All the latest UK technology news, reviews and analysis
|
|
|
11 Jul 2005
Microsoft has claimed that open source database products and servers such as Linux have had a "significantly greater number and severity of vulnerabilities compared with Windows Server 2003 and SQL Server 2000".
Speaking at the Redmond giant's October 2003 Partner Conference, Mike Nash, corporate vice president of the Security Business and Technology Unit at Microsoft, attempted to justify the controversial claim by citing a report, Role Comparison Security Report: Database Server Role.
The report was commissioned by Microsoft from Security Innovation and was published on 6 June 2005.
"Customers should evaluate the disciplined development process that comes with Microsoft products against open source, which has no similar process," said Nash.
"That, coupled with our clearly defined commitment to managing security issues, is a compelling differentiator for Microsoft against other platforms on security."
In addition Windows XP customers without Service Pack 2 (SP2) are up to 15 times more likely to fall victim to viruses, the software giant has warned.
Nash claimed "measurable improvements" in the security of Windows XP SP2 over older versions of the operating system.
Windows XP SP2 has one-half the number of critical vulnerabilities compared with XP, XP SP1 and Windows 2000 Professional in the first nine months since XP SP2's release in August 2004, according to data presented by Nash.
In addition, customers using XP SP2 are 13 to 15 times less likely to be infected by some of the most prevalent malicious software relative to customers using earlier versions of XP, according to internal Microsoft analysis.
To date, Microsoft has distributed more than 218 million copies of the service pack. The firm said it has also distributed two million copies of Windows Server 2003 Service Pack 1, which offers similar security improvements, since its release in March 2005.
Nash explained that Microsoft has implemented a rigorous process known as the Security Development Lifecycle to train employees on the development of more secure code, and to test and review products for security quality.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Lead PHP Developer - Technical Architect - Ecommerce...
C# Software Engineers required to join rapidly expanding...
Java / J2EE Software Engineers required to join rapidly...
Developer (MIS / Business Systems - SQL / T-SQL, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
I thought this was an early April fool's joke...
Then I saw the date. Presumably someone at Microsoft was hoping to win the Comedian of the Year award!
Posted by: Mr.Goose 18 Jan 2010
hobbyist Junk????
"Yet more proof that professionaly written applications are superior to hobbyist junk like linux. Posted by: Mr. Toad, 11 Jul 2005 It just kills me when someone throws out statements like the one above and just leaves it. Amazing, just amazing. Does he mean professionaly written as in using someone else code write it for them selves, wrap it up tight so no else can see. And cause's no end of problems, then sells it???? Just amazes me. Daniel
Posted by: Daniel 07 Dec 2006
best joke
This claim is a joke, has to be:)
Posted by: john 11 Oct 2005
Swiss cheese
I agree with the first comment, by Bede Constantinides. With each new security vulnerability discovered comes a new patch from Microsoft. And with each new patch comes a new vulnerability. And as you keep adding patches the system performance and reliability drop significantly. Would you put a dozen patches on your bicycle tube? Then why does Microsoft send us a continuous stream of patches? Why don't they just get it right to begin with? Swiss cheese comes to mind...
Posted by: John Rowell 13 Jul 2005
The Web was created by a hobbyist
As I like to remind Microsofties who use th 'hobbyist' remark... Tim Berners Lee created the web as a hobby. And look how horible that hobbyist project is doing. For the record, Tim Berners Lee was a professional physicist at the time I believe.
Posted by: Xeno 12 Jul 2005
What about OpenBSD
Why don't they ever compare windoze to an operating system that has had one vulnerability in the last ten years.
Posted by: John 12 Jul 2005
MS PR at work
The funny thing is, most people I know accept what MS says as if they ARE the industry. If MS says it, it must be true. Somehow they are able to gloss over the constant problems they have with their PCs that they called me to work on. They look doubtfully at me as I explain that given their current software and usage, they could easily replace their OS and software with Linux and other OSS. And never experience a virus or worm again. And rarely would they need to call me. I even set up a demo, which they barely try. Oh well, I guess I should be happy to collect their $50 per hour, even though they could afford to buy a new system and throw an old one away every couple of months for what they pay me. Its wrong, but that's the price of insanity I guess.
Posted by: dingletec 12 Jul 2005
What a load of crap
Bloody Microsoft - Windows is like a badly punctured football, with bits of sellotape stuck over the holes, the sellotape, which has been there since windows 95, is beginning to lose its stick. Soon Windows will begin to fall apart.
Posted by: Bede Constantinides 12 Jul 2005
Professionaly written applications are more superior?
"Yet more proof that professionaly written applications are superior to hobbyist junk like linux" You mean hobbyist junk like Google - which you probably use every day and runs on Linux. ... Or do you mean hobbyist junk like Apache - runs vnunet.com and around all webservers on the planet. ... Or do you mean Samba used by government departments, public bodies and major corporates around the world iun preference of Windows 2003 Server. I can only hope you're just a Linux geek trying to flame us. If you're not, I think you should get out more.
Posted by: DogStar 12 Jul 2005
managing security issues
"commitment to managing security issues" - wouldn't it be better if MS actually fixed the security issues instead of "managing" them. Managing means hiding/ignoring them until someone publishes the exploit and MS is actually forced to fix it. I think I like the open source way of just fixing bugs better.
Posted by: John 12 Jul 2005
Biggest Boy on the Block
Being 6'3" I can relate w/ MS, much as I have issues with them too. When you're the biggest kid around you're the target for every guy with the little man's disease. What glory to write a virus for Apple at 2.6% market share or Linux with less? If a sociopath wants to make as much havoc as possible, you target MS. What kills me is I have to use Firefox to open my hotmail (part of MS) account for with "accept all cookies" IE won't let me pass their net passport. Where's THAT at? Yeh, they could do a better job but I've never been hit with a virus, worm or trojan, I simply upgrade my MS progs and virus defs religiously, but how many do?
Posted by: Mike Sears 12 Jul 2005
Obviously
Well to put it bluntly - I am fed up with Microsofts' diatribe on the matter. Like AA - the first step is admitting you have a problem. Critical introspection would be so very refreshing that the flaws could be better tollerated. Glossing and distorting makes me feel a bit of resentment that they find the consumers to be so gulable or ill informed. Stop degrading your customers!
Posted by: Zeke D. 12 Jul 2005
bs
Patching fewer vulnerabilities means they've patched fewer vulnerabilities, nothing more. Perhaps it means that Linux comes with more packages by default, or that Microsoft has simply stopped worrying about vulnerabilities unless they get publicity. MS could choose to patch half as many as they do now, and claim that they've made it even twice as secure. Most of the vulnerabilities that are found among the thousands of packages in a typical Linux distro aren't the kind you can use to take over the system, especially remotely. And features like the executable flag make it near impossible for a user to execute a program they've downloaded from the internet unless they absolutely want to.
Posted by: David 11 Jul 2005
Right
After 25 years reinstalling windows about every ten months due to many vulnerability flaws (plus dont let us forget to patch the os weekly), makes me wonder about this so called FACTS about security that MS talks about. Sick and tired of that, migrated to linux .... never had any security problems ever since
Posted by: RompeRatones 11 Jul 2005
Yet more proof
Yet more proof that professionaly written applications are superior to hobbyist junk like linux.
Posted by: Mr. Toad 11 Jul 2005
my opnion
I seriously have to agree with bs on this one. since the closed doors of microsoft we cant really see what goes on there, there isnt much to be said about linux that bs hasn't explained already.
Posted by: anonymous 11 Jul 2005
unfair
BS's comment it's totally unfair... MS could say the same for Linux. Aniway you must be blind not to acknowledge that security has increased greatly with each version of windows, from NT to 2000 and now greatly with windows 2003, and the same on the client side....
Posted by: Sergio 11 Jul 2005
Check under the hood!
Why doesn't M$ open up its Windows 2003 source code and let the people decide? If it truly is more secure than Linux, thousands of software engineers and hackers will jointly arrive at that conclusion.
Posted by: Joe Schmo 11 Jul 2005
Micro$oft F.U.D.
Microsoft is running scared since Linux has the potenial to kill off Windows. It has already done so in Europe in a couple of contries and that has Microsoft looking for any excuse to cast a bad light on Linux to save it's market share from srinking any further.
Posted by: L. C. Scott 11 Jul 2005
Let the FUD spew forth
I'm not sure why anyone would trust a report commissioned by Microsoft to toot their own horn. The glaring holes in the story are amazing. This rates right up there with the rest of their "Get the Facts" marketing campaign. Anything can look good if you skew the facts enough and fail to mention the lack of resemblance to reality. Windows XP SP2 is a patch for a patch that has been patched several times since it's release. As holes in the system get plugged, new holes open up and others become more obvious. The radical redesign of the Windows Operating System known as Longhorn is supposed to take care of the vast majority of the vulnerabilities. I'll believe it when I see it. I'm guessing it will take less than 3 weeks from the release date for the first critical flaw to emerge. As the previous poster mentioned, the number of security patches doesn't indicate a secure system. The "disciplined development process" has nothing to do with security, and everything to do with the limited resource pool Microsoft is using. Half of the article is comparing Windows XP to itself, and I would be worried if it didn't do so favorably. Where is the real-world comparison to non-Microsoft products? Where is the the actual security data, and the comparison to Linux, as the headline implies? This looks like more hot air.
Posted by: CopperLion 11 Jul 2005
April Fool!
This is a bit late for a april fools joke!
Posted by: nick 11 Jul 2005