Folks, I thought you might be interested in this report that has just been issued compiling the first year's worth of security vulnerability's found in Windows Vista, and comparing Windows XP and non-Microsoft OS's first year vulnerabilities.
The report can be found here but here are a few highlights:-
Windows Vista (year 1)
Windows XP (year 1)
Weeks with at least 1 Patch Event
These figures may be merely interesting until you consider the cost saving implications of reduced patches. A customer told me recently that each patch event costs them £30K, so this yr 1 reduction in patches would have delivered a direct £480,000 per annum saving to them running Vista over Windows XP!! Then there's the incalculable reduction in corporate risk from this reduction in vulnerabilities.
I won't comment but it's interesting to note the comparison to non-Microsoft operating systems. It certainly does fly in the face of some of the IT press reports that have surrounded Vista since it's launch.
Red Hat rhel4ws reduced (year 1)
Ubuntu 6.06 LTS reduced (year 1)
Mac OS X 10.4 (year 1)
yes I believe MS is doing a great job of securing their new products but I don't like the comparisons to other products rhel has a higher number of total sec vulns but how many are remotely exploitable how many are elevation issues.. ? I'm not worried about local exploits cause if your on the box u own it anyway. But like I said MS is still doing a great job, keep up the good work!
PingBack from http://mintywhite.com/tech/news/vista-vulnerability-report-published-for-year-1/
You shouldn't ignore local exploits - a seemingly innocuous elevation-of-privilege vulnerability can turn a remote access vulnerability into complete control of the machine.
For example: would you rather have two hypothetical IIS vulnerabilities that let you execute code in the context of the IIS account (these would probably be marked "important" or "critical," or would you rather have one such vulnerability ("important"/"critical") and one local elevation-of-privilege vulnerability (probably would be marked as "low" or "important")?
In the first case, the damage is non-trivial, but limited because the IIS account would have few privileges on its own. In the second, you could piggyback the EoP on top of the remote vulnerability, and now you own the whole machine.
Diferença grande se comparado com o XP. Metric Windows Vista (1 year) Windows XP (1 year) Vulnerabilities
This isn't something that I would normally bother blogging on - and from the lack of recent posts you