CRN review: Vista is no more secure than XP?

Posted Thursday, May 31, 2007 2:37 PM by hwaldron

Thanking Rod for sharing this link, as the MyIT Forums newsletter is one of my "must reads" each day 

First of all, good security ain't solely about operating systems themselves     It's more about the process itself.  You can implement either OS poorly, not keep them updated, etc.  You also need more than just the OS alone to be properly protected from the dangers of the Internet. 

However, if the right protective processes and best practices are followed, both versions of Windows as are fairly secure.  If good security management principles aren't followed, neither operating system will ultimately protect the system from "click happy" users.   

With that prelude, I disagree the theme of the article, as Vista clearly has some advantages (e.g., improved kernel protection, improved code base, UAC warning system, etc).    In fact, in the charts it was rated as providing better spyware/adware protection (which is probally the most frequent hidden exposure folks encounter)

Yes, Vista security could have been tweeked a little better (e.g., in my opinion a better bi-direction Firewall).  Still, on paper see security is at least slightly better than XP and thus I respectfully disagree particularly with the "Bottom Line" proposed in the article.    

Review: Vista, XP Users Equally At Peril To Viruses, Exploits

QUOTE: After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP. One of Microsoft's big promises with Vista was a more secure operating system. But when stripped to the bare bones and thrown into the wild, wild Web, Vista's security failed to impress Test Center engineers.

THE BOTTOM LINE -- Based on the Test Center's findings, businesses that migrate their Windows PCs from XP to Vista will get a slightly more secure OS. But as the Finjan reports showed, Vista's security remains wafer thin. 
In the end, both the Vista and the XP test notebooks were almost equally damaged by viruses, trojans and other malware. And because most of the Web sites in the test were able to exploit Vista's weaknesses, Internet users are just about equally vulnerable with both OSes.

VARs can still cite improved security as a selling point for Vista upgrades. Yet to avoid giving customers a false sense of safety, solution providers should stress that third-party security suites also will be needed to provide systems with ample protection.


No Comments