Who is better to fix Vista, Linux, and MacOS patches?

Who is better to fix Vista, Linux, and MacOS patches-general Linux technology-Linux technology and application information. See the following for details. Microsoft Security Technology Department Manager Jeff Jones recently published the latest annual Security Report on Windows Vista. The report compares the market security vulnerability fixes for Vista and Windows XP, Red Hat Enterprise Linux 4, Ubuntu 6.06, and Mac OS X 10.4 over the past year.

Jones adopted a variety of standard comparisons, including limiting applications to ensure relative consistency of test results. For example, both Redhat and Ubuntu use the default OpenOffice installation. During the analysis, Jones did not consider the vulnerabilities in OpenOffice and various problems caused by system tools, such as gimp graphics programs and GCC compilers.

According to Jones's statistics, in the first year of Vista, a total of 36 vulnerabilities were fixed by Microsoft 17 patch packages in 9 times. These Vista patches are usually released along with Microsoft's monthly patches. XP has fixed 65 Security Vulnerabilities over the past year.

The Redhat Enterprise Edition Linux 4 workstation has performed 64 patch fixes in the past year, released 125 patch packages, and fixed 360 vulnerabilities. Ubuntu 6.06 has carried out 65 patch fixes, released 80 patch packages, and fixed 224 vulnerabilities. OS X's 10.4 managers fixed 17 events and fixed 116 security vulnerabilities.

Microsoft and Apple perform fixed schedules during patch release, so there are fewer vulnerability fixes for Vista and OS X. Redhat and Ubuntu fix the vulnerability and issue security patches immediately after detecting the vulnerability. Microsoft and Apple's practices can reduce enterprise management overhead, but they expose users to security risks and detect and fix vulnerabilities immediately. This practice clearly has a great security risk.

From almost the beginning of the report, Jones emphasized the importance of data through two questions: Is it easy to fix a 10 security vulnerability or 100 security vulnerabilities? Another question is, does your security team Update 10 patches per year or 100 patches per year?

Obviously, the first problem is beyond review. The second problem is too one-sided because it ignores the fact that Windows is the most targeted operating system today, there is a huge gap between fixing these security vulnerabilities. Many system administrators prefer to promptly update the security patches after discovering the vulnerabilities.

It is often necessary to restart any version of Windows, but in many cases, the operating system cannot immediately restart to install the patch. In contrast, Unix and Linux systems generally do not experience this extreme practice. For example, I have installed many security patches on Ubuntu Desktop computers and servers, so far I have not restarted the system. When the system runs this high-traffic Apache and MySQL server, restarting is almost unimaginable.

Last week, I performed a complete system upgrade on some Ubuntu Desktop computers. Install 1234 new software packages for the entire upgrade. These upgrades are completed in the background, and the system usage is not interrupted during the installation process. Similar to VISTA's SP1 installation process, it takes about 30 seconds to restart the update. According to my practical experience, Linux upgrades or vulnerability fixes are much more convenient than Windows.

Today, Microsoft still has a long way to go. First, we need to improve its patch management process to make it more transparent and provide corresponding emergency measures. I think that if Microsoft can do this, it will provide a more secure guarantee for the user's system.