On TechRepublic: Why Linux will triumph over Windows
BNET Business Network:
BNET
TechRepublic
ZDNet

June 15th, 2007

Windows v Linux - Days of risk in 2006

Posted by Ryan Naraine @ 9:56 am

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, McAfee, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Linux, Operating System, Jeff Jones, Microsoft Windows, Microsoft, Ryan Naraine

Microsoft’s Jeff Jones has released his “days of risk” comparison of security vulnerabilities fixed in the major workstation operating systems in an attempt to prove his controversial argument that Windows users are arguably safer than those using Linux, Mac OS X or Solaris.

I recently wrote about Jones’ presentation this year’s TechEd conference where he discussed the metrics and techniques used to keep track of OS vulnerabilities and offered an early glimpse at his ongoing 2007 report card.

On his CSO blog, Jones is providing more data, including this chart showing the average days-of-risk in 2006.

days of risk
“We see in this first chart of the average Days-of-Risk that during 2006, Microsoft provided fixes for publicly disclosed vulnerabilities the quickest on average at about 29 days and Sun came in at the far end with the highest average DoR,” Jones writes.

He has not yet released the promised data for the patch count during the first six months of commercial availability of each operating system. These numbers, Jones argues, will show Windows Vista has the best security profile when compared with the major Linux distributions.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 111 Talkback(s)
Bad eye = Bad view
Musta forgot about the ones they found
but didn't report for several months or
in some cases several years.

This article has EVERYTHING to do
with "number of patches"
and "vulnerabilites". You talking about
a game of marbles?... (Read the rest)
Posted by: Ole Man Posted on: 06/29/07 You are currently: a Guest | | Terms of Use
So Microsoft?s Jeff Jones really said that? Really?  WiredGuy | 06/15/07
Never fault anyone for lack of integrity  intrepi@... | 06/17/07
Ordinarilly I'd let this one go  Badgered | 06/15/07
Why not?  James T. Kirk | 06/15/07
the numbers may be accurate  mdsmedia | 06/15/07
Um Because he works for Microsoft?  Suicida| | 06/17/07
Number are misleading.  Rick_K | 06/17/07
Numbers aren't misleading - users are happy  Himagain2 | 06/20/07
Numbers?  Sagax- | 06/21/07
i'm a clown  admin@... | 06/18/07
I thought I would share...  ninhead79 | 06/15/07
Not really sure what to make of that  Badgered | 06/15/07
Anonymity  ehwood | 06/18/07
Roger A. Grimes is right for Vista's and WS Longhorn's Security.  Grayson Peddie | 06/15/07
I'd question that "28.9" number  CobraA1 | 06/15/07

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here