Robert Jaques, 7/11/05

vnunet.com

Microsoft has claimed that open source database products and servers such as Linux have had a "significantly greater number and severity of vulnerabilities compared with Windows Server 2003 and SQL Server 2000".

Speaking at the Redmond giant's October 2003 Partner Conference, Mike Nash, corporate vice president of the Security Business and Technology Unit at Microsoft, attempted to justify the controversial claim by citing a report, Role Comparison Security Report: Database Server Role.

The report was commissioned by Microsoft from Security Innovation and was published on 6 June 2005.

"Customers should evaluate the disciplined development process that comes with Microsoft products against open source, which has no similar process," said Nash.

"That, coupled with our clearly defined commitment to managing security issues, is a compelling differentiator for Microsoft against other platforms on security."

In addition Windows XP customers without Service Pack 2 (SP2) are up to 15 times more likely to fall victim to viruses, the software giant has warned.

Nash claimed "measurable improvements" in the security of Windows XP SP2 over older versions of the operating system.

Windows XP SP2 has one-half the number of critical vulnerabilities compared with XP, XP SP1 and Windows 2000 Professional in the first nine months since XP SP2's release in August 2004, according to data presented by Nash.

In addition, customers using XP SP2 are 13 to 15 times less likely to be infected by some of the most prevalent malicious software relative to customers using earlier versions of XP, according to internal Microsoft analysis.

To date, Microsoft has distributed more than 218 million copies of the service pack. The firm said it has also distributed two million copies of Windows Server 2003 Service Pack 1, which offers similar security improvements, since its release in March 2005.

Nash explained that Microsoft has implemented a rigorous process known as the Security Development Lifecycle to train employees on the development of more secure code, and to test and review products for security quality. Permalink to this story

[an error occurred while processing this directive]