Larry Dignan from ZDNet compared the vulnerabilities of Mac OS X with Windows XP and Windows Vista in 2007. The results are devastating for Apple. According to Dignan, Mac OS X had five times more vulnerabilities than Windows (XP+Vista). It is even more surprising that OS X had 234 highly critical vulnerabilities whereas Windows had only 23. So, does this mean that Windows is five times as secure as Mac OS X? I'd say no.

Here are the numbers:

Windows XP, Vista, and Mac OS X vulnerability stats for 2007
 XPVistaXP + VistaMac OS X
Total extremely critical3140
Total highly critical191223234
Total moderately critical2132
Total less critical3147
Total flaws342044243
Average flaws per month2.831.673.6720.25

I am not referring to the fact that Windows had 4 extremely critical flaws and Mac OS X had none in this category. In my opinion such statistics do not say much about security. There were similar statistics about Internet Explorer 6 some time ago. Every week or so, a new serious vulnerability was found. People usually inferred that using IE6 is highly insecure. However, the number of vulnerabilities and their severity are only a couple of the many factors when it comes to security.

If you want to know something about security, you have to calculate the probability of a security breach. Of course, this probability gets higher if there are more vulnerabilities. However, far more important is how many bad guys are out there who are capable and willing to writing an exploit. Another important factor is how many hackers and script kiddies can get their hands on the exploit. And the most important factor is the number of machines where this exploit will actually work. Think of a worm that spreads from one computer to another. The more food this worm finds, the bigger it will get and so will its threat.

Subscribe to 4sysops newsletter!

Thus there is no doubt that Windows is still less secure than Mac OS X. However, there is one thing that this statistics really shows. Microsoft is doing a much better job than Apple regarding security recently. And if you want to know which company is more evil, then you might want to look at this post.

3 Comments
  1. Dave 15 years ago

    The real evil empire? Um…did you notice who his lawyer was in the story?
    http://en.wikipedia.org/wiki/Tony_Clifton

  2. The Open Sourcerer 15 years ago

    If you read Secunia’s website – it would seem that they don’t actually “discover” the vulnerabilities themselves but rely, largely it seems, on manufacturers reporting the bugs to them. Perhaps, as OS X is largely based on Open Source code, it is this transparency that provides the data. Microshaft are not exactly well known for being honest and transparent are they?

    But I agree with your general conclusion about which OS is more or less secure. I don’t agree that Microsoft are getting better – I guess that they just don’t report half of what they know…

    Secondly, as OS X is based on a a “real” multi-user OS (unix/Linux/BSD) there is significantly less chance of a virus/malware/trojan being propagated from one machine to another – hence why so few hackers even bother to try.

    Hope you had a Good Christmas Michael, Happy New Year too 🙂

    Alan

  3. Haha Dave. That’s real funny. I never heard of Tony Clifton. It seems like I am not the only one who took this story seriously.
    http://blogs.ittoolbox.com/security/dmorrill/archives/fake-steve-jobs-smack-down-21393
    http://yro.slashdot.org/article.pl?sid=07/12/22/2039248&from=rss
    Or are these fakes too? But to be honest, I have no doubts that Apple is capable of something like this.

    Alan, do you really believe that Apple is more transparent? Besides, you also have to take into account that the majority of hackers, and also the best among them, concentrate on cracking Windows and not Mac OS. And if they succeed they usually don’t report it to Microsoft. Many of them just want to get famous and so they prefer to publish it within their hacker community or, even worse, somewhere on the Web. Merry Christmas and Happy new year, too.

Leave a reply to The Open Sourcerer Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account