Apple Mac less secure than Windows in 2007?

By Tom Espiner, ZDNet UK

20 December 2007 08:24 AM

Tags: apple, leopard, mac, os x, tiger, vista, windows, xp

During 2007, Apple has patched more than ten times the number of critical vulnerabilities in Mac OS X compared to the number patched in Microsoft Windows.

George Ou, a writer for ZDNet Australia sister site ZDNet.com, analysed in-depth statistics from security research company Secunia as a basis for his research. He found that Apple's latest operating system, Mac OS X, faced more critical flaws than Windows XP and Vista combined.

While Mac OS X had 234 highly critical vulnerabilities reported in 2007, Vista and XP combined had 23, Ou wrote.

"This shows that Apple had more than five times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious," wrote Ou. "Clearly this goes against conventional wisdom."

Macs have traditionally been viewed as suffering from fewer vulnerabilities than Windows.

Ou made the comparison as an indicator of how many vulnerabilities might exist in 2008, rather than a comparison of the relative security of the operating systems. He said that security had improved with both Windows Vista and Mac OS X Leopard (version 10.5) this year.

Some experts have said that counting vulnerabilities is not necessarily reliable as a measure of security.

Tristan Nitot, president of Mozilla Europe, told ZDNet.co.uk this month that it was more important to take into account the time it takes to patch vulnerabilities.

The amount of exploit code available in the wild also has an impact on security. While there are thousands of pieces of code that seek to exploit Windows XP vulnerabilities, exploit code for Mac OS X is relatively rare.

Talkback (24)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 24 comments

Add your opinion

Mac users are their own worst enemy Dean -- 20/12/07

The problem is that once malware does start to surface does the Mac, and I believe it will, Mac users believe they are totally invulnerable and do all sorts of things that a typical Windows user wouldn't even think about. Opening emails from unknown people, running unknown files, etc. It'll take a while to train Mac users to be as diligent as Windows users.

Someone in the other article you linked to also commented on the fact that Linux/Unix doesn't see as many viruses/trojans as Windows, even though the Linux/Unix market share is greater than the Mac. The reason, I believe, is because the Unix community is generally much more computer-savvy than the Windows market. And Unix users know all about "best practices" and that sort of thing.

Anyway, I don't think the threat to the Mac is as great as the anti-virus companies probably would like us to think. Not yet, anyway. But I don't think it's going to stay that way forever.

Unix (Mac) John -- 20/12/07 (in reply to #320091977)

has traditionally been a server based system (some workstations, yes that is true)therefore you don't have users accessing local console resources, This has now changed dramaticially with the MAC desktop where local resources access local facilities and console access is the norm. This doesn't make it better or worse it is really a thorough change it the usage model of a traditional Unix box from data center to user desktop.

Yes, but... Anthony -- 20/12/07

we do need to consider actually weather these issues have actually been exploited in the real world or if they have just been found and plugged by Apple - there is a major difference.

I may be wrong, but I think this fact has been left out of the report (or that I can see, at least)

More FUD? Don't you get tired of this garbage? Anonymous -- 20/12/07

Six years and counting. Still no Mac viruses. A couple of lame trojans that are really no threat? Sure. Try to find one.

So Apple fixed more vulnerabilities than Microsoft did, and that's a bad thing? All it shows is that Apple is serious about keeping the Mac virus free, and Microsoft either can't do anything to stop their platform from being used for enormous bot farms, or they just don't want to.

wake up and smell the coffe misses bueller Anonymous -- 20/12/07

The reality of real exploits today is they are made up of multiple components. Nuwar ring any bells. To think that that there has not been "one" major exploit that has impacted the MAC is to be back in the good old days of large mass mailer worms. Sorry the security landscape has moved on. Bot herders are the only true open community they do not care what platform you are on. But because we can not see it must not be there. Hello China. What governments wouldnt target all os's would they. Hate to burst the bubble but there are MAC's and Linux systems in botnets. We now are getting morons complaining about how the vulnerabilities are counted, and of course the old line about "oh yes but hey they are not real anyway". all exploist are real. Or lest try another lame defence "oh well we are technically savvy thats why we are not getting infected". But hey any time a new bundle comes through it is full of patches but hey we do not admit that. All O/S's are vulnerable all vendors need to act. As IT Professionals we need to educate all users regardless of the paltform. Bot herders are here and everyone is a target. If you want to compare bells and whistles between OS's go ahead. If you want to talk about where we are at with security stick with the facts this is now a crime type. Criminals go where the money is at the moment that is M$ but as MAC and linux get more share, they will get more share.

"War is Peace; Freedom is Slavery; Ignorance is Strength." zaxan -- 20/12/07 (in reply to #320091997)

Hello IT superman, here is a simple explanation of Mac and MAC.

Mac, uppercase "M" lower case "a and "c" is a software, computer and electronics manufacture.
MAC, uppercase "M" "A" and "C" is an acronym that stands for "Media Access Control", which is the address of your computer's unique hardware number.

Anyway please read this article by Daniel Eran Dilger of ROUGHLYDRAFTED MAGAZINE.

http://www.roughlydrafted.com/RD/RDM.Tech.Q2.07/616874CC-35CE-49D3-B859-C2719B6FF352.html

It is immensely interesting, but I point you towards the latter section.

hey boy robbin Anonymous -- 20/12/07 (in reply to #320092003)

and your point is what ????
It's like following the bouncing ball as you finally get nailed down on actual facts you are unable to admit your wrong so we shift the aqrgument onto some trivial or obscure matter.

Here want a game of tennis, read this:
http://blogs.csoonline.com/

No please come back with some resounding comment about the bias of this author and give me a pointer to some other non-biased author that supposebly justifies your point. I have not met an un-biased security expert on this issue yet.

Fact: all OS's have vulnerablities and are all targeted. Live with it get on with actually trying to fix the problem.

"War is Peace; Freedom is Slavery; Ignorance is Strength." zaxzan -- 21/12/07 (in reply to #320092010)

Superman, obviously you are not a fast reader, so I'm typing this out very slowly for you.
I noted from your first post and thus deduced, that you were not only (A) "Biased", whilst purporting to be bipartisan, but you were also (B) "Inequitable" in regard to your rationale, thus leading you to become (C) Redundant.

If you can not get the handle right, why should we listen to your polemics.

While others here had and would explained where "George, Ou No lie is to big to publish" was wrong, as usual, I thought I would address in very SIMPLE terms your inability to compose the word Mac, at the time this seemed a reasonable enterprise as you were expressing yourself as an Alpha IT guardian, with either sheer IT ignorance or a scything supercilious dislike of Apple Mac users, that you felt the need to capitalise all the letters to make yourself feel dominant ... which was it Mr Rob Endle?

Granted, I did push an article, one that I thought would be of interest to you and others, but I suspect that you did not follow the link through. I did read most of the links on - http://blogs.csoonline.com/ - and quite frankly it was not good news for Microsoft, Chad McDonald obviously has latent desires to be an author of cheap novels, lots of fluff but no body.

You should read the story HE / They pushed, from - http://www.darknet.org.uk/2007/08/vista-security-claims-debunked-figures-skewed/ - that should shut you up.

.... "Fact: all OS's have vulnerablities and are all targeted. Live with it get on with actually trying to fix the problem." ... True, true, true, and I do not think anybody is arguing this, I certainly never did. - It's just that ONE has a monumental amount more than the others.

Dean, the first poster I believe, demonstrates the total lack of knowledge re Apple Mac users and OSX. and, I hesitantly venture, OS install base percentages.

why do you bother ?? Anonymous -- 07/01/08 (in reply to #320092068)

So you keep replying trying to justify your comments, but stipulate you agree with what is said.

have you got an alternate opinon or not ?

How about you focus on qulaity and actual content, of which so far you have provided neither. (who cares how good a pa you are with your typing skills) .

Mis-spelling is rife Anonymous -- 26/12/07 (in reply to #320092003)

If you are going to be a nit-picking smart arse it would be best to use your own words correctly. "Manufacturer" is probably what you meant; but even "software manufacturer" is not right.

"War is Peace; Freedom is Slavery; Ignorance is Strength." ZAXZAN -- 05/01/08 (in reply to #320092223)

@Mis-spelling is rife
Thank you for pointing out my spelling error. However, I think that you get the gist as noted by your feeble and unconvincing reply.
My first point stands.

MANUFACTURER -
noun - maker, producer, builder, constructor, creator.

George Ou Anonymous -- 20/12/07

Mr. Ou, I think you have misunderstood something very fundamental about security.

Fixing small holes, makes a product more secure, not less. (Apple)

Not fixing huge holes that result in massive numbers of viruses is bad. (Microsoft)

the truth is out there Anonymous -- 21/12/07 (in reply to #320092015)

so another blatant and ridiculous generalisation with no facts to back it up.

Read this : http://www.digwin.com/view/mac-versus-windows-vulnerability-stats-for-2007

also small V big holes what a ridiculous statemet from someone who does understand downloaders and droppers.

However I am sure someone is going to come back with "wah wah wah is not fair you cant' count the umber, you cant count the criticality its not fair"

Wake up ABM people apple is vulnerable. Welcome to the new rold

eldernorm@hotmail.com elder Norm -- 21/12/07

Tom,
Did you really read Ou's material or just copy paste it. The man is a shill for MIcrosoft. When you look at the articles he writes, its all : Apple = BAD, Microsoft = Good. Period.

PS, if you patch a hole its gone. If you keep quite about them, they are still there. So, do you want your highway patched or full of holes???

what the ? Anonymous -- 21/12/07 (in reply to #320092025)

sorry I did not realise that all the artciles posted here of the highest journlistic calibre and had no bias.

Gees so you mean all thos artciles attacking M$ with no substantive facts are all true.
Well hey thanks for highlighting the first ever article that is not biased to M$.

Oh yeah and good one bring out the old urban myth that holes are being covered up. But then in next sentence talk about how MSFT has a hold on customers purse string. Does not one work against the other. Take some time to think about it. It will click eventually.

Mac vs Phista Anonymous -- 21/12/07

This is not in way way a security comparison, more like a tabloid headline to spark popularity.

There is no comparison in quality between the OS's, the shiners shine for a reason, however some vendors choose to use FUD and market dominance to lock users in to a 1984 governed future. You can always expect to be exploited here.

on the money Anonymous -- 21/12/07 (in reply to #320092035)

absolutely the winners always come through. consumers when given the choice vote and look where they have cast their vote.

Sorry not with Apple and not with Linux. Microsoft wins.

Looking fowad to the response "yeah but my 95 year garndmother can do everything on ..."
Or the other one that always comes trough on these threads"but big bad Microsoft unfairly controls the market by delivering products customers want.

Reality is facts speak numbers speak. apple has holes they need to wake up.

Microsoft was in denial 5 years ago and look where it got them. (dealing with this sort of unfounded and unsubtatntiated dribble.) Pick up the phone Apple, Microsoft is there to help and has been through the pain.

re:on the money Anonymous -- 23/12/07 (in reply to #320092042)

Yes, its all about money, marketing power and what has been default for all these years. Suddenly Microsoft is not the default, its the quick and dirty plan B. People now have a choice and market share has been taken away from windows. Microsoft has never been the best at anything, people now are realising this. Microsoft is losing, and good riddance I say - personally I am sick and tired of the unreliability and defending IT departments for Microsoft's poor practices.

MAC for the Enterprise John -- 24/12/07 (in reply to #320092130)

You must be kidding that MAC have anyplace in the Enterprise environment. They may be okay for kindergarten and early schooling years but they are just not enterprise ready. What I mean is the toolsets provided by Apple are just toys when it comes to managing a fleet of 5000 workstations and in no way provide the level of integration requried to provide a secure and managed workstation fleet. This then requires you to purchase a third aprty applciation to execute the same functionality as is available in the Microsoft stack of applications ie ManageSoft, SMS etc which either native or via 3 rd party addins like Vintela can manage Linux , Mac and Windows platforms. Apple may make great workstations but they build them to be used in one off environments not enterprise environment. If I was wrong why did QLS Police and like organisation ditch all their MAC's for a managable platform.

QLD Police & Macs Capt Cornflakes -- 01/01/08 (in reply to #320092157)

The QLD police force used Apple Macintosh for many years - pre OS X. They had old machines with OS 9 or less, and (I'm going to take a punt here...) when it came time to upgrade in the late 90s, the price of Apple Macs at that time compared to cheapy Windows systems made it an easy switch for the bean counters. It almost always comes down to the money.
If Apple Macintosh with OS X is not ready for enterprise, why has the NSW RTA adopted it as the platform of choice across the state for all tasks? Not ready my ar$e.

Reply to "on the money" zaxzan -- 24/12/07 (in reply to #320092042)

You are so oblivious to the facts it is staggering.

Shouldn't it be Crack and Vista? Anonymous -- 25/12/07 (in reply to #320092035)

Comparing vulnerability stats is pointless. Anonymous -- 24/12/07

Here's why:

http://www.cyber.com.au/users/conz/linux_vs_windows_security_alert_comparison.html

Re: Comparing Vulnerability Stats is Pointless Anonymous -- 28/12/07 (in reply to #320092160)

I came here to post exactly that. The number of vulnerabilities reported by Secunia can't be used as a guage of the security of a product - even Secunia themselves say that in their notes on the report.

Add your opinion

Latest Videos

Play now

Telstra shareholders fear break up
What do Telstra shareholders think of the telco's new CEO David Thodey? And would they support the government'… Watch it now
Play now

The Change Program changes its Agenda
What happens when you change the agenda of the ATO's Change Program, or program in some changes to the Agenda?… Watch it now
Play now

Microsoft's Tracey Fellows on Windows 7
After the launch of Windows 7 last week, ZDNet.com.au spoke briefly with Microsoft Australia and New Zealand M… Watch it now
More videos »

Blogs

The key Topik is always money
One of the big problems of the internet is that is practically impossible to keep up-to-date on preferred topics. You can limit your sources, but this can mean missing a lot of valuable data.
Do we need the legislative blackmail?
Virtually everyone in the telecommunications industry has their say in the Senate Standing Committee's public hearing into the pending legislation to split up Telstra, in this week's Twisted Wire podcast.
Give Tax a break for a Change
Considering the circumstances the Australian Taxation Office's (ATO) Change Program has been operating in over the last few years, it really hasn't been going too badly.
More blogs »

Reader Services

Essentials

Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Best laptops
Check out the best laptops here!
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.

News > Security