Windows Vista recently passed the 180 day mark since it was made available to business customers. Just as he did at the 90-day mark, Jeff Jones, a Microsoft Director from the Trustworthy Computing group and frequent blogger on security topics, has done a comparison of vulnerabilities discovered in Windows Vista versus other operating systems in their first 6 months of availability. Windows Vista holds up well in this comparison, showing a significantly improved vulnerability profile over its first 180 days of availability compared to Windows XP and the other operating systems that were examined. It’s interesting to note that Windows Vista is being subjected to a greater level of scrutiny than its predecessor, as tools used by security researchers have become significantly more sophisticated since Windows XP was released.
Of course, we’re always working harder to further reduce the number of vulnerabilities in our products. Windows Vista was our first client release to leverage the Security Development Lifecycle (SDL) throughout the entire development cycle. As new techniques for finding vulnerabilities are discovered, we make updates to the SDL which will be used in the development of future products. A good example of how that process works is in Michael Howard’s entry on the SDL blog.
Jeff’s “Windows Vista 6-month Vulnerability Report” is available here .
Hey did you remember to strip out the NSAKEY comments from the Windows Vista source code?
There is definately some good news out there
Security in Vista is definately improved over XP, however there will always be some security holes like this one
With regard to this problem, are there any plans to change the new Vista DVDs that will be pressed in the future to disable the feature above, or is it not seen as a major security problem because once you have given physical access to a machine your really fighting a losing the battle anyway?
Is Microsoft's main security focus on stopping remote off site attacks on Windows based machines?
I personally cant wait for you guys to get the Trusted Platform Module Stuff you built into the CPUs working for the whole OS not just Bitlocker Encryption. A lot of people working in big Pharma and Biotech need to have there whole IT systems really, really locked down and the Trusted Platform initiative could really help. There is a real need for stopping any unsigned code running on your machine at the hardware level, and a need for a ultra super secure Windows. Vista and Bitlocker are definately the way forward, hopefully Windows will continue to become more secure.