PDA

View Full Version : Putting Apple's latest security update in perspective.


VanNess
Aug 3, 2006, 03:06 PM
Paul Thurrott, keeper of the "Supersite" (lol) for Windows, notes Apple's latest security update on his blog (http://www.internet-nexus.com/2006/08/apple-fixes-26-mac-os-flaws.htm) and writes:

[T]his sort of thing is an unpleasant reminder that computer security would still be a huge problem if Apple, and not Microsoft, ruled the land.

Really Paul? Maybe a little research will shed some light on that issue.

According to Secunia, from 2003-2006, OS X had 69 security advisories.

http://secunia.com/graph/?type=adv&period=all&prod=96

For the same period, Windows XP, on the other hand, had 124 security advisories.

http://secunia.com/graph/?type=adv&period=all&prod=22

That's bad, but where the rubber meets the road for all users is when the discovery of security vulnerabilities moves from the security researcher's lab to actual malware in the wild. Here the vendor's response in patching known vulnerabilities is critical. Thurrott seems to think that if the roles were reversed and Apple, not Microsoft, ruled the OS landscape, the problem would still loom large. Is he right? He would be - if Apple exhibited the same behavior as Microsoft (it doesn't get any worse) in it's response to patching known security vulnerabilities in it's OS. After all, unpatched vulnerabilities ultimately lead to real world exploits and in the final analysis, that's what really matters. The vendor's role is, therefore, crystal clear in insuring that it's products remain secure as it matures in actual use.

What has Apple's and Microsoft's record actually been in that regard?

http://secunia.com/graph/?type=sol&period=all&prod=96

Apple's unpatched vulnerabilities: 0% remain unpatched

http://secunia.com/graph/?type=sol&period=all&prod=22

Microsoft's unpatched vulnerabilities: 20% remain unpatched

Apparently that bears repeating: 20%, ladies and gentleman, 20% remain unpatched. The witness is dismissed.

And, in case your wondering what Microsoft's response to this issue is...ah, yes, here it is (http://www.youtube.com/watch?v=Nc4MzqBFxZE).

BoyBach
Aug 3, 2006, 04:18 PM
And, in case your wondering what Microsoft's response to this issue is...ah, yes, here it is (http://www.youtube.com/watch?v=Nc4MzqBFxZE).


Hehehe... Ballmer run's Microsoft :D

But seriously, that video is really freaky - a fat, bald, sweaty man screaming on a stage :eek:

jhu
Aug 4, 2006, 07:17 AM
most of those unpatched ones are not critical. although some of them are, and haven't been patched for years.

Rapmastac1
Aug 8, 2006, 01:26 AM
Ok, so what does this mean necessarily?

How do they find these "open doors"? Users, experience, how?

If it were users, I would definatly say YES, of course. For every one Mac user, there are like, 50 windows users. And it makes sense for that reason.