Apple Mac less secure than Windows in 2007?

Apple Mac less secure than Windows in 2007?

Summary: During 2007, Apple has patched more than ten times the number of critical vulnerabilities in Mac OS X compared to the number patched in Microsoft Windows.

SHARE:

During 2007, Apple has patched more than ten times the number of critical vulnerabilities in Mac OS X compared to the number patched in Microsoft Windows.

George Ou, a writer for ZDNet Australia sister site ZDNet.com, analysed in-depth statistics from security research company Secunia as a basis for his research. He found that Apple's latest operating system, Mac OS X, faced more critical flaws than Windows XP and Vista combined.

While Mac OS X had 234 highly critical vulnerabilities reported in 2007, Vista and XP combined had 23, Ou wrote.

"This shows that Apple had more than five times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious," wrote Ou. "Clearly this goes against conventional wisdom."

Macs have traditionally been viewed as suffering from fewer vulnerabilities than Windows.

Ou made the comparison as an indicator of how many vulnerabilities might exist in 2008, rather than a comparison of the relative security of the operating systems. He said that security had improved with both Windows Vista and Mac OS X Leopard (version 10.5) this year.

Some experts have said that counting vulnerabilities is not necessarily reliable as a measure of security.

Tristan Nitot, president of Mozilla Europe, told ZDNet.co.uk this month that it was more important to take into account the time it takes to patch vulnerabilities.

The amount of exploit code available in the wild also has an impact on security. While there are thousands of pieces of code that seek to exploit Windows XP vulnerabilities, exploit code for Mac OS X is relatively rare.

Topics: Apple, Hardware, Microsoft, Operating Systems, Security, Windows

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • Mac users are their own worst enemy

    The problem is that once malware does start to surface does the Mac, and I believe it will, Mac users believe they are totally invulnerable and do all sorts of things that a typical Windows user wouldn't even think about. Opening emails from unknown people, running unknown files, etc. It'll take a while to train Mac users to be as diligent as Windows users.

    Someone in the other article you linked to also commented on the fact that Linux/Unix doesn't see as many viruses/trojans as Windows, even though the Linux/Unix market share is greater than the Mac. The reason, I believe, is because the Unix community is generally much more computer-savvy than the Windows market. And Unix users know all about "best practices" and that sort of thing.

    Anyway, I don't think the threat to the Mac is as great as the anti-virus companies probably would like us to think. Not yet, anyway. But I don't think it's going to stay that way forever.
    anonymous
  • Unix (Mac)

    has traditionally been a server based system (some workstations, yes that is true)therefore you don't have users accessing local console resources, This has now changed dramaticially with the MAC desktop where local resources access local facilities and console access is the norm. This doesn't make it better or worse it is really a thorough change it the usage model of a traditional Unix box from data center to user desktop.
    anonymous
  • Yes, but...

    we do need to consider actually weather these issues have actually been exploited in the real world or if they have just been found and plugged by Apple - there is a major difference.

    I may be wrong, but I think this fact has been left out of the report (or that I can see, at least)
    anonymous
  • More FUD? Don't you get tired of this garbage?

    Six years and counting. Still no Mac viruses. A couple of lame trojans that are really no threat? Sure. Try to find one.

    So Apple fixed more vulnerabilities than Microsoft did, and that's a bad thing? All it shows is that Apple is serious about keeping the Mac virus free, and Microsoft either can't do anything to stop their platform from being used for enormous bot farms, or they just don't want to.
    anonymous
  • wake up and smell the coffe misses bueller

    The reality of real exploits today is they are made up of multiple components. Nuwar ring any bells. To think that that there has not been "one" major exploit that has impacted the MAC is to be back in the good old days of large mass mailer worms. Sorry the security landscape has moved on. Bot herders are the only true open community they do not care what platform you are on. But because we can not see it must not be there. Hello China. What governments wouldnt target all os's would they. Hate to burst the bubble but there are MAC's and Linux systems in botnets. We now are getting morons complaining about how the vulnerabilities are counted, and of course the old line about "oh yes but hey they are not real anyway". all exploist are real. Or lest try another lame defence "oh well we are technically savvy thats why we are not getting infected". But hey any time a new bundle comes through it is full of patches but hey we do not admit that. All O/S's are vulnerable all vendors need to act. As IT Professionals we need to educate all users regardless of the paltform. Bot herders are here and everyone is a target. If you want to compare bells and whistles between OS's go ahead. If you want to talk about where we are at with security stick with the facts this is now a crime type. Criminals go where the money is at the moment that is M$ but as MAC and linux get more share, they will get more share.
    anonymous
  • "War is Peace; Freedom is Slavery; Ignorance is Strength."

    Hello IT superman, here is a simple explanation of Mac and MAC.

    Mac, uppercase "M" lower case "a and "c" is a software, computer and electronics manufacture.
    MAC, uppercase "M" "A" and "C" is an acronym that stands for "Media Access Control", which is the address of your computer's unique hardware number.

    Anyway please read this article by Daniel Eran Dilger of ROUGHLYDRAFTED MAGAZINE.

    http://www.roughlydrafted.com/RD/RDM.Tech.Q2.07/616874CC-35CE-49D3-B859-C2719B6FF352.html

    It is immensely interesting, but I point you towards the latter section.
    anonymous
  • hey boy robbin

    and your point is what ????
    It's like following the bouncing ball as you finally get nailed down on actual facts you are unable to admit your wrong so we shift the aqrgument onto some trivial or obscure matter.

    Here want a game of tennis, read this:
    http://blogs.csoonline.com/

    No please come back with some resounding comment about the bias of this author and give me a pointer to some other non-biased author that supposebly justifies your point. I have not met an un-biased security expert on this issue yet.

    Fact: all OS's have vulnerablities and are all targeted. Live with it get on with actually trying to fix the problem.
    anonymous
  • George Ou

    Mr. Ou, I think you have misunderstood something very fundamental about security.

    Fixing small holes, makes a product more secure, not less. (Apple)

    Not fixing huge holes that result in massive numbers of viruses is bad. (Microsoft)
    anonymous
  • eldernorm@hotmail.com

    Tom,
    Did you really read Ou's material or just copy paste it. The man is a shill for MIcrosoft. When you look at the articles he writes, its all : Apple = BAD, Microsoft = Good. Period.

    PS, if you patch a hole its gone. If you keep quite about them, they are still there. So, do you want your highway patched or full of holes???
    anonymous
  • Mac vs Phista

    This is not in way way a security comparison, more like a tabloid headline to spark popularity.

    There is no comparison in quality between the OS's, the shiners shine for a reason, however some vendors choose to use FUD and market dominance to lock users in to a 1984 governed future. You can always expect to be exploited here.
    anonymous
  • the truth is out there

    so another blatant and ridiculous generalisation with no facts to back it up.

    Read this : http://www.digwin.com/view/mac-versus-windows-vulnerability-stats-for-2007

    also small V big holes what a ridiculous statemet from someone who does understand downloaders and droppers.

    However I am sure someone is going to come back with "wah wah wah is not fair you cant' count the umber, you cant count the criticality its not fair"

    Wake up ABM people apple is vulnerable. Welcome to the new rold
    anonymous
  • what the ?

    sorry I did not realise that all the artciles posted here of the highest journlistic calibre and had no bias.

    Gees so you mean all thos artciles attacking M$ with no substantive facts are all true.
    Well hey thanks for highlighting the first ever article that is not biased to M$.

    Oh yeah and good one bring out the old urban myth that holes are being covered up. But then in next sentence talk about how MSFT has a hold on customers purse string. Does not one work against the other. Take some time to think about it. It will click eventually.
    anonymous
  • on the money

    absolutely the winners always come through. consumers when given the choice vote and look where they have cast their vote.

    Sorry not with Apple and not with Linux. Microsoft wins.

    Looking fowad to the response "yeah but my 95 year garndmother can do everything on ..."
    Or the other one that always comes trough on these threads"but big bad Microsoft unfairly controls the market by delivering products customers want.

    Reality is facts speak numbers speak. apple has holes they need to wake up.

    Microsoft was in denial 5 years ago and look where it got them. (dealing with this sort of unfounded and unsubtatntiated dribble.) Pick up the phone Apple, Microsoft is there to help and has been through the pain.
    anonymous
  • "War is Peace; Freedom is Slavery; Ignorance is Strength."

    Superman, obviously you are not a fast reader, so I'm typing this out very slowly for you.
    I noted from your first post and thus deduced, that you were not only (A) "Biased", whilst purporting to be bipartisan, but you were also (B) "Inequitable" in regard to your rationale, thus leading you to become (C) Redundant.

    If you can not get the handle right, why should we listen to your polemics.

    While others here had and would explained where "George, Ou No lie is to big to publish" was wrong, as usual, I thought I would address in very SIMPLE terms your inability to compose the word Mac, at the time this seemed a reasonable enterprise as you were expressing yourself as an Alpha IT guardian, with either sheer IT ignorance or a scything supercilious dislike of Apple Mac users, that you felt the need to capitalise all the letters to make yourself feel dominant ... which was it Mr Rob Endle?

    Granted, I did push an article, one that I thought would be of interest to you and others, but I suspect that you did not follow the link through. I did read most of the links on - http://blogs.csoonline.com/ - and quite frankly it was not good news for Microsoft, Chad McDonald obviously has latent desires to be an author of cheap novels, lots of fluff but no body.

    You should read the story HE / They pushed, from - http://www.darknet.org.uk/2007/08/vista-security-claims-debunked-figures-skewed/ - that should shut you up.

    .... "Fact: all OS's have vulnerablities and are all targeted. Live with it get on with actually trying to fix the problem." ... True, true, true, and I do not think anybody is arguing this, I certainly never did. - It's just that ONE has a monumental amount more than the others.

    Dean, the first poster I believe, demonstrates the total lack of knowledge re Apple Mac users and OSX. and, I hesitantly venture, OS install base percentages.
    anonymous
  • re:on the money

    Yes, its all about money, marketing power and what has been default for all these years. Suddenly Microsoft is not the default, its the quick and dirty plan B. People now have a choice and market share has been taken away from windows. Microsoft has never been the best at anything, people now are realising this. Microsoft is losing, and good riddance I say - personally I am sick and tired of the unreliability and defending IT departments for Microsoft's poor practices.
    anonymous
  • Reply to "on the money"

    You are so oblivious to the facts it is staggering.
    anonymous
  • MAC for the Enterprise

    You must be kidding that MAC have anyplace in the Enterprise environment. They may be okay for kindergarten and early schooling years but they are just not enterprise ready. What I mean is the toolsets provided by Apple are just toys when it comes to managing a fleet of 5000 workstations and in no way provide the level of integration requried to provide a secure and managed workstation fleet. This then requires you to purchase a third aprty applciation to execute the same functionality as is available in the Microsoft stack of applications ie ManageSoft, SMS etc which either native or via 3 rd party addins like Vintela can manage Linux , Mac and Windows platforms. Apple may make great workstations but they build them to be used in one off environments not enterprise environment. If I was wrong why did QLS Police and like organisation ditch all their MAC's for a managable platform.
    anonymous
  • Comparing vulnerability stats is pointless.

    Here's why:

    http://www.cyber.com.au/users/conz/linux_vs_windows_security_alert_comparison.html
    anonymous
  • Shouldn't it be Crack and Vista?

    anonymous
  • Mis-spelling is rife

    If you are going to be a nit-picking smart arse it would be best to use your own words correctly. "Manufacturer" is probably what you meant; but even "software manufacturer" is not right.
    anonymous