Mac versus Windows vulnerability stats for 2007

Discussion in ' News Discussion' started by MacBytes, Dec 21, 2007.

  1. MacBytes macrumors bot

    Jul 5, 2003
  2. crazedbytheheat macrumors regular

    Aug 23, 2003
    This should be interesting.

    I await the well reasoned discussion to follow.
  3. JSchwage macrumors 6502a


    May 5, 2006
    Rochester, NY
    Ouch. Well, at least there's almost nobody creating viruses or spyware for OS X.
  4. ImageWrangler macrumors regular

    Apr 28, 2007
    upstate New York
    Those figures don't lie, but those liars sure figure.
  5. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Hopefully it will stay civil (evil moderator grin) ... but to be honest, I think most of us were quite aware of these statistics for some time now. This summary should not come as too much of a surprise to anyone who's been watching IT security in 2007...
  6. dvkid macrumors regular

    Feb 18, 2006

    Who cares if my house has more broken windows than yours if nobody is trying to climb in them?

    Besides, *NIX underpinings, responsible computing, and a decent backup structure (thanks to Time Machine) have me not so worried about this.
  7. Mydel macrumors 6502a


    Apr 8, 2006
    Sometimes here mostly there
    We all know that "secure system" doesnt exist. Macs for now has not enough market share and are mostly in private hands to be an important target for hackers. But that will change, soon I think. We can only hope that Apple will step up and take care of the security least to some extent.
    But its also up to consumers. I have the feeling that Mac users are more "qualify" in computers than average PC user. But reading MR clearly indicate that its changing. The questions asked by many people, (switchers mostly) points to total ignorance and lack of basic skills, common sense. I read MR for years and would call it an important trend.
  8. jephrey macrumors regular


    Dec 19, 2005
    I'm curious how these vulnerabilities affect the common user. Is this basically saying that mysteriously, nobody is exploiting any mac vulnerabilities? Do we not hear about it? Is there something else at play that makes the Mac's vulnerabilities not as serious?

  9. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    I didn't look through this specific list of vulnerabilities, but I think the difference is that generally most of the Mac vulnerabilities (but not all of them) are local exploits, meaning that the local user (you) has to give the hacking agent (program or person) access to the computer. So you are vulnerable to things like trojan horses, but many of these exploits are insufficient grounds on which to build a virus. In contrast, in Windows, more of the exploits traditionally have associated vectors that allow an intrusive agent to gain access without the user having to do anything obvious -- e.g. files are either obtained automatically and executed silently from the internet while doing something innocuous or else the exploit can be packaged into a virus (i.e. it can infect the host computer and use the host computer's resources to replicate from file to file, thereby spreading).

    Without the virus or worm formulations, it's hard for an exploit, even in the wild, to achieve a high penetration.

    That doesn't mean Mac users are safe. It's just part of the explanation as to why Windows can have a smaller number of new exploits and a larger number of actual affected installations, while OS X has a lot of new exploits and no one is being affected by any of them.
  10. pgwalsh macrumors 68000


    Jun 21, 2002
    New Zealand
    Regardless of the seriousness of the exploits, Apple needs to close them off asap and really be proactive. They really becoming popular and it would be a shame if they started losing face from a security standpoint.

    It's easy for us to poo poo this article or any other, but in all do respect, it would be much better if we pressed Apple to fix the problems and double or tripple their effort to prevent future vulnerabilities.
  11. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    Personally, I like to live in a house without broken windows. Call me snooty, but I just think its kind of trashy to have broken windows lie around unfixed...

    Which is pretty much what is happening with the current state of Mac security. Apple may have based OSX on UNIX, but they don't update it worth crap. Any OS is only as secure as it is patched.

    Take Mac OS X Server... Squirrelmail (the default web mail client) is still at 1.4.10a... that was released in May of 2007. PHP is still in version 4. Etc...
  12. zombitronic macrumors 65816


    Feb 9, 2007
    Why does the Mac Bytes link for Vista vs Mac OS X Security: Why George Ou’s ZDNet Vulnerability Numerology is Absurd on the Mac Rumors home page take me to the same exact page as Mac versus Windows vulnerability stats for 2007?
  13. ToneFREQ macrumors newbie


    May 14, 2007
    Boston, MA USA
    I, for one, am happy to see reports like this because it puts pressure on Apple to fix the issues. Sometimes the squeaky wheel gets the grease.
  14. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Thanks for the information. For what it's worth, this Macbytes seems to point to the correct place, but there appears to be an error in the other Macbytes article (the "Why George Ou..." one). I'll contact the admin and see if I can't get it fixed.
  15. whlteXbread macrumors newbie

    Oct 8, 2007
    Seems to me that most of the windows level H exploits are execution of arbitrary code - I didn't read through all the X exploits but most of the H exploits are much more mild than executing arbitrary code...

    also most of the X security holes result in holes from 3rd party programs, be they open source, otherwise free (flash) or M$ - the holes that result from apple software (that i found) don't usually allow for buffer overflows or arbitrary code execution, and that makes up the majority of M$ app holes in XP + Vista.

    In all reality though, it would be nice if Apple were faster to push updates from OSS that has been patched external to apple.

    I say that it's still much harder to fully compromise (gain root access to) X than vista or XP. That is probably true for just about any distribution of *NIX.
  16. zombitronic macrumors 65816


    Feb 9, 2007
    I did notice that. From, you do get a link to a different article when clicking on the Why George Ou... link. Unfortunately, there's nothing there except the lucky number 404.

    I just Googled that article title and found it. It's right here for anyone interested in reading the retaliation. I'm gonna read it right now...
  17. johny5 macrumors 6502a


    Mar 31, 2007
    Hands up all of those that would like to see "exploits" already addressed and fixed SWAPPED for new daily viruses!?

    My 4 xp boxes have been dormant for over 5 months now, shame really as 2 of them are pretty powerful beasts, but i have not use for them.
  18. dvkid macrumors regular

    Feb 18, 2006
    Somebody smack me if I'm wrong here, but I do believe that Apple is already doing this. Security Updates come out pretty regularly it seems.

    Also, when looking at the numbers users should take into account the higher number of times Apple has released a major upgrade to their OS. With every major upgrade comes a whole slue of vulnerabilities. The higher number of upgrades, the higher the number of problems.

    I also found this point especially interesting in one of the comments to the above linked post. Apple's base code is open source. Meaning that there are a whole lot more eyes staring at it from a bunch of different projects. Thus when Apple finds a vulnerability it has likely already been seen or will soon be seen by somebody else. Not sure if that really plays into it much, but who really knows?
  19. Consultant macrumors G5


    Jun 27, 2007
    The accounting methods are biased.

    "Only XP Pro and Vista were counted on the Windows side, whereas all versions of Mac OS X were factored in, including server editions. There are also said to be a number of warnings mislabeled by Ou, ones which either affected all operating systems, third-party software, or Apple programs running on Windows or the iPhone. It is suggested that if all factors were properly weighed, a user of Mac OS X Tiger or Leopard would likely encounter far fewer risks than someone using Windows XP, and possibly Vista."

    Additional info:
  20. whlteXbread macrumors newbie

    Oct 8, 2007
    AND, oh yeah, the list of 200+ exploits included iPhone exploits...SOMEONE is flamebaiting!!

    doh, beat to the punch...
  21. jayducharme macrumors 68030


    Jun 22, 2006
    The thick of it
  22. John-S macrumors member

    Jun 11, 2007
    yeah, this guy if so full of crap. I've spent the last hour going through that website he got the statistics from.

    1st - The odvious, he is only comparing xp pro and vista '07 to EVERY VERSION of OS X made.

    2nd - He is basically only listing the "advisories" # on those pages for XP Pro and Vista. In that case, with every version of OS X there are only 26 advisories while XP Pro alone has 30. Although he was nice enough to only include the "advisory" #'s plus one or two with Windows he didn't with OS X. He actually went in to each advisory and added up everything included with each advisory. If he did that with Windows it would have added to more.

    3rd - He included other software in OS X OTHER then OS X. Flash player, SAFARI BETA (thats right... he included every flaw in a BETA program) etc.

    4th - He didn't even bother to mention the EXTREMELY CRITICAL - Internet Explorer Multiple Code Execution Vulnerabilities - listed on Secunia's website on the 11th. If your going to mention Safari BETA then shouldn't this be inlcluded?

    5th - In the way he provides info from Secunia's website, the world will be happy to know that XP Home has only had 182 advisories in its HISTORY of that website. Guess XP is pretty UN-Flawed...

    6th - This includes every flaw plus some that you can find on Apples website. I would like to see why 234 are listed as "Highly Critical". Anyways, I have gone onto Microsoft's website and found SEVERAL vulnerabilities not even listed in this report.

    7th - This guy states that "Secunia" is impartial and that may be true... but his article CLEARLY isn't.

    8th - We don't need Apple to "step up" on security because of articles like this. This is proof that Apple has always stepped up because almost every vulnerability listed there has a link to apple website and a patch that was created before anything ever got into the wild.

    9th - SP3 is due very soon. Wonder how much is listed there? Apple is listing all their vulnerabilities everytime they issue an update. If windows would put out more security updates then maybe these guys would read them more when doing reviews and use that info.

    10th - I just wanted to make it to 10 since I had no idea why I #rd my comments. Thats the second time I've done this on a forum in a week... Weird, dumb new habit.

    The writer of this article is in NO WAY credible. He just wanted headlines and to "appear" he knew what he was talking by adding links about HOPING nobody would actually do any footwork on those links.

    As for that contest he referred too. Nobody won fair and square. Nobody got root-privileges so they changed the rules so someone could win. Read this article:

    I still like what sophos recommends. But I'm sure they are not as credible ; )

    "In addition, the continued dominance of Windows-based threats has prompted Sophos to suggest that many home users should consider switching to Apple Macs, to shield themselves from the malware onslaught."
    (article written in 2006)
  23. walnuts macrumors 6502

    Nov 8, 2007
    Brooklyn, NY
    Yes, but, we as a mac community, and certainly apple as a company, shouldn't be touting/marketing that mac is so much secure than windows. A pile of firewood isn't fireproof just because someone hasn't lit it on fire.
  24. Brianstorm91 macrumors 65816


    Sep 30, 2007
    Cambridge, UK
    My hate for Windows grows stronger day by day, I physically cannot wait any longer than MacWorld, if I don't get a new MBP then I will probably kill myself.
    Windows is so unbearable, I can't stand it. I've spent an hour trying to get 1 video into iTunes because of about 700 different Windows-related DRM or Codec or DivX or general tight-arseness, I. Loathe. Windows.
    I'm going to throw this laptop out of my window I swear.
  25. cwt1nospam macrumors 6502a

    Oct 6, 2006
    These are not exploits. They're vulnerabilities that Apple closed. That's one of the things that makes the article so absurd! He's essentially saying that because Apple closed more vulnerabilities, the Mac OS must be more vulnerable. Of course, he's ignoring the fact Windows is successfully exploited thousands of times per day while a few Mac users have had some relatively minor trouble with a trojan. That's a crucial point because if the Mac is rarely exploited now, and Apple is closing lots more vulnerabilities than Microsoft is, then if we're going to come to any conclusion it would have to be that the Mac OS is becoming even more secure than Windows.

    Just to be clear: I'm not saying the Mac is 100% secure. NOTHING ever is. Not even Fort Knox. But relative to the corner store that is Windows, OS X looks as strong as Fort Knox.

Share This Page