Vista is more secure than Mac

Here's my prediction: a few years from now, people will still complain about Microsoft software but they won't complain about security problems.  Every single man, woman, and child in a Microsoft engineering group is forced to attend SDL (Security Development Lifecycle) training regularly.  We can't ship anything at all, not even a free downloadable sample, without going through a rigorous SDL review. It's very time-consuming, and even annoying to some of us who'd rather ship more frequently.  And guess what? We find a lot of potential holes, sometimes completely non-obvious ones, and many more than we'd find if we were just trying to get something out the door. On security, that doesn't make us perfect, but it's hard for me to imagine that other software companies would regularly trade off schedule or features in favor of security the way we do.  So it's no surprise when I read Dino Dai Zovi, the New York-based security researcher who has compared the two OSes, say this in MacWorld:

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Like I said, in a few years people will still lose laptops and let strangers steal their passwords, but the employment picture for code exploit hackers on Microsoft software will be pretty grim.

Published 01 May 07 05:59 by sprague

Comments

# Juan Carlos de Burbon said on May 1, 2007 10:24 AM:

"...but it's hard for me to imagine that other software companies would regularly trade off schedule or features in favor of security the way we do."

This only occurred because it put the profitability of the firm in jeopardy.  It wasn't done "to do the right thing".

If security isn't affecting the profitability of other firms, they will not put security at the forefront.  Microsoft's lack of security potentially made Apple profitable, and Apple copiously exploited this in their marketing.

Although security is one of the largest flaws in any Microsoft product, the firm is now on the defensive and will spend resources not on innovation and "doing the right thing", but rather they will spend time marketing around the inherent flaws of their software until it jeopardizes the profitability of the firm.  When it does, they will actually take action to remedy the situation.

# tony said on May 1, 2007 10:27 AM:

Even if that were true, the way in which it has been implemented is so annoying to the user, many people will turn off the security features just to get some work done. Either that, or migrate to the Mac.

: )

# John@jett.net said on May 1, 2007 10:32 AM:

I think that is pretty poor science.

Vista has been out for a few months. OsX for years. The article is one of the silliest things i have read in MacWorld.

Let's get a bit of a track record BEFORE we party.

# Virgus Fourver said on May 1, 2007 10:35 AM:

So all of a sudden this Dino Dai Zovi comes along with this pronouncement, and we're all supposed to forget the real world evidence seen everyday of just how insecure Windows is? Let's try this. Take the third party spyware, virus and trojan software off of a PC running Vista, use it connected to the internet for a week or so, and tell me how well it's doing.

# tom B said on May 1, 2007 11:13 AM:

Be serious. If you REALLY believe Vista is even in the same ballpark, securitywise as OS X, you need to adjust your meds. Maybe you are unaware that MSFT plants people to say stuff like this. This is a matter of public record-- during the DoJ antitrust hearings, they were paying people to talk about how great MSFT was and how the Govt. should "lay off". If an exploit was indeed achieved, most likely it was under highly artificial conditions that would not come up in real life.

# pgb0517 said on May 1, 2007 11:25 AM:

Confirmed: Microsoft has children working in software engineering. ;-)

Seriously, Vista security is good news for Apple, and vice versa. Competition is the only thing keeping these two giants from being lethargic.

# XSpurt said on May 1, 2007 11:30 AM:

It is *May* the first.  April Fool's Day was a month ago.

# yuvipanda said on May 1, 2007 11:49 AM:

>>Here's my prediction: a few years from now, people will still complain about Microsoft software but they won't complain about security problems.

True! I guess they'll be complaining about, uhm, someone running through a cubicle farm shouting "File -> Exit -> Yes", with Speech Recognition on :D

P.S. Speech Recognition in Vista Rocks. Thanks!

# that one guy said on May 1, 2007 11:56 AM:

If you believe this, I have a bridge to sell you real cheap! What about the whole animated cursor incident? That whole hack a mac contest was a farce. The original rules were to put a mac on a public IP and see if anyone could take it over. They could not. So then they changed the rules and allowed someone to come over and send the computer to a malicious web site. Gratned, the flaw is a flaw, and it is not good, but to equate that incident with Vista. Wait a year, and then we can see what is really the truth.

# DBL said on May 1, 2007 12:15 PM:

When you say that Vista is more secure than the Mac, you may be techically right in some particular way of looking at it (I don't actually know -- and you know what probably neither do you), but it is so far away from real world experience that it makes you sound like an idiot, in the same way that saying goldfish live longer than humans makes you sound like an idiot. You might be right in some goldfish-years way of looking at it, but you are so clearly wrong in the way that really matters in the day-to-day, that one has to wonder exactly what world you are living in.

Maybe your Goldfish Vista is the most beautiful tightly written goldfish the world has ever seen, but the plain fact of the matter is that in the real world, goldfish, like Windows systems, die faster than any other animal. So I'm afraid that you will never get credit for this no matter what you say. The only thing that matters is what happens "in the wild". And if you think that "in a few years" Windows will survive better in the wild than any other system, then what you are saying flies in the face of what accords with everybody's actual experience, including past attempts at greater security in Windows releases that made exactly no difference at all.

In other words, bulls__t walks.

# Honest Ed said on May 1, 2007 12:39 PM:

Every half-wit has been making this 'prediction' for years, yet each year malware rises exponentially along with it's platform's zealots level of denial. Windows is nearly the exclusive domain of Windows with a bit touching Linux and ZERO touching the Mac.

OS-X after six years of these predictions has foreclosed many vulnerabilities as with any software but remains several hundred trillion times more secure than Windows. If Windows ever had ZERO in the wild malware infections for six years straight, it will be as secure as OS-X is today. With what could have been saved in malware reparations for Windows infection over the past six years these people could have bought a hundred million iMacs and never had a single infection. Windows will NEVER be secure because the code base is a steaming pile of shit. If Windows was based on an ultra-secure UNIX like BSD then it may have a chance as long as no Microsoft codder ever touched it.

It's well known that one Apple OS codder can produce FOUR times the final product in the same time and clearly it's infinitely more secure code. While Windows is hated by all but the zealots Mac is love by all but these same zealots. Clearly your a mindless zealot and your noise is just your frustration with the continued failure of your infestation called Windoze and the massive amounts of cool-aide you must continue to consume in order to maintain your delusion.

# jon said on May 1, 2007 1:02 PM:

lets see,  so far Vista has had the IE7 exploit,  the Mail exploit,  the cursor exploit....etc... etc...

ya... right,  Vista more secure than OSX....  whatever.

http://www.theeagle.com/stories/040507/local_20070405039.php

last time i checked there wasn't a single OSX virus in the wild....

http://www.eweek.com/article2/0,1895,2073611,00.asp

http://www.betanews.com/article/

# Langford said on May 1, 2007 1:06 PM:

How can an operating system that has absolutely no viruses or spyware be less secure than one that has thousands?

# John Koetsier said on May 1, 2007 1:55 PM:

More secure than Mac or not, the fact is that everyone will benefit when Windows becomes more secure. Making it harder to operate zombie farms will make life on the internet (and in the in-box) much more enjoyable.

# art said on May 1, 2007 3:51 PM:

Sounds like wishful thinking to me.

OSX is built on an inherently more secure platform, meaning the underlying design philosophies.

Vista's foundation still seems like an amalgamation of various ideas being held together by a patchwork of plugged holes.

# Jeff (Switched 10/2004) said on May 1, 2007 4:07 PM:

A few years from now fewer people will be complaining about Microsoft software in general - because they won't be using it (at home).

# Richard said on May 1, 2007 4:55 PM:

I challenge you to revisit this issue in a year — Windows will not be more secure than OS X, which is a mature platform. Within twelve months hackers will cheese grate Windows while OS X continues to provide the best, and most secure, computing environment.

# etype.series said on May 2, 2007 12:58 AM:

somehow, this undisclosed 'takeover' at a hinkey contest put on by a security firm (no vested interests there obviously.....)....(not)....during a primarily windows security conference begging to pay $10.000 and a free macbook for any, any good chunk of FUD that  they can spin till the cows come home, smells like the usual Microsoft bllsht.

This article which redlines this 'undisclosed' event to a 7000 rpm  whine where we are to believe Vista has fewer vunderabilities than OS X Tiger, despite being effected by this same bug, and over 40 major and 100's minor security holes since release.

Yah right.

# Bevis said on May 2, 2007 1:58 AM:

Why doesnt this work on Macs ?

http://www.informationweek.com/news/showArticle.jhtml;jsessionid=M3GG2VUPLPL0GQSNDLRSKH0CJUNN2JVN?articleID=199202917

# Butt Head said on May 2, 2007 2:07 AM:

I suppose you can argue with some justification that Apple’s Mac versus PC ads convey a misleading impression about the lack of Mac viruses. I can understand the lack of precision in Apple’s claims, but it’s still true that there have been, so far at least, no Mac OS X viruses in the wild. The few instances reported so far have been largely proofs-of-concept, except for one that had little or no impact. None of the security leaks plugged by Apple have been exploited. This doesn’t make Macs immune from harm, but they are surely much, much safer than Windows.

One more point: Consumer Reports reported a year or so ago that over $9 billion had been lost because of computer virus infections. What they didn’t say is the fact that every single dollar was the result of a Windows virus. Then again, someone inside the Consumer Reports organization once told me that their editors were heavily biased towards Windows, even though they work on Macs. Oh well.

So much for headline writers and Consumer Reports magazine, at least for now.

# Some Guy said on May 2, 2007 8:26 AM:

Ok, so you're doing a code review for any new code you check in.  That's peachy, but what about the piles of existing code, not to mention the fundamental design errors that go back to NT?  Is that getting a top to bottom review, too?

Sorry, but when a Microsoftie says "this time for sure" about security, I have to be skeptical:  we've heard the same thing about every version of Windows for at least fifteen years now.

# sprague said on May 3, 2007 12:05 AM:

Thanks to everyone for your comments.  To answer a few of the common questions, yes we are forced to do code reviews for existing code too -- and that's my point.  Is there any other software company out there that forces its developers to endure this level of security bureacracy?  

Macs appear to have fewer security incidents but only because there are soooo fewer of them.  If you power only 5% of the world's computers, it would be terrible if you account for more than 5% of all security incidents -- but that's what I predict will happen to Mac in a year or two once Vista gains more adoption.  Macs will have more than their market share's worth of incidents.  Arguably that's already true if you don't count incidents of user error (like stolen passwords or bad admin policies).

# etype.series said on May 4, 2007 6:30 PM:

ok...i see, ....this is a prediction that Macs will have lots of virus's in a years time. So a year from now this article won't be classified as the usual FUD bull we have come to expect  from the usual shills.

# John C. Randolph said on May 11, 2007 12:11 PM:

Art,

I don't think the term "wishful thinking" is really appropriate here.  The term I would use is "baldfaced lie".

-jcr

New Comments to this post are disabled

Search

This Blog

Subscribe with Bloglines

Add to Google

Add to My Yahoo!

Twitter Updates

    follow me on Twitter

    Syndication

    Page view tracker