It's the time of year again, folks. "The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side. This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months." Do with it as you please.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2007-02-11
I don't CARE which one has better security frameworks or anything as I am a Linux user myself. All I was saying that one can't realistically determine absolutely anything from those numbers for the reasons I already explained. You can't prove me right with those numbers, but you can't prove me wrong either..
From my own experience, both as a programmer having to deal with security issues and as a sysadmin in my high school days (ugh...), it simply begs for me to scream: the security frameworks, locks, cryptographic engines, armors, patches, security advisories and everything else are, in terms of measuring security, completely irrelevant. It's exactly as it happens with planes: you can put eight engines on a pile of concrete. If they don't get the right fuel, are all placed so that they face each other and the only thing the pilot can control is the altitude, it won't fly.
We are talking basically about security on a desktop computer, or a small server, not a bank's server, not FBI's files (does anyone actually use OS X Server for huge datacenters and the like? I'm not calling OS X server dumb, I'm simply thinking in terms of where it's really relevant). In this case, the only relevant security test is placing Random J Idiot in front of the keyboard and let him surf the net, watch porn or whatever else he wants. The more secure computer is the one that still boots after three months, without sending broadcasting and browser histories over the Internet.
Yes, from a statistical point of view, this is very gross: it's a combination of how the system shields itself from dumb users, security by obscurity, low marketshare and so on. However, it still boils down to this: Mac users have very little malware to deal with.
Yes, in the long-term, they might (and, considering how OS X is more of a big hack than of a smart OS, there are serious chances that they will), but the future tense is essential to our discussion. Apple has to watch out for the bugs they might have -- and from the amount of bugfixes, it seems like they are watching out -- while Microsoft is still having to get rid of the bugs they already have.
On the other hand, I can't help seeing the mandatory receivers of the fsck off prize. This isn't Microsoft FUD, no conspiration, and certainly not a mind-twisting invention -- OS X has holes, which are more or less relevant, more or less critical and so on, which is really to be expected from something that comes loaded with a pile of open source software. What these people don't seem to understand is that a patched bug is no longer a security issues. An unpatched, yet-to-be-discovered bug is, however, a security issue.
Member since:
2006-02-15
I don't CARE which one has better security frameworks or anything as I am a Linux user myself. All I was saying that one can't realistically determine absolutely anything from those numbers for the reasons I already explained. You can't prove me right with those numbers, but you can't prove me wrong either..