Symantec has just published their new Internet Security Threat Report. They compared Microsoft, Red Hat, Apple, HP and Sun. And guess what? Microsoft got the best grades! You know, there are many comparable studies and they all find different things depending on who financed them. But this one is interesting.
For one, Symantec is one of Microsoft’s competitors, so you wouldn’t expect them to court the Redmond guys. Secondly, Symantec is a company selling mostly security-related products for Windows. It is simply not in their interest to proclaim that Windows is a secure operating system. Why do you think are they so nervous about Vista?
This study, however, is not about Vista since it used data from the second half of 2006. Symantec’s researchers found that Windows had less vulnerabilities and was patched the fastest among the competing operating systems. The average patch development time of the 39 Windows vulnerabilities was 21 days. Second was Red Hat Linux with an average of 58 days for a sample set of 208 vulnerabilities. The third place goes to Apple with 66 days for a sample set of 43 vulnerabilities. It is interesting to note that the average patch development time was increased for all software vendors. Please, check page 40 in this PDF for further information.
Of course, you’ll find lots of refutations in the coming weeks about this study. (internetnews.com has already some of them.) One weak point certainly is that the Windows vulnerabilities were often more severe. The other question is can such data be used at all to decide which operating is more secure? It is a matter of fact that there is much more malware for Windows than for any other OS, for example. When it comes to security, the only interesting figure is, how often organization registered security breaks for the different operating systems.
Nevertheless, the Symantec data is interesting since it is another proof that Microsoft is making progress with respect to security. I’m already curious about the next study that will include Vista. Do you remember the times before Windows NT? All IT professionals made jokes about the stability of Microsoft’s operating systems. These critics are either quite now or started to bash MS because of security. What’s next? Microsoft’s Internet execution sucks?