On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

October 31st, 2007

One year later, Vista really is more secure

Posted by Ed Bott @ 1:02 pm

Categories: Security, Windows Vista

Tags: Security, Microsoft Windows Vista, Microsoft Corp., Microsoft Windows Vista (Longhorn), Microsoft Windows, Operating Systems, Software, Ed Bott

In Focus » See more posts on: Vista

Windows Vista was released to manufacturing a year ago next week, and landed on retail shelves exactly nine months ago today. To mark the occasion, I dragged a system out of mothballs and installed the original RTM version of Vista Ultimate on it. (Well, OK, I also needed a test bed for some upcoming work, but still…)

Anyway, I was surprised to see that the automatic update process picked up only 35 updates totaling 93.9 MB in size. That’s an average of fewer than four updates per month. And the number drops to fewer than three per month if you start counting with the original release to manufacturing date, which will mark its one year anniversary next week.

Jim Allchin, who led the Vista development and launch, is probably feeling at least somewhat vindicated today. After all, he predicted in an interview with PC World that patch counts would go way down with Vista:

“In my opinion, it’s the most secure system that’s available and the most secure system we have shipped,” he said. This means the number and severity of security updates Microsoft must release every month on Patch Tuesday, the name security researchers have given for when Microsoft releases its monthly security patches, should be reduced, Allchin said.

“That can be proven,” he said of his patch prediction. “We will see about that.”

The lineup of patches for October 2007 offers some instructive examples. MS07-55 was a Critical update for Windows XP SP2 but didn’t apply at all to Vista. MS07-56 was rated Critical for XP SP2 but was only Important for Vista. (For an explanation of the differences, see this page.)

And those 35 patches weren’t all security related, either. Some were reliability and compatibility fixes. There are updates to the Windows Mail Junk Mail filters, and in the case of this system at least one driver update. So how does Vista measure up to its predecessor if you filter out all but security updates? Out of curiosity, I went to the Microsoft Security Bulletin Search page and looked for Critical and Important bulletins issued in the past year. Here are the results:

  • Windows XP with SP2: 41
  • Windows Vista: 14

That’s almost as thorough a drubbing as the Patriots gave the Redskins last weekend. Microsoft has taken a lot of flak for Vista, but these results, in my opinion, validate the Security Development Lifecycle process, which was and is at the core of Vista’s design and evolution.

Ed BottEd Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. See his full profile and disclosure of his industry affiliations.

Email Ed Bott

Subscribe to Ed Bott's Microsoft Report via Email alerts or RSS.

  • Talkback
  • Most Recent of 283 Talkback(s)
wait, no
Fuggeddaboudit, get linux. (Read the rest)
Posted by: LinuxOwns Posted on: 12/05/07 You are currently: a Guest | | Terms of Use
So, let me get this straight...  jparrott@... | 10/31/07
Vista security  jimmccormick | 10/31/07
Well...  ego.sum.stig@... | 10/31/07
lol, I knew  Badgered | 10/31/07
The lazier MS with security updates-the more secure is OS. It's logical (NT  FX512 | 11/01/07
True, that is what Ed is suggesting  laman | 11/03/07
Bye!  andrej770 | 11/03/07
Which would you rather have?  NonZealot | 11/03/07
The number of patches NEVER reflects real security.  U525 | 11/03/07
Message has been deleted.  i8thecat | 11/01/07
When MS, against user's will, installs/deletes/copies whatever MS wants...  Hot379 | 11/02/07
Hmmm, if my car needs fewer repairs...  No_Ax_to_Grind | 10/31/07
*ahem*  ego.sum.stig@... | 10/31/07
silly poster, my Windows doesn't need repairs.  No_Ax_to_Grind | 10/31/07
So...  ego.sum.stig@... | 10/31/07
Message has been deleted.  socialism=nowhere | 11/01/07
Message has been deleted.  ego.sum.stig@... | 11/01/07
stable  thomaswort@... | 11/01/07
Yes, well...  ego.sum.stig@... | 11/02/07
"Works fine"  Mike Cox, Sr. | 10/31/07
Message has been deleted.  Intellihence | 11/01/07
re: 95%  Badgered | 11/01/07
The question stands...  bmerc | 11/01/07
Yeah but does Windows still have 95% share? (nt)  dave95. | 11/01/07
@bmerc: Technically, no it does not.  ye | 11/01/07
Touche'....  socialism=nowhere | 11/01/07
2nd he needs to change the name...  socialism=nowhere | 11/01/07
Message has been deleted.  xuniL_z | 11/02/07
WELL  LinuxOwns | 12/05/07
Oh Geez...nt  socialism=nowhere | 11/01/07
Using this line of thinking...  jparrott@... | 10/31/07
My gas tank is fine. What is your problem?  No_Ax_to_Grind | 10/31/07
Is that your final answer?  JJQ1000 | 11/01/07
Well...  Suicida| | 11/01/07
In his case...  jasonp@... | 10/31/07
miserable man....  simon.mcturk@... | 11/01/07
LOL!!!!!!!!! Well they have Rosie...  socialism=nowhere | 11/01/07
Just a note  Hrothgar - PCLinuxOS User | 11/03/07
I'm sure those driving ford Pintos thought the same  voska | 10/31/07
That's it!--  Mike Cox, Sr. | 10/31/07
Yep...  jasonp@... | 10/31/07
Wrong Analogy  bhartman33@... | 11/01/07
Or look at it another way  JJQ1000 | 11/01/07
I have to ask you  laura.b | 11/01/07
'tis but a trifle...  ego.sum.stig@... | 11/01/07
However  laura.b | 11/02/07
Re: Hmmm, if my car needs fewer repairs....  milton@... | 11/01/07
Or...  Relorian@... | 11/01/07
It's a stupid metric to judge security  voska | 10/31/07
It is a valid metric  gazzawazza | 11/02/07
Yet when MS was releasing a lot of patches the ABMers...  ye | 11/01/07
It doesn't work both ways  voska | 11/01/07
Of course it doesn't. Not when it comes to ABMers.  ye | 11/01/07
RE: It doesn't work both ways  laura.b | 11/01/07
Touche  dventer@... | 11/01/07
Message has been deleted.  i8thecat | 11/01/07
Biased source is the foundation of this article  dfolk | 10/31/07
Read the article  JamesGeek | 10/31/07
huh?  Badgered | 10/31/07
Reading comprehension not your forte?  NonZealot | 10/31/07
Count Patchula  DannyO_0x98 | 10/31/07
So you have other facts to consider?  No_Ax_to_Grind | 10/31/07
He was using the quote as a prediction, not as proof.  osreinstall | 11/01/07
I think he was making his own conclusions  socialism=nowhere | 11/01/07
less does not equal better per se  ted.law@... | 11/01/07
Since when is anti-Gutmann the same as pro-MS  NonZealot | 11/01/07
OS is the best yet...  Mike Cox | 10/31/07
How dare you...  ego.sum.stig@... | 10/31/07
Covert Operations  DannyO_0x98 | 10/31/07
Leopard Firewall  JamesGeek | 10/31/07
What..  xuniL_z | 11/01/07
And I'm sure you drive from the passenger seat.  ego.sum.stig@... | 11/01/07
God you are such a sucker...must be new  socialism=nowhere | 11/01/07
Well, new yes...  ego.sum.stig@... | 11/01/07
Fuggeddaboudit  Louis.Ross@... | 11/01/07
wait, no  LinuxOwns | 12/05/07
That was a 5.0  georgeou | 10/31/07
I don't know...  swoopee | 11/01/07
Really... 8.0 at least...  Wolfie2K3 | 11/01/07
Yeah he could.....  Hrothgar - PCLinuxOS User | 11/03/07
8.5 ;^}  thx-1138_@... | 11/01/07
Re: OS is the best yet...  Altiris_Grunt | 11/01/07
OS is the best... what?  Trent Black | 11/01/07
You've been hooked!!!!  Hrothgar - PCLinuxOS User | 11/03/07
Ready for this surprise?  Linux User 147560 | 10/31/07
Not as friendly as *nix? Buahahahahaha  No_Ax_to_Grind | 10/31/07
Actually He Is Right  itanalyst | 10/31/07
Vista Adjustment  Louis.Ross@... | 11/01/07
So still waiting for you  Linux User 147560 | 10/31/07
Yes... of course you will deny and run with your tail  Linux User 147560 | 10/31/07
Stretching?  JamesGeek | 10/31/07
Does't change the facts  Linux User 147560 | 10/31/07
Nope  JamesGeek | 10/31/07
"technology inept"  Jack-Booted EULA | 10/31/07
Does't change the facts  Linux User 147560 | 10/31/07
Reviews  JamesGeek | 10/31/07
Well that's pretty easy to answer  Linux User 147560 | 10/31/07
A hint for you:  Mike Cox, Sr. | 10/31/07
Since the other hit the max replies.  JamesGeek | 10/31/07
"Chuck a Windows user in front of a Linux box and"...  jacarter3 | 11/01/07
I have for the last couple of years  Linux User 147560 | 11/01/07
You forget the most important review.  xuniL_z | 11/02/07
Are you having an aneurism yet?  ego.sum.stig@... | 11/02/07
As Always.....attacking the poster  xuniL_z | 11/05/07
How else would you renounce?  Ole Man | 11/05/07
People are sheep....  Hrothgar - PCLinuxOS User | 11/03/07
Granted, I don't watch a whole lot of television...BUT  xuniL_z | 11/05/07
explain that?  Ole Man | 11/05/07
Actually, he's right about that, Axie  Chad_z | 11/01/07
The Kernel project has zero focus.  xuniL_z | 11/01/07
Eight Lines  Louis.Ross@... | 11/01/07
8 was not correct.  xuniL_z | 11/02/07
MS is a Dragon...  Hrothgar - PCLinuxOS User | 11/03/07
Reading comprehension is not your strong point is it?  voska | 11/01/07
I think it depends on the way you look at it.  ju1ce | 11/01/07
Here's the surprise...  xuniL_z | 11/01/07
Are you really  Linux User 147560 | 11/01/07
No, it's more like you  xuniL_z | 11/01/07
Oh, one other thing....and the linux kernel  xuniL_z | 11/01/07
You really don't understand  Linux User 147560 | 11/01/07
The usual response. ad hominem  xuniL_z | 11/02/07
OSS is about money  Hrothgar - PCLinuxOS User | 11/03/07
Are those figures based on reality?  JJQ1000 | 11/01/07
What figures?  Linux User 147560 | 11/01/07
Breach of Vista  TeranceH | 11/01/07
So you admit that you did this to yourself?  NonZealot | 11/01/07
Did you report this to security focus  Linux User 147560 | 11/01/07
Speak for yourself  notsofast | 11/01/07
Bitty, You're Not Going To Win This One  itanalyst | 10/31/07
Performance?  JamesGeek | 10/31/07
Performance???  jparrott@... | 10/31/07
Laptop  JamesGeek | 10/31/07
Huge Difference...  itanalyst | 10/31/07
Happy to hear that  JamesGeek | 10/31/07
I ran into a Dell like yours...  itpro_z | 11/01/07
your computer, or your skills, are not up to the task  Ole Man | 11/02/07
Come on, Ole Man..  itpro_z | 11/02/07
Working great here on a four-year-old PC  Ed BottZDNet Moderator | 11/02/07
Actually Ed, I can beat that!  Ben_E | 11/02/07
Nothing to be proud of Vista System Requirements. Sorry guys.  Hot379 | 11/02/07
Sorry, itpro_z  Ole Man | 11/02/07
beat that  Ole Man | 11/02/07
@Hot379: Vista System Requirements  ye | 11/03/07
@ye: another excellent point  NonZealot | 11/03/07
For a 10K PC - requirements are not that important as for a $500 PC.  U525 | 11/03/07
doesn't the 360...  Hrothgar - PCLinuxOS User | 11/03/07
I run Vista.  TheTruthisOutThere@... | 11/01/07
... and I have demanding apps too, like Cubase  Altiris_Grunt | 11/01/07
Cubase details.  TheTruthisOutThere@... | 11/01/07
Re: Cubase Details  Altiris_Grunt | 11/01/07
I concur  Hrothgar - PCLinuxOS User | 11/03/07
Nobody FORCED to have vista  otaddy | 11/01/07
That's absolutely the most irrational comment I've heard yet...  ju1ce | 11/01/07
Still not forced to buy Vista  otaddy | 11/01/07
Aren't forced?  ju1ce | 11/02/07
Nope not forced  otaddy | 11/02/07
Wow impressive.. One line out of context. happy  ju1ce | 11/02/07
Can you give a more concrete  xuniL_z | 11/02/07
Again,  ju1ce | 11/02/07
Oh come on.....fallacies abound  xuniL_z | 11/05/07
I worked with AT&T SVR4 Unix and SCO Unix for 10 years  Ole Man | 11/05/07
My beef with your reply..  ju1ce | 11/05/07
No he cant, he wants to pretend he is a victim.  otaddy | 11/02/07
See my response on the other one (NT)  ju1ce | 11/02/07
Dear Sir.  xuniL_z | 11/05/07
You are but an open book  Ole Man | 11/05/07
I invite you to try PCLinuxOS  Hrothgar - PCLinuxOS User | 11/03/07
I have used it on a few occassions...  ju1ce | 11/01/07
My Vista is 100% secure  Bill4 | 10/31/07
You're right...  jasonp@... | 10/31/07
go check out the bug-farm...  rtk | 10/31/07
Are you the same"jason p" that works for  GuidingLight | 10/31/07
Maybe they're patching multiple vulns in each fix.  kraterz | 10/31/07
RE: One year later, Vista really is more secure  haaglander@... | 11/01/07
RE: One year later, Vista really is more secure  jfp | 11/01/07
They are already looking  Hrothgar - PCLinuxOS User | 11/03/07
Nice conclusion  Kid Icarus-21097050858087920245213802267493 | 11/01/07
The rules have changed.  xuniL_z | 11/01/07
Are you really feeling that threatened?  Kid Icarus-21097050858087920245213802267493 | 11/01/07
You are totally  xuniL_z | 11/02/07
You are totally back peddaling  Kid Icarus-21097050858087920245213802267493 | 11/05/07
Your hypocrisy has not gone unnoticed  Ole Man | 11/05/07
Do you have numbers?  Ed BottZDNet Moderator | 11/01/07
Ed's "Serious question"  jacarter3 | 11/01/07
re: Ed's "Serious question"  CobraA1 | 11/01/07
Especially...  TheTruthisOutThere@... | 11/01/07
Did you read my post and even try to  jacarter3 | 11/01/07
If MS is offering downgrades  Kid Icarus-21097050858087920245213802267493 | 11/01/07
Uh, check again  Ed BottZDNet Moderator | 11/01/07
I think he means...  ego.sum.stig@... | 11/01/07
Same fiasco, different day  Kid Icarus-21097050858087920245213802267493 | 11/01/07
they are doing it to satisfy customers  otaddy | 11/01/07
If they can...  Hrothgar - PCLinuxOS User | 11/03/07
I have looked for those numbers  Ed BottZDNet Moderator | 11/01/07
No Ed  jacarter3 | 11/01/07
Ed didnt say it was insignificant  otaddy | 11/01/07
How many times do I have to  jacarter3 | 11/02/07
Well we can agree that scotch is good!  otaddy | 11/02/07
Not what I said  Ed BottZDNet Moderator | 11/01/07
I never said I had the answer, Ed  jacarter3 | 11/02/07
Answer  Ed BottZDNet Moderator | 11/02/07
When XP hit the streets  jacarter3 | 11/02/07
Third party research  Ed BottZDNet Moderator | 11/02/07
@jacarter3: Polls  ye | 11/03/07
You do realize when you talk about downgrades  xuniL_z | 11/02/07
Actual usage numbers prove that it is insignificant.  ShadeTree | 11/03/07
Shadey ol' pal  jacarter3 | 11/05/07
at my shop i have installed vista on 463 computers  SO.CAL Guy | 11/01/07
Not Right  Louis.Ross@... | 11/01/07
The MS apologist always use that line  jacarter3 | 11/02/07
Try this one on for size  itpro_z | 11/02/07
itpro_z - Please tell me the name of this organization  jacarter3 | 11/02/07
Right  itpro_z | 11/02/07
No one blames Vista for being bloated  jacarter3 | 11/02/07
To: Jacarter  itpro_z | 11/02/07
bspro_z  Louis.Ross@... | 11/08/07
:P  Ben_E | 11/02/07
Well, considering  Kid Icarus-21097050858087920245213802267493 | 11/01/07
Yes, how many?  Ben_E | 11/02/07
RE: One year later, Vista really is more secure  kerry.farina@... | 11/01/07
well....  Badgered | 11/01/07
Probably some truth to it  jamesdivine | 11/01/07
You have to learn to walk before you learn to run  Michael Kelly | 11/01/07
Still not ready  skiplarson | 11/01/07
I don't disagree with any of that  Michael Kelly | 11/01/07
Other OS  Louis.Ross@... | 11/01/07
RE: One year later, Vista really is more secure  dbriere@... | 11/01/07
Few security updates for Vista as compared  rcfoulk@... | 11/01/07
Patch me if you can  Chiatzu | 11/01/07
RE: One year later, Vista really is more secure  blittrell | 11/01/07
Good post, Ed ...  mwagner@... | 11/01/07
All that proves is the  Linux User 147560 | 11/01/07
sorry Linux users until Linux becomes user friendly in installing  SO.CAL Guy | 11/01/07
Please  Hrothgar - PCLinuxOS User | 11/03/07
You contradict yourself  otaddy | 11/01/07
All you prove  xuniL_z | 11/02/07
False metric  tony@... | 11/01/07
RE: One year later, Vista really is more secure  pwoodruff@... | 11/01/07
Vista WGA can trash your computer.  rgeiken@... | 11/01/07
Maybe more secure but also more of a pain  alkolkin@... | 11/01/07
Funny...  Mitch 74 | 11/01/07
I had a long brush with Ubuntu  otaddy | 11/01/07
This is bogus  Heatlesssun1 | 11/01/07
I agree  Ben_E | 11/04/07
RE: One year later, Vista really is more secure  business@... | 11/01/07
Meh  Relorian@... | 11/01/07
How long did it take...  Relorian@... | 11/01/07
I just migrated...  russc@... | 11/01/07
RE: One year later, Vista really is more secure  Crabby Guy | 11/01/07
And that's something to write home about?  Mikael_z | 11/02/07
Stop attempting to rewrite history.  Anon_ymous | 11/02/07
LMAO  Squireldoo@... | 11/02/07
Help  sejeff@... | 11/02/07
Patch Count Comparison is not Accurate  ghalverson_z | 11/02/07
Well...  ju1ce | 11/02/07
RE:Well...  n0neXn0ne | 11/02/07
I think you're splitting hairs this is why.  ju1ce | 11/02/07
Security should be protectection against the bad guys  Ole Man | 11/05/07
Counterpoint  Ben_E | 11/04/07
Bill Gates Driving his Edsel to Waterloo  Ole Man | 11/02/07
Man  thirtyseven | 11/02/07
Man..  ju1ce | 11/02/07
Mike Cox?  thirtyseven | 11/05/07
9.5  Ed BottZDNet Moderator | 11/02/07
Excellent  rapson | 11/02/07
Who's deleting my posts???  Nunya Bidnez | 11/02/07
Now wait a minute...  3dguru | 11/03/07
You tell us. Your posts implies it happens frequently but...  ye | 11/03/07
By that measure  hawkeyeaz1 | 11/03/07
Correction on typo  hawkeyeaz1 | 11/03/07
Vista Security  summitguy | 11/04/07
@summitguy: HW to run it becomes more affordable???  ye | 11/04/07
Not comparing like to like  SNWoods | 11/04/07
I will agree with this, to a point...  Ben_E | 11/04/07
This year  Ed BottZDNet Moderator | 11/04/07
Re: One year later.  lenathome | 11/06/07
You seriously need to learn the difference  rtk | 11/06/07
Personally...  ego.sum.stig@... | 11/06/07
Agreed, of course  rtk | 11/06/07
Well..  ego.sum.stig@... | 11/07/07
stability is just one part of the equation.  rtk | 11/07/07
You own 30 computers?  Duke E. Love | 11/07/07
Allow me to laugh  LinuxOwns | 12/05/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline