Jump to content
Sign in to follow this  
alexsantos

Vulnerability statistics for Mac and Windows

Recommended Posts

I don't know what to make of the chart…you can read it here http://blogs.zdnet.com/Ou/index.php?p=165&tag=nl.e589 but it is very disheartening and I somehow either want to deny this but like a good patient want to know why these are the facts, if they are indeed accurate at all.

 

When you read the chart pay close attention to the dates, for example on Feb 06 Apple OSX had 1 Extreme vulnerability and Microsoft Windows XP had none.

 

The chart (you can see it by visiting the link I provided above) was put together by Secunia.

 

Well according to the chart and Secunia Apple has the worst track record with the most 'worst security of the month'

 

Here is an excerpt from the article:

"…Apple has a lot more vulnerabilities of every kind ranging from moderately critical to extremely critical. While Windows had some months with more security disclosures, they are more spread out while Apple tends to release mega-advisories with dozens of vulnerabilities at a time."

 

hmm…

Share this post


Link to post
Share on other sites

The raw numbers do not show how secure an OS is. No analysis has been done. This guy hasn't taken account of bundles or time to patch. Apache, MySQL and SquirrelMail, for example, are not enabled by default in Mac OS X. The only unpatched vulnerability in Mac OS X is the Meta data shell script execution flaw (which has actually been fixed by Security Update 2006-001). Windows XP has three unpatched vulnerabilities. One of them is (if I interpret the statistics correctly) unpatched for more than 2 years.

Those are just examples that you cannot judge the security of one of those OSs withoust further analysis.

 

~milan

Share this post


Link to post
Share on other sites

You're right. Overall, OSX is much more robust on the security end then Windows has ever been. Let the sheer number of viruses speak for themselves.

 

I'll bet anyone that the virus writers are just itching to successfully penetrate OSX's security. I don't totally buy into the idea that the Mac user base is too small. There are still millions of us and the notoriety of OSX being virus free is plenty appealing.

 

From Apple's perspective this would be very bad news indeed. We as users are blessed with a virus free platform and Apple can truly advertise it. You don't see them making huge announcements concerning this small but big fact for good reason. They want to keep notoriety down a bit. Let the Apple stores promote this by word of mouth but don't campaign it. Definitely not in this day of proofs of concept.

 

I was glad to see Apple quickly respond with a security update. I'm assuming it's a response to those proofs of concept.

 

For what it's worth, I took Adam's advice and am now running as a standard user, not admin. I can see no difference from running my system this way and feel that much more secure.

 

Macs Rule!

Share this post


Link to post
Share on other sites

I guess it depends. To measure the two systems, we should get same thing

 

#1) enable firewall on mac os x & enable firewall on windows xp sp2

#2) strong password

#3) not run in admin mode for your day to day work

#4) wont install uncleared applications

#5) never open unused port

#6) turn on auto-update and make it daily

 

Most of things are done by default on mac os x.

Most of things are goofy undone by default on windows, and users have no idea about security, that's why msft released xpsp2 with firewall, and less vulnerabilities on windows 2003, they turn off lots of things and make strong password policy.

 

So I would appreciate if someone can give a longer security checklist for all users to have it on hand.

Share this post


Link to post
Share on other sites

Yeah, you're right. I think there is no OS you cannot screw up. It's just that Windows is much easier screwed up than Mac OS X. In other words, for an average user it is easier to secure OS X than XP.

 

~milan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing

    No registered users viewing this page.

  • Who's Online (See full list)

    There are no registered users currently online

×