Mac versus Windows vulnerability stats for 2007

Summary:The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5).

The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5).   But to get some perspective of how many publicly known holes found in these two operating systems, I've compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side.  This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months.  The more monthly flaws there are in the historical trend, the more likely it is that someone will find a hole to exploit in the future.  For example back in April of this year, hackers took over a fully patched Macbook and won $10,000 plus the Macbook they hacked.

I used vulnerability statistics from an impartial third party vendor Secunia and I broke them down by Windows XP flaws, Vista flaws, and Mac OS X flaws.  Since Secunia doesn't offer individual numbers for Mac OS X 10.5 and 10.4, I merged the XP and Vista vulnerabilities so that we can compare Vista + XP flaws to Mac OS X.  In case you're wondering how 19 plus 12 could equal 23, this is because there are many overlapping flaws that is shared between XP and Vista so those don't get counted twice just as I don't count something that affects Mac OS X 10.4 and 10.5 twice.

Windows XP, Vista, and Mac OS X vulnerability stats for 2007
  XP Vista XP + Vista Mac OS X
Total extremely critical 3 1 4 0
Total highly critical 19 12 23 234
Total moderately critical 2 1 3 2
Total less critical 3 1 4 7
Total flaws 34 20 44 243
Average flaws per month 2.83 1.67 3.67 20.25
 X Extremely critical  H Highly critical  M Moderately critical  L Less critical

So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious.  Clearly this goes against conventional wisdom because the numbers show just the opposite and it isn't even close.

Also noteworthy is that while Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren't present in Windows XP.  Sidebar accounted for three of those additional vulnerabilities and it's something I am glad I don't use.  The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.

Windows XP, Vista, and Mac OS X vulnerability details for 2007
Month Windows XP Windows Vista Mac OS X
DEC CVE-2007-0064 H CVE-2007-3039 L CVE-2007-3895 H CVE-2007-3901 H CVE-2007-5355 L CVE-2007-0064 H CVE-2007-5350 L CVE-2007-3895 H CVE-2007-3901 H CVE-2007-5351 M CVE-2007-5355 L   CVE-2006-0024 H CVE-2007-1218 H CVE-2007-1659 H CVE-2007-1660 H CVE-2007-1661 H CVE-2007-1662 H CVE-2007-3798 H CVE-2007-3876 H CVE-2007-4131 H CVE-2007-4351 H CVE-2007-4572 H CVE-2007-4708 H CVE-2007-4709 H CVE-2007-4710 H CVE-2007-4766 H CVE-2007-4767 H CVE-2007-4768 H CVE-2007-4965 H CVE-2007-5379 H CVE-2007-5380 H CVE-2007-5398 H CVE-2007-5476 H CVE-2007-5770 H CVE-2007-5847 H CVE-2007-5848 H CVE-2007-5849 H CVE-2007-5858 H CVE-2007-5850 H CVE-2007-5851 H CVE-2007-5853 H CVE-2007-5854 H CVE-2007-5855 H CVE-2007-5856 H CVE-2007-5857 H CVE-2007-5859 H CVE-2007-5860 H CVE-2007-5861 H CVE-2007-5863 H CVE-2007-6077 H CVE-2007-6165 H CVE-2006-4339 H CVE-2006-6731 H CVE-2006-6736 H CVE-2006-6745 H CVE-2007-0243 H CVE-2007-2435 H CVE-2007-2788 H CVE-2007-2789 H CVE-2007-3004 H CVE-2007-3005 H CVE-2007-3503 H CVE-2007-3504 H CVE-2007-3655 H CVE-2007-3698 H CVE-2007-3922 H CVE-2007-4381 H CVE-2007-5232 H CVE-2007-5862 H CVE-2007-6276 M
NOV     CVE-2007-6165 H CVE-2007-4702 L CVE-2007-4703 L CVE-2007-4704 L CVE-2005-0953 H CVE-2005-1260 H CVE-2007-0464 H CVE-2007-0646 H CVE-2007-2926 H CVE-2007-3456 H CVE-2007-3749 H CVE-2007-3756 H CVE-2007-3758 H CVE-2007-3760 H CVE-2007-3999 H CVE-2007-4267 H CVE-2007-4268 H CVE-2007-4269 H CVE-2007-4671 H CVE-2007-4678 H CVE-2007-4679 H CVE-2007-4680 H CVE-2007-4681 H CVE-2007-4682 H CVE-2007-4683 H CVE-2007-4684 H CVE-2007-4685 H CVE-2007-4686 H CVE-2007-4687 H CVE-2007-4688 H CVE-2007-4689 H CVE-2007-4690 H CVE-2007-4691 H CVE-2007-4692 H CVE-2007-4693 H CVE-2007-4694 H CVE-2007-4695 H CVE-2007-4696 H CVE-2007-4697 H CVE-2007-4698 H CVE-2007-4699 H CVE-2007-4700 H CVE-2007-4701 H CVE-2007-4743 H
OCT CVE-2007-5587 L CVE-2007-2217 H CVE-2007-2228 L CVE-2007-3897 H CVE-2007-2228 L CVE-2007-3897 H  
SEPT CVE-2007-4916 M CVE-2007-3036 L  
AUG CVE-2007-1749 H CVE-2007-3034 H CVE-2007-2224 H CVE-2007-3033 H CVE-2007-3032 H CVE-2007-3891 H CVE-2007-1749 H CVE-2004-0996 H CVE-2004-2541 H CVE-2005-0758 H CVE-2005-3128 H CVE-2006-2842 H CVE-2006-3174 H CVE-2006-4019 H CVE-2006-6142 H CVE-2007-0450 H CVE-2007-0478 H CVE-2007-1001 H CVE-2007-1262 H CVE-2007-1358 H CVE-2007-1460 H CVE-2007-1461 H CVE-2007-1484 H CVE-2007-1521 H CVE-2007-1583 H CVE-2007-1711 H CVE-2007-1717 H CVE-2007-1860 H CVE-2007-2403 H CVE-2007-2404 H CVE-2007-2405 H CVE-2007-2406 H CVE-2007-2407 H CVE-2007-2408 H CVE-2007-2409 H CVE-2007-2410 H CVE-2007-2442 H CVE-2007-2443 H CVE-2007-2446 H CVE-2007-2447 H CVE-2007-2589 H CVE-2007-2798 H CVE-2007-3742 H CVE-2007-3744 H CVE-2007-3745 H CVE-2007-3746 H CVE-2007-3747 H CVE-2007-3748 H CVE-2007-3944 H  
JUL CVE-2007-3896 H CVE-2007-4041 H CVE-2007-5020 H    
JUN CVE-2007-2219 H CVE-2007-2218 H CVE-2007-1658 H CVE-2007-2225 H CVE-2007-2227 H CVE-2007-1658 H CVE-2007-2225 H CVE-2007-2227 H CVE-2007-2229 L CVE-2007-2399 H CVE-2007-2401 H CVE-2007-2242 M
MAY     CVE-2005-3011 H CVE-2006-4095 H CVE-2006-4096 H CVE-2006-4573 H CVE-2006-5467 H CVE-2006-6303 H CVE-2007-0493 H CVE-2007-0494 H CVE-2007-0740 H CVE-2007-0750 H CVE-2007-0751 H CVE-2007-0752 H CVE-2007-0753 H CVE-2007-1536 H CVE-2007-1558 H CVE-2007-2386 H CVE-2007-2390 H
APR CVE-2007-1205 H CVE-2007-1206 L CVE-2007-1973 L CVE-2007-1209 L CVE-2006-0300 H CVE-2006-5867 H CVE-2006-6143 H CVE-2006-6652 H CVE-2007-0022 H CVE-2007-0465 H CVE-2007-0646 H CVE-2007-0724 H CVE-2007-0725 H CVE-2007-0729 H CVE-2007-0732 H CVE-2007-0735 H CVE-2007-0736 H CVE-2007-0737 H CVE-2007-0738 H CVE-2007-0739 H CVE-2007-0741 H CVE-2007-0742 H CVE-2007-0743 H CVE-2007-0744 H CVE-2007-0745 H CVE-2007-0746 H CVE-2007-0747 H CVE-2007-0957 H CVE-2007-1216 H
MAR CVE-2007-0038 X CVE-2007-0038 X CVE-2005-2959 H CVE-2006-0225 H CVE-2006-0300 H CVE-2006-1516 H CVE-2006-1517 H CVE-2006-2753 H CVE-2006-3081 H CVE-2006-3469 H CVE-2006-4031 H CVE-2006-4226 H CVE-2006-4829 H CVE-2006-4924 H CVE-2006-5051 H CVE-2006-5052 H CVE-2006-5330 H CVE-2006-5679 H CVE-2006-5836 H CVE-2006-6061 H CVE-2006-6062 H CVE-2006-6097 H CVE-2006-6129 H CVE-2006-6130 H CVE-2006-6173 H CVE-2007-0229 H CVE-2007-0236 H CVE-2007-0267 H CVE-2007-0299 H CVE-2007-0318 H CVE-2007-0463 H CVE-2007-0467 H CVE-2007-0588 H CVE-2007-0719 H CVE-2007-0720 H CVE-2007-0721 H CVE-2007-0722 H CVE-2007-0723 H CVE-2007-0724 H CVE-2007-0728 H CVE-2007-0726 H CVE-2007-0730 H CVE-2007-0731 H CVE-2007-0733 H CVE-2007-1071 H
FEB CVE-2006-1311 L CVE-2007-0025 L CVE-2007-0026 M CVE-2007-0210 L CVE-2007-0211 L CVE-2006-5559 H CVE-2007-0214 H CVE-2006-5270 H CVE-2007-0021 H CVE-2007-0023 H CVE-2007-0197 H CVE-2007-0614 H CVE-2007-0710 H
JAN CVE-2007-0024 X   CVE-2007-0462 L CVE-2007-0023 L CVE-2007-0355 L CVE-2007-0236 L CVE-2007-0229 H

Topics: Operating Systems, Apple, Hardware, Microsoft, Security, Software, Windows

About

George Ou, a former ZDNet blogger, is an IT consultant specializing in Servers, Microsoft, Cisco, Switches, Routers, Firewalls, IDS, VPN, Wireless LAN, Security, and IT infrastructure and architecture.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.