Yes Virginia, Windows Vista Is More Secure
My PCWorld peer Katherine Noyes recently graced the Web with a trademark post bashing Microsoft and whining about the lack of Linux love in the world. Noyes was incredulous that the NSA (National Security Agency) would urge users to move to Windows Vista while ignoring the Linux OS completely.
The NSA published security guidance for home users entitled Best Practices for Keeping Your Home Network Secure in which it recommends that users transition from Windows XP to the more secure Windows Vista or Windows 7. Noyes is incredulous. "Yes, that's right, it actually recommends Vista. Why not throw in IE6 while we're at it?"
I'll tell you why. Windows Vista is substantially more secure than Windows XP, while Internet Explorer 6 is an unmitigated security disaster and malware magnet. I think that pretty well sums that up.
A Microsoft spokesperson explained to me that as a part of the process of developing the updated Exploitability Index, Microsoft examined all vulnerabilities from July 2010 through April 2011 and found that 37 percent of them either had less impact, or no affect whatsoever on newer platforms.
Joseph Chen, senior manager for Symantec Security Response, agrees that Windows 7 and Windows Vista are both more secure than previous Windows operating systems. "Windows 7 and Vista provide User Account Control, which enables users to set up user accounts with fewer privileges by default. In XP, user accounts are given administrator privileges by default. That is a security liability because many vulnerabilities and exploits only give attackers control over a computer in the context of the currently logged-in user."
Aryeh Goretsky, a researcher with ESET, points out that Microsoft had years of lessons learned from XP to apply to Vista, and that Vista was developed using Microsoft's industry-respected Security Development Lifecycle (SDLC).
Goretsky also explains, "Windows Vista (or at least the 64-bit edition) introduced the public to PatchGuard, a technology that Microsoft had previously introduced in Windows Server operating systems, but had not been used in desktop versions of Windows. PatchGuard is a set of technologies which prevent programs from patching the operating system's kernel, a technique which is often used as a stealth mechanism by malicious software as well as by rootkits."
One of my other IDG peers, Gregg Keizer, noted this morning that Microsoft reported a rise in the malware infection rate for Windows 7 and a drop in the rate for XP, but it is all relative. The malware infection rate on Windows 7 is up 33 percent...from 3 PCs per 1,000 all the way to 4 PCs per 1,000 (it's only 2.5 per 1,000 for 64-bit Windows 7). Windows Vista infection rate is also up about 25 percent to 8 PCs per 1,000. Meanwhile, the XP infection rate dropped 22 percent...from 18 down to 14 PCs per 1,000.
Based on those figures, you are 75 percent more likely to have your system infected by malware if you use Windows XP instead of Windows Vista. The difference is dramatically higher between Windows 7 and Windows XP. So, the NSA guidance to abandon Windows XP in favor of Windows Vista or Windows 7 is perfectly sound advice. It would be silly for the NSA to publish a document aimed at helping mainstream home users secure their PCs and recommend they switch to Linux.
I get it. It's hard to be an avid proponent of an operating system that never seems to get the attention you feel it deserves. But, Linux has been around for more than two decades yet can't seem to break the one percent market share barrier. I think it is unreasonable to expect Linux to be included in mainstream conversation as an equal to Windows or Mac OS X when it has less market share than Java or iOS. It's like someone who loves RC Cola jumping up and down any time a conversation about cola only mentions Coke and Pepsi.
Don't get me wrong. I have respect for the Linux operating system. It is a perfectly capable platform that many users might actually like if they gave it a try--but it's not for everyone. I also have respect for Katherine Noyes. She is a tireless advocate for the Linux OS and for open source solutions, and I think that is commendable. I just wish she wouldn't spend so much time whining that the world is unfair to Linux, or bashing Microsoft just for the sake of bashing Microsoft.