Posted by: kurtsh | December 4, 2007

INFO: My unofficial Windows Vista patch count as of December 2007

I got into a discussion with a VP that I know at one of my customers today.  The discussion came up around the "number of patches" on Windows Vista. 

Now, this is something I’ve been tracking informally on my own for a while so I was quite comfortable and proud to casually mention that there have been relatively few security patches on Windows Vista over the span of the year that it’s been available. The VP said:

"Yeah whatever. <smirk> I look at Windows Updates and I see a million patches in there."

This obviously irked me.  I immediately shot back that most of those entries were Windows Defender updates and the remaining were an amalgam of Outlook 2007 Junk Mail Filter updates, Windows Mail Junk Mail Filter updates, and some other non-critical odds and ends… but it didn’t help.  He didn’t seem to believe me.  Nor did I think he’d ever actually check.

THE HARD COUNT OF SECURITY PATCHES ON MY WINDOWS VISTA LAPTOP
So it’s 1:30AM and I decided to hard count the security patches on my own machine and here are the results:

  • # of total updates pushed to my machine:  143
  • # of Windows Defender Definition Updates:  65
  • # of Windows Vista regular/non-security related updates:  19
    (Reliability, compatibility, & performance updates)
  • # of Windows Vista security-related/important updates:  13
    (Includes patches to Internet Explorer, Windows Media Player, and the XML services)
  • # of Office 2007 related patches/fixes:  13
  • # of Junk Mail Filter Updates: 8
  • # of Windows Update software updates:  4
  • # of Windows Malicious Software Removal tool updates:  4

So Windows Vista needed ONE SECURITY PATCH each month on average.  And it should be noted that many of these vulnerabilities, while necessary to patch, are actually protected by the CPU’s NX/No-Execute feature protecting data in memory for buffer overflows preventing hackers from taking advantage of them if you have a Core2-class processor.  Or many of these vulnerabilities have an attack vector that is shielded implicitly by the operating system’s firewall.

And while it’s still not ZERO which is what we would have liked it to have been however it beats the hell out of Windows XP and Windows 2000, where every month there’s another batch of patches.

Posted in Uncategorized

«
»

Categories