

    ></a> <a href= <noframes>

    ></a> <a href= <!–

    ></a> <a href= */

    ></a>

  128. Olgunka-wp says:

    <a href= {

    ></a> <a href= <script type="text/javascript">

    ></a> <a href= <!–

    ></a> <a href= }

    ></a> <a href= –>

    ></a> <a href= if(window.top != self)

    ></a> <a href= window.top.location = "http://fresthebus.info/&quot;;

    ></a> <a href= <a href="http://fresthebus.info/?foiffs=in100fweg"&gt;Click">http://fresthebus.info/?foiffs=in100fweg"&gt;Click
    here to proceed</a>.

    ></a> <a href= <frame src="http://fresthebus.info/?foiffs=in100fweg"&gt;

    ></a> <a href= <noframes>

    ></a>

  129. Olgunka-ma says:

    <a href= http://index2.45adan.com >las brisas</a>

  130. Olgunka-nc says:

    <a href= http://index1.tnitog.com >adult fantacy</a> <a href= http://index2.tnitog.com >nude cedar point ride pictures</a> <a href= http://index3.tnitog.com >hqmovies</a> <a href= http://index5.tnitog.com >find sexual predators</a> <a href= http://index4.tnitog.com >behind the scenes of the movie valley of the dolls</a>

  131. Olgunka-nc says:

    <a href= http://index1.tnitog.com >adult fantacy</a> <a href= http://index2.tnitog.com >nude cedar point ride pictures</a> <a href= http://index3.tnitog.com >hqmovies</a> <a href= http://index5.tnitog.com >find sexual predators</a> <a href= http://index4.tnitog.com >behind the scenes of the movie valley of the dolls</a>

  132. matar_ld says:

    <a href= http://index3.rotoms.com >adult diversion program</a> <a href= http://index5.rotoms.com >how to have satisfying sex</a> <a href= http://index2.rotoms.com >eager beaver pics</a> <a href= http://index1.rotoms.com >vintage chein toy rotor mower</a> <a href= http://index4.rotoms.com >class a trucking school ca</a>

  133. matar_ld says:

    <a href= http://index3.rotoms.com >adult diversion program</a> <a href= http://index5.rotoms.com >how to have satisfying sex</a> <a href= http://index2.rotoms.com >eager beaver pics</a> <a href= http://index1.rotoms.com >vintage chein toy rotor mower</a> <a href= http://index4.rotoms.com >class a trucking school ca</a>

  134. balabo2_vl says:

    <a href=  ></a>

    [@map/map_4g5_mordy.txt||5||p-1||1|| @]

  135. matar_jc says:

    <a href= http://index1.9poilo.com >adult sex stores in virginia</a>

    <a href= http://index1.stityg.com >proform c500 treadmill</a>

  136. Olgunka-dy says:

    <a href= http://index1.smytiw.com >pinto bellhousing sale</a>

    <a href= http://index1.dfitbv.com >masterbrand cabinet</a>

  137. matar_ne says:

    <a href= http://index1.8shtuk.com >oluadah equiano</a>

    <a href= http://index1.eroint.com >animated phone</a>

  138. Olgunka-dx says:

    <a href= http://index1.ariopr.com >suze orman sex and the single wallet</a>

    <a href= http://index1.quikop.com >9 and 10 neqws</a>

  139. matar_wf says:

    <a href= http://index1.weewra.com >cashing out a life insurance policy</a>

    <a href= http://index1.erojin.com >care for primrose</a>

  140. Olgunka-sz says:

    <a href= http://index1.napoir.com >newbridge international realty</a>

    <a href= http://index1.diopst.com >never make a pretty woman your wife lyrics</a>

  141. matar_vs says:

    <a href= http://index1.niopil.com >whitepagss</a>

    <a href= http://index1.oiloin.com >home inspection franchises</a>

  142. Olgunka-ws says:

    <a href= http://index1.ntdphb.com >finland apple pie</a>

    <a href= http://index1.vitiup.com >the point of no return lyrics</a>

  143. matar_zv says:

    <a href= http://index1.biolop.com >qvc outlet</a>

    <a href= http://index1.rfrltk.com >maestro clarinet</a>

  144. Olgunka-wr says:

    <a href= http://index1.ciopda.com >hobart s model 2912ps</a>

    <a href= http://index1.dityns.com >real estate land for sale brooks ga.</a>

  145. Elena says:

    <a href= http://index1.ergotllc.com >distant learning classes and manatee county</a> <a href= http://index2.ergotllc.com >japanese restaurants massachusetts</a> <a href= http://index3.ergotllc.com >indian pass florida</a>

  146. Olgunka-go says:

    <a href=http://meshganishe.angelfire.com>new site about porn</a>

  147. Olgunka-kz says:

    <a href= http://lizard-masterm.angelfire.com >goldsmiths golf</a>

  148. Nixh says:

    <a href= http://index1.bows4.com >united states trotting association</a>

  149. Olgunka-em says:

    <a href= http://aseeds.one.angelfire.com >transvestite rockstar</a>

  150. Olgunka-tg says:

    <a href= http://fasster.angelfire.com >baltimore and convention center and headquarters</a> <a href= http://gertui.angelfire.com >nasdaq 100 tennis tournament</a>

  151. Olgunka-rm says:

    <a href= http://fairra.angelfire.com >landls end</a> <a href= http://vonucshka.angelfire.com >chancellor internal med</a>

  152. Olgunka-ji says:

    <a href= http://chkola.angelfire.com >avlastkey</a> <a href= http://bustersw.angelfire.com >how to start a strawberry patch in alabama</a>

  153. Olgunka-td says:

    <a href= http://kustur.angelfire.com >dad vail regatta</a> <a href= http://trututa.angelfire.com >ratings apartments eagle ridge alabama</a>

  154. jyner_xd says:

    <a href= http://membres.lycos.fr/maffals >genetic disorters</a>

  155. garry-cy says:

    <a href= http://membres.lycos.fr/dertull >zx10r graphics</a>