Linked by Thom Holwerda on Thu 20th Dec 2007 21:42 UTC
Privacy, Security, Encryption It's the time of year again, folks. "The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side. This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months." Do with it as you please.
Thread beginning with comment 292664
To read all comments associated with this story, please click here.
the numbers don't add up.
by eMPee584 on Fri 21st Dec 2007 09:36 UTC
eMPee584
Member since:
2007-01-29

You can't compare the numbers.. I had a look at the details of some of the bugs, and while Apple classifies bugs like "allows remote attackers to obtain sensitive information via a crafted web page" and similar glitches as critical, the MS ones usually ARE critical, and even deserve a higher ranking ("Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.")
So you can't compare the numbers one to one and say Apple has bigger security problems.. they might just have more of the high-level stuff gone wrong, while MS has the low-level backdoors scattered over all their binaries.. remotely exploitable.. am I happy I don't use that sh1t no more.

Reply Score: 3

RE: the numbers don't add up.
by MollyC on Fri 21st Dec 2007 19:58 in reply to "the numbers don't add up."
MollyC Member since:
2006-07-04

You're rationalizing things to fit your preconceived notions.

But I agree, one shouldn't compare the number of vulnerability reports of one OS vs another, since the reporting mechanism for different OSes might have different metrics.

But what one CAN look at is the trend lines for a particular OS. It's like the pre-election political polls that we in the US are being inundated with right now. Comparing the results of say, a Zogby poll of last week with a NY Times poll of this week and using that to determine which candidates are gaining or fading is foolhardy because Zogby uses different polling methodology than NY Times. But comparing Zogby poll of today, vs Zogby poll of two weeks ago, and with Zogby poll of 4 weeks ago provides a trend line that is valid since you are then comparing the results of a single poll with a single methodology over a partuclar time period.

So, while comparing Windows vulnerability reports with Mac may be meaningless, it does seem that Windows vulnerability reports are trending down, while OSX's are trending up, which is not meaningless at all.

Well, it might be meaningless for Macs anyway, since nobody bothers to attack Macs even with the holes it has. But Windows vulnerability reports trending down is good for everyone (except for those MS haters that would rather retain "security" as a talking point).

Edited 2007-12-21 20:13

Reply Parent Score: 4

WereCatf Member since:
2006-02-15

But comparing Zogby poll of today, vs Zogby poll of two weeks ago, and with Zogby poll of 4 weeks ago provides a trend line that is valid since you are then comparing the results of a single poll with a single methodology over a partuclar time period.

But that is not the same thing.. Sure, if one compared the number of _Windows-specific_ patches now and in the past then one would draw some hints from that and that might actually be useful. But comparing two totally different OSes like this is not fair for either one. It misses totally all the strong points of Windows and the not-so-strong points of OSX.. and vice versa.

But then about the OS security itself.. Well, I can't say much but to me it seems that a default install of XP does get infected faster than OSX installs but IMHO that's just mostly because there exists more XP machines and software for it. That still doesn't say anything about the Windows security vs OSX security. Who knows, maybe OSX would be in quite a tight situation if the market share was equal?

Reply Parent Score: 3