On TV.com: 2009's Most PIRATED TV Show
BNET Business Network:
BNET
TechRepublic
ZDNet

July 25th, 2008

21 months later, Vista is still more secure than XP

Posted by Ed Bott @ 2:30 pm

Categories: Security, Service Pack 1, Windows Vista, Windows XP

Tags: Security, Microsoft Windows Vista, Microsoft Windows Vista (Longhorn), Microsoft Windows XP, Microsoft Windows, Operating Systems, Software, Ed Bott

Last October, roughly one year after the release to manufacturing of Windows Vista, I did a comparison of how well Windows Vista was living up to its promise of being more secure than its predecessor, Windows XP (see “One year later, Vista really is more secure”). My data source was the Microsoft Security Bulletin Search page, where I tallied up security bulletins rated Critical or Important for the two Windows versions. The result? Vista had an overwhelming edge over XP, with a mere 14 security updates compared to 41 for XP with Service Pack 2 during the same period.

Has Vista maintained its security edge in the succeeding nine months? The answer, it turns out, is yes, although the margin has narrowed. I repeated that previous experiment using data from November 2007 through July 2008. The totals are as follows (in both cases, I assume that the most recent service pack is installed, with Vista SP1 counted beginning in March 2008 and XP SP3 in May 2008):

  • Windows XP: 23
  • Windows Vista: 19

The grand total for the period from November 2006 through July 2008, again assuming the most recent service pack is installed:

  • Windows XP: 64
  • Windows Vista: 33

Over the 21-month period, that’s a monthly average of roughly 1.5 Critical or Important security updates for Vista and 3 for XP.

Although it’s difficult to do Apple-to-Windows comparisons, I tried my best, using the Apple security updates page. By my count, between November 2007 and July 2008 there were 22 updates for Mac OS X and its included components, including seven Security Update packages designed to fix multiple vulnerabilities (such as the 13 separate fixes listed in the Mac OS X 10.5.4 update released on June 30). That’s four more than the Vista patch count during the same period and one less than the XP total. Make of that what you will.

My takeaway? The changes in the security model for Vista are continuing to pay off, and as Vista’s market share grows, bad guys are turning their attention to vulnerabilities that can exploit both operating systems. When they do, the impact on Vista is likely to be less severe, as in Bulletin MS08-36, which was rated Important for XP SP2 and SP3 but only Moderate for Vista RTM and SP1. And, of course, none of these numbers take into account the improvements in security that accrue when administrators are able to configure a standard user account in Vista that wouldn’t work smoothly if at all in XP. That simple change goes a long way to preventing users from being able to compromise a system by running malicious executable code.

Ed BottEd Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. See his full profile and disclosure of his industry affiliations.

Email Ed Bott

Subscribe to Ed Bott's Microsoft Report via Email alerts or RSS.

  • Talkback
  • Most Recent of 179 Talkback(s)
First..
sentence, no comment yet

As for the flocking, yes the number is big but as a couple posters above pointed out, this does not take in to consideration downgrades and OEM installs. Many (non-te... (Read the rest)
Posted by: Viva la crank dodo Posted on: 08/19/09 You are currently: a Guest | | Terms of Use
My take  itpro_z | 07/25/08
I hear that a lot  Ed BottZDNet Moderator | 07/25/08
I agree  NonZealot | 07/25/08
It's not just the counting  Ed BottZDNet Moderator | 07/25/08
Although I feel that Vista's security  alaniane@... | 07/29/08
I agree but....  T1Oracle | 07/25/08
And I agree with you  brble | 07/25/08
See my other comment in this thread  Ed BottZDNet Moderator | 07/25/08
Incongruities  Harry Bardal | 07/25/08
Summer reruns  Ed BottZDNet Moderator | 07/25/08
What I said about Vista...  brble | 07/25/08
get your blog (NT)  readwrite | 07/25/08
Just to pick one of your points...  Ben_E | 07/26/08
Same Experience So Far  soonerproud | 07/25/08
Although the UAC prompts maybe  alaniane@... | 07/29/08
Same hear two machines at home (knock-knock)...nt  ItsTheBottomLine | 07/28/08
Agrees...  5ri | 07/25/08
RE: 21 months later, Vista is still more secure than XP  Loverock Davidson | 07/25/08
.....  Linux User 147560 | 07/25/08
While I agree with the article...  AndyCee | 07/27/08
Citation has already been given...  MyBlueRex | 07/28/08
OEM installs  bbbaldie_z | 07/28/08
Check Out This Blog  chessmen | 07/28/08
I don't doubt...  AndyCee | 07/29/08
I think it will be quite a while  alaniane@... | 07/29/08
Flocking  bwchato | 08/12/08
most of your programs will work  rtk | 08/12/08
First..  Viva la crank dodo | 08/19/09
Loverock  Viva la crank dodo | 08/19/09
RE: 21 months later, Vista is still more secure than XP  Linux User 147560 | 07/25/08
Well if you're gonna talk about security...  hasta la Vista, bah-bie | 07/25/08
Even as a linux user...  AndyCee | 07/29/08
I think Vista is more secure, but nothing is bulletproof.  osreinstall | 07/26/08
.....  Linux User 147560 | 07/26/08
devil  osreinstall | 07/26/08
How does Linux protect against user actions?  ye | 07/28/08
It depends on the reason  Michael Kelly | 07/28/08
I am not following what you mean by "depends on the reason".  ye | 07/28/08
What I mean  Michael Kelly | 07/28/08
@Michael Kelly: So what is your point?  ye | 07/28/08
Kelly, you are not realistic.  osreinstall | 07/28/08
osreinstall, not saying that at all  Michael Kelly | 07/28/08
Ye...  Michael Kelly | 07/28/08
Kelly, you have to wait until legacy goes away.  osreinstall | 07/28/08
osreinstall, giving a detailed explanation  Michael Kelly | 07/28/08
Kelly, they don't want to hear any of it.  osreinstall | 07/28/08
@Michael Kelly: How would you propose they do that?  ye | 07/28/08
Ye again...  Michael Kelly | 07/28/08
10 years to implement. You are joking.  osreinstall | 07/28/08
@Michael Kelly: Your request sounds good on the surface.  ye | 07/28/08
Ye... unfortunately  Michael Kelly | 07/29/08
@Michael Kelly: What would you have MS do?  ye | 07/29/08
Message has been deleted.  bmerc | 07/30/08
User can't do it  Chad_z | 07/29/08
Don't give the Windows user administrator privileges either.  ye | 07/29/08
.....  Linux User 147560 | 07/29/08
Users can trash Linux.  osreinstall | 07/29/08
That's one reason  alaniane@... | 07/29/08
You missed the point.  osreinstall | 07/29/08
I didn't miss your point  alaniane@... | 07/29/08
Yes you did, bigtime.  osreinstall | 07/29/08
" You have to stop spreading linux is bulletproof myth. "  bmerc | 07/30/08
Yes, you guys do go overboard.  osreinstall | 07/30/08
Just a thought...  914four | 07/29/08
wahuh?  rtk | 07/29/08
...  ItsTheBottomLine | 07/28/08
Message has been deleted.  marks055@... | 07/25/08
That UAC stuff helps after all  LBiege | 07/25/08
Yup.  CobraA1 | 07/26/08
Hey Ed, I noticed the gap's closing...  hasta la Vista, bah-bie | 07/26/08
Of course it will still be alive  Ed BottZDNet Moderator | 07/26/08
XP  bwchato | 08/12/08
Since Vista started with the XP kernel  bjbrock | 07/26/08
Wrong  soonerproud | 07/26/08
Well they should have started with a Linux kernel  hasta la Vista, bah-bie | 07/28/08
That's like saying, "no need for sudo!"  Grayson Peddie | 07/28/08
Technically, you don't need sudo  alaniane@... | 07/29/08
Yea, it is right...  hasta la Vista, bah-bie | 07/29/08
Rootkits are named such  alaniane@... | 07/29/08
Non Root/Admin is a wonderful thing.  TripleII | 07/26/08
Definition of UAC  Ed BottZDNet Moderator | 07/26/08
....  Linux User 147560 | 07/26/08
I don't see that much difference  marks055@... | 07/27/08
I agree ...nt  ItsTheBottomLine | 07/28/08
Keep hearing this. But rarely do I see specifics.  ye | 07/28/08
It's in the post he's replying to  AndyCee | 07/29/08
They've been in Windows since 1993  ye | 07/29/08
Not all of them  Ed BottZDNet Moderator | 07/29/08
Those are not security features.  ye | 07/29/08
Read the entire thread  Ed BottZDNet Moderator | 07/29/08
@ Ed Bott: I am "prickly" because...  ye | 07/29/08
Actually, Ye Microsoft has taken quite a few  alaniane@... | 07/29/08
OK let me get this straight...  bmerc | 07/30/08
.....  Linux User 147560 | 07/29/08
Specifics, hardly. I keep hearing "they should fix it".  ye | 07/29/08
.....  Linux User 147560 | 07/29/08
More secure, fine.  markofkane | 07/31/08
I agree 100%. It was an argument I put forth for years...  ye | 07/28/08
I absolutely agree.  mwagner@... | 08/15/08
RE: 21 months later, Vista is still more secure than XP  waldenasta | 07/26/08
Vista Switch  Christopher73 | 07/27/08
RE: 21 months later, Vista is still more secure than XP  Burningfeetman | 07/27/08
RE: 21 months later, Vista is still more secure than XP  MyBlueRex | 07/28/08
So? Who really cares about this "solution?"  Jeremy W | 07/28/08
Actually...  bbbaldie_z | 07/28/08
Message has been deleted.  Jeremy W | 07/28/08
Message has been deleted.  Jeremy W | 07/29/08
Why has the Mac fallen in pwn2own?  DevGuy_z | 07/28/08
Two other factors  diane wilson | 07/28/08
Gee, time to run out and get Vista!  SteveMak | 07/28/08
Well, everyone was on Microsoft's case about security.  ye | 07/28/08
vague?  merc2dogs` | 07/28/08
Yes, vague.  ye | 07/28/08
Cameras? MidiDV?  Ed BottZDNet Moderator | 07/28/08
To his credit he did say :  ye | 07/28/08
Wait two years, then decide...  The Rationalist | 07/28/08
RE: 21 months later, Vista is still more secure than XP  ashmulay80 | 07/28/08
In my single, not pretending it's representative benchmark...  ye | 07/28/08
Ok so what is the percentage of PC with Vista installed ???  mrlinux | 07/28/08
I assume somewhere around 180 million  ye | 07/28/08
Well then it is not much above 10%....  mrlinux | 07/28/08
Was that a market share argument you just put forth?  ye | 07/28/08
Still trotting out that ridiculous statistic...  bmerc | 07/30/08
Fine  AndyCee | 07/31/08
RE: Ridiculous statistic... I totally agree!!!  whitesfyre | 07/31/08
Microsoft will only tell us what's sold...  rcar | 07/28/08
and what they cannot tell us is ...  LBiege | 07/28/08
so will apple.  rtk | 07/28/08
A little correction... happy  Solid Water | 07/28/08
RE: 21 months later, Vista is still more secure than XP  rwarmstrong1948@... | 07/28/08
Uh, might want to read again...  Ed BottZDNet Moderator | 07/28/08
Message has been deleted.  deliveryman1 | 07/28/08
Why the hell was my message deleted!!!!???  deliveryman1 | 07/29/08
see ya.  rtk | 07/29/08
Poor measure of security  preagan9999 | 07/28/08
Of course it is...  ejhonda | 07/28/08
You mean to say Vista has that many already!  mikifinaz1@... | 07/28/08
Reading is Fundamental,,,  OutsideThe Box | 07/28/08
Oh...  Badgered | 07/28/08
Reading comprehension  Ed BottZDNet Moderator | 07/28/08
RE: 21 months later, Vista is still more secure than XP  gbray@... | 07/28/08
21 months later, Vista Is Still Hated  chessmen | 07/28/08
Windows Vista Windows OneCare = Outstanding Security  cnfrisch | 07/28/08
.....  Linux User 147560 | 07/28/08
You missed one  CreepinJesus | 07/29/08
.....  Linux User 147560 | 07/29/08
RE: 21 months later, Vista is still more secure than XP  dysart | 07/28/08
Nice Synopsis.  beoz | 07/28/08
Very nicely surmised (nt)  AndyCee | 07/31/08
RE: 21 months later, Vista is still more secure than XP...  Solid Water | 07/28/08
Strip The Crap Out And Repackage It  itanalyst2@... | 07/28/08
I'd have been more surprised if Vista wasn't more secure than XP  zkiwi | 07/28/08
RE: 21 months later, Vista is still more secure than XP  jimiznhb | 07/29/08
Vista is still more secure than XP?  as901 | 07/29/08
maybe you can have someone  rtk | 07/29/08
They just can't sell it.  bjbrock | 07/29/08
Why Vista sells...  chrisfrmatl | 07/29/08
Vista is more secure than XP?!?!?!  bmerc | 07/29/08
RE: 21 months later, Vista is still more secure than XP  SHAMKEN@... | 07/29/08
Something different every day?  Ed BottZDNet Moderator | 07/29/08
RE: 21 months later, Vista is still more secure than XP  jackie40d@... | 07/31/08
Post moved? Moderator?  AndyCee | 07/31/08
21 months later, Vista is still more ONNEROUS than XP  madrucke@... | 07/31/08
RRE: 21 months later, Vista is still being pushed as better than XP? NOT!  whitesfyre | 07/31/08
Your figures are full of it  SirCatlord | 07/31/08
RE: Your figures are full of it  whitesfyre | 07/31/08
RE: 21 months later, Vista is still more secure than XP  gbash@... | 08/01/08
RE: 21 months later, Vista is still more secure than XP  michael@... | 08/03/08
lol  rtk | 08/03/08
Vista is still more secure than XP? Of course!  grail@... | 08/05/08
Vista security discovered to be even more usless  chessmen | 08/08/08
Total crap  Ed BottZDNet Moderator | 08/09/08
not total crap at all  james.faction | 09/25/08
The authors of the paper in question said so  Ed BottZDNet Moderator | 09/25/08
I was interested in the article and your take on it  marks055@... | 08/09/08
My follow-up  Ed BottZDNet Moderator | 08/13/08
News: Windows (Vista) broken ? I?m surprised it took this long  whitesfyre | 08/11/08
Sensationalist and wrong  Ed BottZDNet Moderator | 08/13/08
All good things take time...  mikifinaz1@... | 08/12/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads