Larry Dignan from ZDNet compared the vulnerabilities of Mac OS X with Windows XP and Windows Vista in 2007. The results are devastating for Apple. According to Dignan, Mac OS X had five times more vulnerabilities than Windows (XP+Vista). It is even more surprising that OS X had 234 highly critical vulnerabilities whereas Windows had only 23. So, does this mean that Windows is five times as secure as Mac OS X? I'd say no.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
Here are the numbers:
| Windows XP, Vista, and Mac OS X vulnerability stats for 2007 | ||||
| XP | Vista | XP + Vista | Mac OS X | |
| Total extremely critical | 3 | 1 | 4 | 0 |
| Total highly critical | 19 | 12 | 23 | 234 |
| Total moderately critical | 2 | 1 | 3 | 2 |
| Total less critical | 3 | 1 | 4 | 7 |
| Total flaws | 34 | 20 | 44 | 243 |
| Average flaws per month | 2.83 | 1.67 | 3.67 | 20.25 |
I am not referring to the fact that Windows had 4 extremely critical flaws and Mac OS X had none in this category. In my opinion such statistics do not say much about security. There were similar statistics about Internet Explorer 6 some time ago. Every week or so, a new serious vulnerability was found. People usually inferred that using IE6 is highly insecure. However, the number of vulnerabilities and their severity are only a couple of the many factors when it comes to security.
If you want to know something about security, you have to calculate the probability of a security breach. Of course, this probability gets higher if there are more vulnerabilities. However, far more important is how many bad guys are out there who are capable and willing to writing an exploit. Another important factor is how many hackers and script kiddies can get their hands on the exploit. And the most important factor is the number of machines where this exploit will actually work. Think of a worm that spreads from one computer to another. The more food this worm finds, the bigger it will get and so will its threat.
Subscribe to 4sysops newsletter!
Thus there is no doubt that Windows is still less secure than Mac OS X. However, there is one thing that this statistics really shows. Microsoft is doing a much better job than Apple regarding security recently. And if you want to know which company is more evil, then you might want to look at this post.
The real evil empire? Um…did you notice who his lawyer was in the story?
http://en.wikipedia.org/wiki/Tony_Clifton
If you read Secunia’s website – it would seem that they don’t actually “discover” the vulnerabilities themselves but rely, largely it seems, on manufacturers reporting the bugs to them. Perhaps, as OS X is largely based on Open Source code, it is this transparency that provides the data. Microshaft are not exactly well known for being honest and transparent are they?
But I agree with your general conclusion about which OS is more or less secure. I don’t agree that Microsoft are getting better – I guess that they just don’t report half of what they know…
Secondly, as OS X is based on a a “real” multi-user OS (unix/Linux/BSD) there is significantly less chance of a virus/malware/trojan being propagated from one machine to another – hence why so few hackers even bother to try.
Hope you had a Good Christmas Michael, Happy New Year too 🙂
Alan
Haha Dave. That’s real funny. I never heard of Tony Clifton. It seems like I am not the only one who took this story seriously.
http://blogs.ittoolbox.com/security/dmorrill/archives/fake-steve-jobs-smack-down-21393
http://yro.slashdot.org/article.pl?sid=07/12/22/2039248&from=rss
Or are these fakes too? But to be honest, I have no doubts that Apple is capable of something like this.
Alan, do you really believe that Apple is more transparent? Besides, you also have to take into account that the majority of hackers, and also the best among them, concentrate on cracking Windows and not Mac OS. And if they succeed they usually don’t report it to Microsoft. Many of them just want to get famous and so they prefer to publish it within their hacker community or, even worse, somewhere on the Web. Merry Christmas and Happy new year, too.