You've been hearing the stories about how people just want to stick with Windows XP SP2, but Windows Vista security is supposed to be better. Do you wonder how many vulnerabilities and patches each one had in 2007?
In the wake of my Windows Vista One Year Vulnerability Report, which compared the "first year of availability" of several products, I received many comments along the lines of "of course Windows Vista beats Windows XP as it shipped in 2001, but what about the current Windows XP SP2?"
I set out to answer this question, at least for 2007 and the result is a short paper analyzing vulnerability data for Microsoft Windows Vista and Microsoft Windows XP SP2 for calendar year 2007 and a brief analysis to see if any benefit is apparent for users of one OS over the other. You can download the full paper here.
Here is the chart breaking down the vulnerabilities by Microsoft severity ratings
I found that Windows Vista offers benefit over Windows XP SP2 in the following ways for 2007:
- Windows Vista had 30% fewer Security Bulletins than Windows XP
- Windows Vista had 20% fewer vulnerabilities than Windows XP
- Windows Vista had 28% fewer Critical and Important vulnerabilities than Windows XP
- 26 vulnerabilities on Windows Vista are less severe for any users running as standard user
