It's the time of year again, folks. "The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side. This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months." Do with it as you please.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-02-15
I don't CARE which one has better security frameworks or anything as I am a Linux user myself. All I was saying that one can't realistically determine absolutely anything from those numbers for the reasons I already explained. You can't prove me right with those numbers, but you can't prove me wrong either..
Member since:2007-02-11
I don't CARE which one has better security frameworks or anything as I am a Linux user myself. All I was saying that one can't realistically determine absolutely anything from those numbers for the reasons I already explained. You can't prove me right with those numbers, but you can't prove me wrong either..
From my own experience, both as a programmer having to deal with security issues and as a sysadmin in my high school days (ugh...), it simply begs for me to scream: the security frameworks, locks, cryptographic engines, armors, patches, security advisories and everything else are, in terms of measuring security, completely irrelevant. It's exactly as it happens with planes: you can put eight engines on a pile of concrete. If they don't get the right fuel, are all placed so that they face each other and the only thing the pilot can control is the altitude, it won't fly.
We are talking basically about security on a desktop computer, or a small server, not a bank's server, not FBI's files (does anyone actually use OS X Server for huge datacenters and the like? I'm not calling OS X server dumb, I'm simply thinking in terms of where it's really relevant). In this case, the only relevant security test is placing Random J Idiot in front of the keyboard and let him surf the net, watch porn or whatever else he wants. The more secure computer is the one that still boots after three months, without sending broadcasting and browser histories over the Internet.
Yes, from a statistical point of view, this is very gross: it's a combination of how the system shields itself from dumb users, security by obscurity, low marketshare and so on. However, it still boils down to this: Mac users have very little malware to deal with.
Yes, in the long-term, they might (and, considering how OS X is more of a big hack than of a smart OS, there are serious chances that they will), but the future tense is essential to our discussion. Apple has to watch out for the bugs they might have -- and from the amount of bugfixes, it seems like they are watching out -- while Microsoft is still having to get rid of the bugs they already have.
On the other hand, I can't help seeing the mandatory receivers of the fsck off prize. This isn't Microsoft FUD, no conspiration, and certainly not a mind-twisting invention -- OS X has holes, which are more or less relevant, more or less critical and so on, which is really to be expected from something that comes loaded with a pile of open source software. What these people don't seem to understand is that a patched bug is no longer a security issues. An unpatched, yet-to-be-discovered bug is, however, a security issue.
Member since:2005-07-08
I don't know how much security experts does Apple have and how good their security processes are.
But they certainly have brilliant engineers that know how to design good software that is not crap. They don't give root privileges to everybody like Microsoft did in XP. They don't determine if a file is executable just by looking at the extension of the file.
I'll take a Apple system over one from Microsoft any day, I've more confidence in the Apple engineers. Sure, they've security mistakes like anyone else, but their software is better suited to avoid "by-design" attacks.
Member since:2007-08-11
Microsoft learnt their lesson years ago and as the processes they have put in place have taken root so the security of their software has improved. Apple ignored the lessons of Microsoft until recently and is starting to pay for it despite their small market share. Apple only recently (1 year ago) advertised for a security expert i.e. someone to head up their security efforts. Hopefully Apple can get their quality up before their users start suffering because of their short sightedness.
Hahahahahahahahahahahahahaha
haven't laughed like that in ages!
Someone claiming that MS must have more secure software because of their "security policy"??! They've had a security policy since they started producing windows...what difference does it make? Even with this new policy, we still see products like Vista hitting the shelves. Not saying its bad but it has just as many vulnerabilities as XP.
I agree that this report means nothing. zilch.
MS dont report all their known vulnerabilities. I thought everyone was aware of this. Apple likely DO report them because they also likely FIX them too. MS fix their bugs but dont release them until the next service pack, which just happens to introduce a ton of new "features" and with it, new bugs.
Nothing new here. Funny that these numbers are still being posted even though the last 999999 times they were put on here, people said the same thing. its irrelevant, so Thom, please stop linking the same crap over and over.
Member since:2007-02-07
"MS dont report all their known vulnerabilities. I thought everyone was aware of this."
Not that I'm saying you're lying or anything, but please provide proof for what you just said.
The fact the you think everyone is aware of it does not constitute proof. When source is not there, we just don't know what is in the patches/service packs.
All that matters and we know is assessing security by counting vulnerabilities is not a valid approach.
Edited 2007-12-21 16:50
Member since:2006-04-04
yup, so the fact that you can now brick a laptop through activeX
http://computerworld.com/action/article.do?command=viewArticleBasic...
is a good example of MS improved security practices?
Member since:2007-06-26
Yes. It is significant. Too many of the `arm chair` systems administrators on this website, from observation, believe in the all-in-one basket way of thinking.
Imagine an entire state college or university system, which generally locks into a single hardware provider or manufacturer, that has purchased HP servers and desktop systems. They come in one morning to find all the HPs have been bricked by a design flaw in the hardware, software or both.
Yes, it can happen to Apple and other hardware providers. I am not in denial.
The next thing you know the CIO, vice presidents, presidents, deans, department heads, faculty and a huge population of students want to roast your `Chest Nuts` over an open fire, a torch or anything else they can find. Your job is now history just because some engineer failed in quality control at a corporation; and you did not have the vision to use more than one brain cell.
The solution?
Try not lock yourself into just a single hardware or software provider. If everyone is thinking alike, then someone isn't thinking. Simplicity does not reduce vulnerabilities in the IT trade. Diversity increases success and sustainability.
Edited 2007-12-21 17:46 UTC
Member since:2006-02-16
Member since:
2005-07-06
Please. Nobody has put in better processes to ensure secure software - see Microsoft Security Development LifeCycle.
Microsoft learnt their lesson years ago and as the processes they have put in place have taken root so the security of their software has improved. Apple ignored the lessons of Microsoft until recently and is starting to pay for it despite their small market share. Apple only recently (1 year ago) advertised for a security expert i.e. someone to head up their security efforts. Hopefully Apple can get their quality up before their users start suffering because of their short sightedness.