Is Windows Vista Living up to the Dream?

Windows Vista has had by no means an easy ride throughout 2007. That much is for sure. The latest Windows client has come under a barrage of criticism, and despite the fact that it has passed the 100 million mark by the end of the past year with its install base, it is still perceived as a Wow shot and miss.

But if Vista was indeed suffering in terms of performance, stability, reliability, incompatibility and support, there is one aspect where the operating system has obliviously outperformed its predecessor. Even though it features no new security barriers in comparison to Windows XP, but just added mitigations, Vista, without being bulletproof, does offer a superior level of protection.

"I think that it’s fair to say that Windows Vista is proving to be the most secure version of the Windows to date. Our investments in the SDL and our defense in depth approach to building Windows Vista seem to be paying off. Let’s take a look at some areas that we’ve made progress in: the impact of defense-in-depth; Internet Explorer 7’s protection of personal information; vulnerabilities and infections; and cost savings," explained Austin Wilson, director of Windows Client Security Product Management.

Because of extra security measures such as the User Account Control and Internet Explorer 7 Protect Mode, no less than 13 security bulletins patching flaws throughout 2007 have a reduced maximum severity rating on Vista compared to XP. Of course that in the end, the purpose of the Software Development Lifecycle is to decrease the severity level of the vulnerabilities that do manage to get through to the final product.

"Internet Explorer 7, which is the default browser in Windows Vista, also helps protect the personal information of end users. We’re seeing almost 1 million phishing attempts blocked per week, representing a large number of potential cases of identity theft or credit card fraud that were stopped. In addition, there are over 3500 sites with Extended Validation SSL Certificates (EV SSL) representing an improved level of authentication for securing transactions on these sites. Internet Explorer 7 is the first browser to fully support EV SSL," Wilson added.

Wilson also turned to another relevant metric that is connected with security - patch events. As far as businesses are concerned, each time a vendor releases security bulletins, the company has to activate its internal patch management process. But such a scenario at the level of its IT infrastructure automatically results in higher costs of ownership. In XP's first year on the market, users had to patch the operating system in 26 different days. In Vista's first year, users only plugged the operating system on nine different days.

"Windows Vista in its first year had significantly fewer fixed and unfixed vulnerabilities than Windows XP in its first year: 36 fixed/30 unfixed for Windows Vista vs. 68 fixed/54 unfixed for Windows XP," Wilson said. "Since Windows Vista was released, there were three months in which Windows XP had updates and Windows Vista did not (December ’06, January ’07, and November ’07). This means that an organization running all Windows Vista clients would have had three months in which they wouldn’t have had to deploy an OS update to their clients at all."

Wilson also cited data from the Microsoft Security Intelligence Report from 10/07, revealing that in the first half of the past year, Vista was affected by 60% less malware and 2.8 times less potentially malicious code than XP SP2.


Related Posts by Categories

Widget by Hoctro

Enter your email address:

Delivered by FeedBurner


Source Code