Since my original post on last week's Symantec paper, they've released another one as noted by Joris Evers in Symantec continues Vista bug hunt . Now that I've read both of the first two papers, I note two perspectives from Symantec on this: 1) the perspective of the researchers in their paper, and 2) the uses that the Symantec marketing team may be attempting with the content. On the first perspective, the papers read like an analysis I would expect from a test team performed on a pre-release...

Ben Fathi, the Corporate VP of the Security Technology Unit has kicked off a new blog focused on Windows Vista Security. I've added a link on the side and you can read it here: http://blogs.msdn.com/windowsvistasecurity/ . Also, while I'm on the topic of Ben, let me remind you that he also hosts a Technet Chat that allows you to connect and ask him and his extended team any question you want each month directly. You can add the next one (August 10th) to your calendar, or pick from the list of...

UPDATE: Several readers sent me a link to the paper , so I have it now. Thanks! I didn't use "FUD" in my title, because it frankly gets used so often, and sometimes even applied to me . FUD (or Fear, uncertainty, and doubt ) is a sales or marketing strategy of disseminating negative (and vague) information on a competitor. Now, why I don't think this applies to my recent vulnerability metrics posts is: 1) I was very specific in the data and analysis, 2) the data was factual, 3) the analysis...

NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for myself. What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the assertions of security superiority for Linux and Open...

NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for myself. What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the assertions of security superiority for Linux and Open...

Debian developers learned this morning that someone had hacked into one of the project servers (gluck), so the debian team took all of the servers offline to investigate, flatten and rebuild. Here's the message: http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html Please note that you should not confuse this hack of the Open Source debian project with the one from November, 2004, Hackers Attack Debian Linux . That was a completely different incident.

NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for myself. What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the assertions of security superiority for Linux and Open...

What OS were you using in 1998? Windows 98? Red Hat 5.1? Something else? The MSRC blog recently re-iterated the upcoming end of life for Windows 98 , Window 98SE and Windows ME, indicating that there will be no support after the July 11th patch Tuesday. (There’s more detail about this and other Support Lifecycle dates on the Support Lifecycle Website: http://www.microsoft.com/lifecycle .) After a short new lease on life , the road is reaching it's end later than originally planned. Or, earlier...