Vista vulnerabilities – a comparison.

Perhaps it's a bit strong to say "if complete and utter chaos was lightning, Jeff Jones would be the sort to stand on a hilltop in a thunderstorm wearing wet copper armour and shouting 'All gods are bastards' " (as a favourite quote  has it)  but you must admit it's a better opening than "Blimey, XP was better than we thought", or "See, there was no need wait for Vista SP1".

Jeff, you see, has posted on his blog an analysis of Vulnerabilities in the first year of life of Windows Vista, Windows XP, two popular linux distros and Apple's Mac OS X 10.4. Here are the bare numbers (though you should read the whole thing)

Metric Windows Vista Windows XP Red Hat rhel4ws Reduced Ubuntu 6.06LTS Reduced Mac OS X 10.4
Release Date 30-Nov-06 25-Oct-01 15-Feb-05 01-Jun-06 29-Apr-05
Vulnerabilities Fixed 36 65 360 224 116
Security Updates 17 30 125 80 17
Patch Events 9 26 64 65 17
Weeks With at least 1 patch event 9 25 44 39 15

To explain the numbers a little, an update might fix more than one vulnerability, and more than one update might go out out in a patch event. Apple seem to roll all their fixes for a given event into a single update.

Vista is the newest of these operating systems and you could argue that the art of software engineering has advanced. But then Why did a 2001 Microsoft OS fare so much better 2005/6 products?

With all the claims of the Linux community like "With many eyes all bugs are shallow" - how did Red Hat have 360 vulnerabilities ? They released Patches 44 weeks out of 52, 20 of their patches came in weeks when there had already been a patch. Ubuntu didn't fare much better on that score.

If security vulnerability counts are indicative of bugs in general then Vista shipped in a better state than XP; Vista will go longer to SP-1 than XP did, it seems that they'll have roughly the same number of vulnerabilities fixed at SP-1.

So that's all good - why the "Wet copper armour" quote - and Gizmodo agrees with me ? Well, to bend another favourite quote, "The Internet is more full of exciting trolls and excruciating fan boys and girls than a pomegranate is of pips". Most times I mention Apple I get visited by one set or the other. Jeff just called their babies ugly. He's happy to discuss it. His document explains how he got to the numbers and he encourages people to do their own analysis. And he faces down point that "Of course you think the Microsoft products are good because you work for Microsoft" by pointing out it's the other way around, he works for Microsoft because he thinks the products are good. Like me. Like most of us.

Comments (6)
  1. James ONeill says:

    Sorry where’s the poke at Apple ? Their software is much, less riddled with vulnerabilities than Linux but they have more than XP or Vista. Their patching combines all the patches for one event into one. Is that bad ? I never said so.

    But thanks for making my point. Mentioning the number of vulnerabilities in the OS which Apple tries to tell consumers is invulnerable attracts the Apple Fan boys and trolls.  

    I work for the company with the superior product and I have the stats to prove it why on earth would I have an inferiority complex?

  2. James ONeill says:

    Haven’t you heard that phrase "to say someone’s baby is ugly." meaning to say something nasty about something someone cares about ? Babies ARE ugly. You just don’t bring the fact up.

    I’m pretty sure the words Ugly and Baby don’t appear in Jeff’s report. As for complexes I’ve got another bunch of people saying I’m arrogant about vista.

    The fact remains that OS X 10.4 had 3 times as many vulnerabilities as Vista and you seem to be terribly upset that anyone should say so.

  3. James ONeill says:

    yes, it’s a particular class of nasty.

    And I’m much more with Dorothy Parker: "If you haven’t got anything nice to say, come and sit next to me" 🙂

    It’s difficult though because I think we’ve made some good progress on software quality since XP , and XP was better than the competetion (on this metric at least). So do I tell the story that XP is good and Vista better (but risk being sucked into these kinds of Exchanges) or keep quiet and let people believe that Windows is less good than it really is….

  4. Rich says:

    What a surprise! In what looks like an attempt to drum up some more visitors to the blog and again, shrinking behind someone else’s work, research, quotes and figures (although obviously another Microsoft employee), Microsoft’s infamous anti-competitor blog brings us someone else’s work spun into yet another little poke at Apple!

    Obviously you’re not confident enough in your own products to be able to resist bashing the competition. That’s what I call an ‘inferiority complex’!

  5. Rich says:

    The poke? I’ve read Jeff’s report, it is interesting but I can’t see where he calls anyone’s baby ‘ugly’.  As for the inferiority complex, I really can’t help you with the ‘why’ part but can suggest reading your blog as testament.

  6. Rich says:

    So, saying ‘someones baby us ugly’ is a way of saying something ‘nasty’. Bingo.

    I’m not upset, I just think the trend of putting down your competitors as a way of trying to boost your own brand isn’t a good one. Yes, AND Apple do it too. But surely you don’t think this verbal battle gives either you or them any more credibility?

    Makes me think of the old phrase ‘if you haven’t got anything nice to say, don’t say anything at all’.

Comments are closed.

Skip to main content