Justified or not, Microsoft get a lot of flak for the security of their Windows operating system. Now, Jeff Jones, who is strategy director of Microsoft’s security technology unit, has posted findings to show that Microsoft releases patches for vulnerabilities in Windows faster than Apple, Novell, Red Hat, and Sun do for their respective operating systems.
Symantec (who we know aren’t exactly best buds with Microsoft) has acknowledged Microsoft’s findings.
The calculations show that Windows had under 29 days of risk last year, compared to 46 days for Mac OS X, 74 days for SuSE Linux Enterprise, 107 days for Red Hat Enterprise Linux, and 168 for Sun Solaris.
Even looking at specific operating systems from each company, and including Windows XP SP2, Jones found that XP was patched after an average of 53.3 days, closely followed by OS X Tiger at 54.2 days, with SuSE and Red Hat’s flavours of Linux coming in at 56.2 and 70.5 days of risk.
His findings also suggested that Windows XP was patched for less bugs than any other operating system, at just 90 in 2006, compared to 129 for OS X, 232 for SuSE Linux, and 301 for Red Hat Linux.
None of this specifically proves that Windows is a more secure system than the others. Patches may come out more quickly, but they may be just the tip of the iceberg. Additionally, a lot more publicity often surrounds Windows vulnerabilities than those of other operating systems, and are found more quickly because of the levels of successful attacks against Windows.
It will be interesting to see future numbers comparing Windows Vista and OS X Leopard, though that won’t be a possibility until next year at the earliest.
Maybe, though, Microsoft isn’t quite as shoddy in the security department as some would like us to think.