Microsoft's average response time to security flaws

I've found an article about Microsoft's responsiveness (MTTR) to security flaws in their products. Here's the point:
"[Washington Post] In cases where Microsoft learned of a flaw in its products through full disclosure, the company has indeed gotten speedier. In 2003, it took an average of 71 days to release a fix for one of these flaws. In 2004 that time frame decreased to 55 days, and in 2005 shrank further to 46 days."

It seems the best MS has to offer (in case a security flaw is made public) is 46 days regarding critical flaws (critical -> Microsoft considers a patch "critical" if it fixes a security hole that attackers could use to break into and take control over vulnerable Windows computers). I'm not a security expert myself, but if my company would allow such a shameful MTTR, we would definitely fall out of business pretty soon. Shock

This report has an important message to the average Window user too: never trust in your PC being secured just because you have every patch installed that MS has ever released for your operating system! At any given time your PC has most probably more than one critical and published vulnerability that has not yet been fixed.

So if you ever heard from a professional that a personal firewall and an anti-virus are the minimal protection required for a PC ... do not doubt on that one. Smile It doesn't even cost you any money since there're lots of free products available in both categories.