Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007

[mhbas0001]

The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side. This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months. The more monthly flaws there are in the historical trend, the more likely it is that someone will find a hole to exploit in the future. For example back in April of this year, hackers took over a fully patched Macbook and won $10,000 plus the Macbook they hacked.

 

I used vulnerability statistics from an impartial third party vendor Secunia and I broke them down by Windows XP flaws, Vista flaws, and Mac OS X flaws. Since Secunia doesn't offer individual numbers for Mac OS X 10.5 and 10.4, I merged the XP and Vista vulnerabilities so that we can compare Vista + XP flaws to Mac OS X. In case you're wondering how 19 plus 12 could equal 23, this is because there are many overlapping flaws that is shared between XP and Vista so those don't get counted twice just as I don't count something that affects Mac OS X 10.4 and 10.5 twice.

 

Windows XP, Vista, and Mac OS X vulnerability stats for 2007:

 

Click to see table.

 

So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious. Clearly this goes against conventional wisdom because the numbers show just the opposite and it isn't even close.

 

Also noteworthy is that while Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren't present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and it's something I am glad I don't use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.

 

ZDNet.com

[sarahbau]

If you're quoting an article, you should note this rather than making it look like your post is the original content.

 

Secunia, where the data was collected, says that comparing numbers of flaws shouldn't be a way of comparing how secure operating systems are:

PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another.

[mhbas0001]

I did place a citation linking the article to the original site. The reason I didn't put the article in the quotation box was because the original table was scattered, but I finally gave up and linked that as well.

 

I should also point out, I never suggested that Mac OS X was less secure than Windows. It's just an article about the number of vulnerabilities detected over the last year. The fact that Mac OS had more vulnerabilities on average than both Windows XP and Windows Vista combined says a lot about the quality of Apple's programming.

 

At the very least, both Apple and Microsoft need to improve their game.

[d10sfan]

Although apple release patches for much of their bugs in a couple weeks while we have yet to see vista sp1.

[Numberzz]

Yeah, it's definitely not because Vista is over a year old and that Leopard is about a month old. Let's forget that. In fact, let's forget this next graph.

[Colonel]

Yeah, yeah, yeah... and we all know Vista is the flawless god among computing...

 

No, my friend. This is the real Vista.

 

[mhbas0001]

Yeah, it's definitely not because Vista is over a year old and that Leopard is about a month old. Let's forget that. In fact, let's forget this next graph.

 

The figures cover both Tiger and Leopard, as well as Vista and XP. Besides, the older an operating system is, the more likely it is that flaws will be discovered.

 

Yeah, yeah, yeah... and we all know Vista is the flawless god among computing...

 

I don't recall anybody ever making that claim. God, you Mac zealots get so defensive.

[Synaesthesia]

No doubt about it, Windows Vista has good security features. (about time too!) This doesn't make me sore, I mean, good for them! Better security is better for everyone.

 

However, Mac OS X is still a secure and good OS. Good enough for me!

 

Although apple release patches for much of their bugs in a couple weeks while we have yet to see vista sp1.

Actually, if you use windows update, you will see that there are a lot of fixes released all the time by Microsoft. For XP and Vista.

[redult]

I wonder if such a statement is significant.... I mean, is it really possible to compare two different operating systems, two different technologies... as 10.4 and 10.5 run both on PPC and x86 processors. Is it not like having 2 operating systems at one time?

 

I think, if there is a higher functional range... there is also a higher error rate. Correct me if I am wrong.

[robotskip]

I wonder if such a statement is significant.... I mean, is it really possible to compare two different operating systems, two different technologies... as 10.4 and 10.5 run both on PPC and x86 processors. Is it not like having 2 operating systems at one time?

No, that doesn't mean it's 2 OS at one time, and think of the multitude of hardware that Windows, Linux, *BSD, etc all run on -- way more than Mac OS.

[Forceman]

This is nonsense, the stats are false because a mix of third party software, OS X server, Apache, PHP, mysql, bind, squirrelmail, duplicates. They even added the flash one to OS X and not Windows and forgot to publish it.

 

Apple is not even in some of them with the links. It's a very bad attempt at attacking OS X because if your going to do it, do it right.

[apowerr]

This is nonsense, the stats are false because a mix of third party software, OS X server, Apache, PHP, mysql, bind, squirrelmail, duplicates. They even added the flash one to OS X and not Windows and forgot to publish it.

So? The Windows side has issues that were cause by 3rd party software as well, that's just how this study works. OS X is still more secure than Windows obviously, however these are issues that need to be fixed. If anything you should be happy that this story was published, because it will only lead to a more secure and stable OS X.

It's a very bad attempt at attacking OS X because if your going to do it, do it right.

Oh yes. A study about the security flaws in OS X is an attack

[Forceman]

You dont count third part software flaws as OS flaws and alot of people dont even use those services

[apowerr]

You dont count third part software flaws as OS flaws and alot of people dont even use those services

Alright, take out the issues caused from third parties. There are still security flaws. Maybe OS X doesn't have 5X more than Windows but it still has them. You should be praising this article! Hopefully we'll be seeing fixes in 10.5.3!

[Forceman]

Praising a deceiving article, I dont think so. If we are going to count third party software flaws(assuming they are even being used) then we may as well count driver crashes as OS crashes and gamma partials hitting the CPU and making your computer crash as OS crashes.

[bwhsh8r]

Alright, take out the issues caused from third parties. There are still security flaws. Maybe OS X doesn't have 5X more than Windows but it still has them. You should be praising this article! Hopefully we'll be seeing fixes in 10.5.3!

 

 

very good point, it would be nice to see less, but at the same time just as long as they get fixed in a timely manner.

 

i just think this should put the people who are always bashing windows security into check *at least a little bit*

 

coughcoughapplefanboys.......

 

 

of course windows will have more viri still, as its a much larger target.

[littledragon]

of course windows will have more viri still, as its a much larger target.

 

 

I've always wondered, is Mac OS really more secure or is it because the market share is small enough that hackers don't bother trying? Maybe it's not as secure as people think it is. Perhaps if Mac OS was dominant operating system, hackers would find just as many holes as Windows.

[bwhsh8r]

I've always wondered, is Mac OS really more secure or is it because the market share is small enough that hackers don't bother trying? Maybe it's not as secure as people think it is. Perhaps if Mac OS was dominant operating system, hackers would find just as many holes as Windows.

 

 

thats what i believe.... but youll probably get flamed for that post sadly.

 

but yeah, probably as far as im concerned.

[Megamixman]

I'd say it's a combination of the fact that Mac has a smaller base, it inherits many security features from Unix and adopts those that the Linux/BSD community often tests , and they have a small hardware base.

The first is probably the most obvious one. Fewer people, means theres fewer reasons a hacker is going to attack that base. Why spend the time and effort to attack a small base, when the same effort could yield far greater rewards? It is just general human greed.

 

The second is less obvious, but it's not as if they are going out of their way in any way. Mac OS is a BSD Variant, so it only makes sense that they would use the work of the open source community to their advantage. This is one thing that apple has done differently from MS. It's not that MS doesn't use findings from open source, but rather Apple has always relied a lot more on the open source community to break grounds, where as a much bigger portion of MS'es developments have always for obvious reasons been in house research. This is probably a huge reason as to why Apple is gaining so much area in the consumer sector at such a pace. I wouldn't be surprised if in a few years Apple dominated the consumer OS area and MS was the business OS of choice.

 

The third point is also something that's pretty obvious. Apple tells the consumer that they can only buy apple approved hardware. Ok, so they know exactly what they're OS is going to run on, big deal. In fact it is. Although Linux does a wonderfull job of supporting lots of hardware, its not exactly easy, nor is it the most efficient method. There are lots of little optimizations and fixes that can be done when you know what the hardware is going to be. This is starkly in contrast with MS which has to build software that will for the most part run on everything, including your toaster. That level of generality is a huge disadvantage that MS deals with and Apple will have to if they ever become an OS company first and a hardware company second.

[redult]

I've always wondered, is Mac OS really more secure or is it because the market share is small enough that hackers don't bother trying? Maybe it's not as secure as people think it is. Perhaps if Mac OS was dominant operating system, hackers would find just as many holes as Windows.

 

That's probably a possibility, but isn't it easier or more common to hack a system that is easier to crack? So Microsoft Windows has two properties that make it interessting for such attacks... it's the market leader and maybe easier to take over...

 

I read once at "osx.realmacmark.de" that most people think, that the reason why OSX lags of Viri is because it's not so wide spread like windows.

But therefore he gave an example. Apache Webserver is more often used than Microsoft ISS, but ISS suffers more flaws than Apache does.

 

It's logical to me, to attack a system that is not secure, it sounds realistic to attack a system that is probably unsecure and wide spread.

[CLiDE FTW!!1]

God, you Mac zealots get so defensive.

LMFAO... Mac Zealots are the worst.

 

I think the point that is trying to be driven home here is that ANY OS is vulnerable, and if someone really wanted to fudge up or steal your shit, they'll do it.

[elviejo]

Statistics can be used in a lot of ways and everybody know that, the real measure of a security system is in how many wild exploits it have; also the premise of the smaller market share make you more secure is a fallacy, the "Holy Grail" for a hacker will be to make an effective virus for Mac OS X, something nobody as been able to do.

[Headrush69]

I think the point that is trying to be driven home here is that ANY OS is vulnerable, and if someone really wanted to fudge up or steal your shit, they'll do it.

Agree.

 

But the OS X doesn't get viruses because of it's small market share argument does get old.

Since UNIX and Linux power a majority of the Internet servers, why aren't they hit the same. (It would have a more dramatic effect.)

Pretty sure Mac OS 7.x - 9.x had a small market share and a fair number of viruses, so its just simply not market share.

 

Like SEEANN JEEANN QAZUP BUDEE said, no OS is perfect but some are better than others and habits perpetuated by some OSes lead to more virus enabling habits by their users.

(Downloading and installing ActiveX components in IE for example.)

[A Nonny Moose]

How do they define the severity of threats?