Vista Security Claims Debunked – Figures Skewed

The New Acunetix V12 Engine


Ah more news about the insecurity of Vista and something we are all pretty aware of…the skewing of figures by Microsoft.

Microsoft apparently still hasn’t learned that counting vulnerabilities doesn’t establish some kind of ‘security level’.

You can read the report here:

Vista 6 Month Vuln Report [PDF]

The Microsoft “researcher” claims that Windows Vista is exponentially less vulnerable than many Linux distributions and Mac OS X. It may be true that the default Vista installation has had less public vulnerability reports, and that Linux has had many more, but this is due to the nature of Open Source. Jeff does not include any “silently fixed” vulnerabilities that have been patched since Vista was released and Microsoft has not disclosed such vulnerabilities publicly.

The methodology used was deeply flawed, as I briefly mentioned before, bugs in Firefox and other software like emacs count as a flaw for Linux whilst IE bugs get ignored for Vista.

The conclusions that are drawn are built on a lack of understanding by the Microsoft researcher. I highly encourage him to go back and take another look, and pare down the results to essential information that is absolutely critical to the conclusions, rather than just “Other OS’s have more bugs, see, look at my graphs”…

Good PR, but bad research? Seems par for the course.

And perhaps it could backfire PR wise, as the clued in people get pushed further away from Vista.

Source: Full Disclosure

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


6 Responses to Vista Security Claims Debunked – Figures Skewed

  1. Nobody_Holme August 21, 2007 at 12:09 pm #
  2. TheRealDonQuixote August 21, 2007 at 9:16 pm #

    Man I hate Microsoft. If thier OS’s weren’t so easy to hack, and the mere fact that so many people use them, I’d never bother with it at all.

  3. Mitchel Ashley August 22, 2007 at 12:14 am #

    It has been our experience and the experience of our SAT team here are Stillsecure that Vista is the most secure OS ever made.

    Combine that with some security tools like SafeAccess and you have a nearly inpenatrable computing fortress.

  4. Michael Ajitsingh August 26, 2007 at 5:28 am #

    Those who use MS Windows are the same people who’d walk down Baghdad with a sign on their back saying “Hi, I’m an American.”

  5. Daniel August 30, 2007 at 3:29 am #

    hmmm oh well. security is still totally Dependant on the user.

  6. Sandeep Nain August 31, 2007 at 2:09 am #

    Well how about telling micro$oft that we agree with whatever microsoft says… I hope this will stop them from bugging us with their fake reports..