CSO

Vista better than xp and others OS. Microsoft rulez :D
Regards, music

How many users have changed the tiger 10.4 on a leopard 10.5 and how many users windows have changed xp on vista?
_________________
My collection mp3 music

great.

Although Vista was criticized as not safe enough by some people I still love it. After all, its improtant patches are less than most of all the systems in the market. Isn't it true?

-------
D.S. studio

I have analyzed the vulnerability disclosures and fixes for Windows Vista and examined the results in the context of its predecessor, Windows XP, along with several other modern workstation operating systems including Red Hat, Ubuntu, Novell and Apple products to try and answer that question.

LWN.net site has published a review of this Vulnerability Report at:
http://lwn.net/Articles/239457/

I can't decide if i should install vista or not. Security is of great importance to all pc users. Thank you for your study, it is rather helpful to me.

-------------------------------------------------------------------------
Software Downloads and Reviews

Are there any similar comparisions done comparing Windows 2003 with IIS/ASP/MSSQL vs. Linux with Apache/PHP/MySQL but no GUI or X-Windows components installed? I'd be willing to bet that Linux would come out on top easily.

Thanks.

First of all, I read "Exactly how biased am I?"; kudos to you.

I will qualify my comments/questions by saying I only found the "ON" switch 8 years ago and I quickly looked for a solution other than Microsoft. (Something about the way the manual for 98SE was written that got under my skin.)

It seems to my untrained eye that all this is comparing apples to oranges. Would it not be more appropriate to compare RHEL4 to Longhorn and SLED9 to Vista? Or is Vista a stand alone Enterprise solution now?

Also if I may point out, aside from the wonderful low count of vulns that you've shown here, I recently bought my wife a new laptop with Vista preinstalled and just last night the new anti-virus I was loading on it still had 23,000+ signatures and two assorted truckloads of trojans and worms to look for. This is secure by design?
Conversly, the only thing that's ever crashed my Mandrake/Mandriva system is me.
Oh and by the way, so you can pass this on to the guys in programming, Vista still dogs the processor something terrible. I burned a Mandriva One disk and had Matisse running from the Optical Drive and it runs just as fast and boots faster.

I think the upshot of most any comparison to an audience like you'll get here is, and I know I'm throwing gasoline on the fire, what if Red Hat had been able to spend $6+ BILLION Dollars and 5 years in the developement of RHEL5? Where do you think the statistics would be then?

But I don't expect you to shoot yourself in the foot either.

HI Jeff, greetings from Spain :-).

I think that you are comparing too different products, only to make an easy and fair comparison.This is a good attempt, but it's not really fair. You can't make an easy comparison because the market is huge and it has many different study cases.

First, you compare commercial products ( including Ubuntu ;-) ) , and you ignore Debian and other non commercial products like OpenSuSe and regional Linux distros. These distros are installed in many production environments, and in educational and government institutions.and - surprise- most of them are based in Debian or Ubuntu - Debian's cousin ;-) - .Many Microsoft zealots and fanboys center their guns at RH, but there are more enemies out there :-D... And Red Hat has customized the linux kernel in many ways, so you can't really say RHEL is "pure" Linux ;-) - even RH produced drivers for hw that isn't supported in the "vanilla" kernel-. you should have centered your report in, at least, 3 major linux distros including SuSe and Debian stable.

Second : you say that you are focusing on vulnerabilities from commmon apps, not only the kernel, but in a real business world you MUST include other common apps like SQL server,.Oracle and MySQL, Apache and IIS, and so on. Then you can make a really fair comparison :-). I'm sure that this is a really hard work, but security needs a wider point of view... Security is a complex matter that doesn't allow simple and easy reports, Jeff. If someone argues their IT movements ONLY on reports like this, he must be fired at once :-D.

Third : Vista is safer than XP, no doubt. But Vista design is not really safe, because Microsoft relies its Client-Server and network architectures on the RPC system - Remote Call Procedure for newbies - ; the RPC system has intensive use in almost all MS apps, including SQL Server, and this is a very dangerous approach and a source of future security issues - many MS apps use the RPC for trivial purposes, some of them even stupid - . Microsoft needs to redesign their apps to eliminate excessive RPC use, but MS doesn't seem to do this in a near future. Most Unix systems use the RPC system with real care, because REAL WORLD experience says that RPC is a potential danger for system's security. This is a real threat that only a handful of IT workers really know and fear.

Again, Vista is safer than XP NOW - thanks God ;-) - specially in desktop use,but it has some potential vulnerabilities that can pursue the IT people for many years. Enough for desktop, but ... enough safe for enterprises and institutions?

Only time will tell ... but the potential flaws are floating out there :-).

Regards.

Alvaro Romero