OSNews

No I'm not! I haven't in one single point claimed any such thing. I have compared my entire Gentoo system with Microsofts monthly security releases. E.g. I'm counting everything in my GNU/Linux system, incl. proprietary software like Flash and Skype.

Let me repeat: I have not at any time EVER claimed that the comparison is unfair because "Linux is only a kernel". I have all the time made it VERY CLEAR, that I'm comparing Windows with my entire GNU/Linux system (fully fledged Workstation system). At least post the link to the post where I claim such a thing. You cannot do that because I did not claim such a thing!



Microsofts security policy in regard to patch releases is unchanged in regard to Vista. Correct, the desktop security model (UAC) is different, but I was obviously not talking about that. We were ONLY discussing Microsofts policy about patch releases - and nothing else. We were not discussing su, sudo or UAC in this regard. UAC is completely irrelevant in regard to Microsofts policy of monthly security updates. Besides that the vulnerabilities are mostly related to XP and Windows 2003 Server so Vista is irrelevant. And I have already stated several times that Vista is different from the others and do not suffer from the weaknesses of its predecessors.



Again. Vista is irrelevant here. I have already in my earlier post exempted Vista from the discussion since the vulnerabilities are mostly targeting XP and Windows 2003 Server. In regard to Vista, Vista has already seen as many security fixes since February 2007 as my entire Gentoo system has seen since October 2006. But it should definitely be noted that the vulnerabilities for Vista has been much fewer and much less critical compared with its predecessors. That's true and I'm happy to see that.



Completely irrelevant! If the user is dumb enough not to install security fixes then only the user can be blaimed. Microsoft cannot be blamed for users not installing security fixes. The important issue here is whether or not the fixes are found in due time. This happens for GNU/Linux and *BSD but definitely not for Microsoft Windows. Especially the old code base in Windows is extremely vulnerable (while the newer code is of much better quality) but people already concluded that when the codebase for Win2K and NT was leaked.



Irrelevant! And not true in regard to Windows exploits being "better promoted". The problem is the sheer number of these zero-day exploits. I have yet to see one for any package on my gentoo system. Again, Vista can be exempted from this. Vista is in regard to security classes better than its predecessors

It is the number of flaws, the nature of the flaws, the critical level of the flaws and the insufficient patch release security policy of Microsoft that is the reason for Microsoft being "flamed". Microsoft doesn't fix anything until the attacks _have_ happened.



Woot? Are you insane? How can you possible come to the conclusion that fixing a possible vulnerability contains ZERO customer value? Do you really want your customers to lose billions of US$ before you fix anything? According to that logic Windows has no customer value. I don't think that's what you intended to write. But that's what you wrote.

Fixing possible vulnerabilities BEFORE they can be exploited containts A LOT of customer value. But it does take resources and Microsoft cannot deliver profit if it wants to be pro-active. Microsoft not releasing anything until the damaged HAS happened is a DELIBERATE choice from Microsoft. Microsoft only care about its profit and not about its customer. EOF