Microsoft’s Report Shows Vista More Secure Than XP

November 4th, 2008

Microsoft’s Report Shows Vista More Secure Than XP

Microsoft’s latest security report shows that the number of new vulnerabilities found in its software was lower in first half of the year than the last half of 2007, with the Windows Vista OS proving more resistant to exploits than XP.

Microsoft reported 77 vulnerabilities from January to June compared to 116 for the last six months of 2007, according to the company’s fifth Security Intelligence Report.
Read the latest WhitePaper – A CIO’s Guide to Achieving Information Management Excellence – An HP and Informatica Joint White Paper

The decline is in line with the software industry as a whole, which saw a 19% decrease in vulnerability disclosures compared to the first half of 2007, Microsoft said. However, those vulnerabilities considered highly severe rose 13%. Exploit code was available for about a third of the 77 vulnerabilities; however, reliable exploit code is available for only eight of those 77.

Other data shows that XP is attacked more frequently than Vista. In XP machines, Microsoft’s own software contained 42 percent of the vulnerabilities attacked, while 58 percent were in third party software. For Vista machines, Microsoft’s software had 6% of the vulnerabilities attacked, with third-party software containing 94% of the flaws.

New security technologies such as address space randomization have led to fewer successful attacks against Vista, said Vinny Gullotto, general manager of Microsoft’s malware protection center. The highest number of exploits were released for Windows 2000 and Windows Server 2003 operating systems, Microsoft said.

Hackers appear to be increasingly targeting Internet surfers who speak Chinese. Microsoft found that 47% of browser-based exploits were executed against systems with Chinese set as the system language.

The most popular browser-based exploit is for the MDAC (Microsoft Data Access Components) bug that was patched (MS06-014) by Microsoft in April 2006. Some 12.1 percent of all exploits encountered on the Internet targeted that flaw. The second most encountered exploit is one aimed at a vulnerability in the RealPlayer multimedia software, CVE-2007-5601.

The two most commonly exploited vulnerabilities in Windows Vista concerned ActiveX controls that are commonly installed in China, Microsoft said.

Last month, Microsoft added detection for “Antivirus XP,” one of several questionable programs that warn users their PC is infected with malware, Gullotto said. The program badgers users to buy the software, which is of questionable utility. “Antivirus XP” is also very difficult to remove.

Microsoft fielded some 1,000 calls a month about Antivirus XP on its PC Safety line, where users can call and ask security questions. Since the MSRT started automatically removing the program, calls concerning Antivirus XP dropped by half the first week.

Microsoft’s fifth Security Intelligence Report is available here.

Share this item with others:

More on CyberInsecure:

Fake Microsoft-like Sites Attempt To Install Malware

Research Shows Vista Is Almost As Vulnerable As Its Predecessors

Security Firm Release Critical Vista Remote Vulnlerability Exploit

Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday

Security Research Shows 75 Percent Of US Bank Websites Have Flaws

Posted in Microsoft, Software, Vista, Vulnerabilities |

Print This Post

This entry was posted on Tuesday, November 4th, 2008 at 9:41 pm and is filed under Microsoft, Software, Vista, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Microsoft’s Report Shows Vista More Secure Than XP