Apple leads the pack for ballooning bug count
Summary: Being in the lead is not always a good thing. Apple takes number one stop for the most bugs found in all of its products during the first half of 2010, ahead of Oracle, and Microsoft, according to Secunia [PDF].
Being in the lead is not always a good thing. Apple takes number one stop for the most bugs found in all of its products during the first half of 2010, ahead of Oracle, and Microsoft, according to Secunia [PDF].
Secunia is also seeing a big shift in security threats, with the emphasis moving from the operating system to vulnerabilities in third-party applications. One example that Secunia cites is that a typical end-user PC with 50 programs installed will be faced with 3.5 times more security bugs in the 24 third party programs running on their systems than in the 26 Microsoft programs installed. Secunia expects this ratio to increase to 4.4 in 2010.
Patching is also getting more complex, with 13 software update mechanisms running on each PC.
But back to Apple, and how it has taken the top spot from Oracle.
Figure 2 visualizes the dynamics in the Top-10 group and indicates that popular vendors are also subject to more scrutiny by the security community/researchers than less popular vendors; Oracle (including Sun Microsystems and BEA Logic) ranked #1 in four out of five years overtaken by Apple in the first half of 2010, with Apple consistently ranking higher than Microsoft. Despite increased investments into the security of their products, none of the seven vendors who occupied the Top-10 group in 2005 as well as in 2010 managed to decrease the number of vulnerabilities discovered in their products. On the contrary, the vulnerability count of each of these seven vendors has increased to reach in 2009 between 136% and 440% of the 2005 count.
In other words, they all get a "could do better" on their report card.
The culprits are as follows:
- Apple - (iTunes, Quicktime)
- Microsoft - (Windows, Internet Explorer)
- Sun Microsystems - (Java, now part of Oracle)
- Adobe - (Acrobat Reader, Flash)
And if you're not already thoroughly depressed, here are some more stats. Between 2007 to 2009 the number of vulnerabilities affecting a typical PC nearly doubled, going from 220 to 420. But it's set to get worse, with Secunia predicting that the number will almost double again to reach 760 for 2010 as a whole.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Makes sense
RE: Apple leads the pack for ballooning bug count
Troll.
Predictably.
Congratulations.
Did I hit a nerve?
I'm only telling the truth. Apple seems to think they are above such things. Look no further than the "Get a Mac" ads of the past few years. The smugness shines bright there.
But it is only natural for the number of potential vulnerabilities go up as you add more features to a specific piece of software. That's true to Apple, Microsoft, and anyone else writing software.
RE: Apple leads the pack for ballooning bug count
Please look up the defiintion of "troll" and explain how it does not apply.
And while you're at it, you might want to try reading the actual paper, as it does NOT say what AKH claims it does. He is cherry picking, and ignoring counter comments in the same paper. As per his usual.
Excellent post
You can tell because you got the Apple apologist all in a tizzy! :)
RE: Apple leads the pack for ballooning bug count
Or caused the brainless Zealots to smile.
But, if that's true...
So, Microsoft has fewer bugs over a larger field of use? Interesting.
Interesting indeed
I wonder who has the better coders then. Or who pays more attention to their products.
RE: Apple leads the pack for ballooning bug count
RE: Apple leads the pack for ballooning bug count
How have macs fared over this
My experience has been that I get at least 100 times as many attempts at infecting a Windows machine than the Mac. At least this is true judging by the number of malware attempts I get in my e-mail junk box.
RE: Apple leads the pack for ballooning bug count
Of course you do. Why would I spend resources attacking macs (with less than 10% market share worldwide), when I can attack Windows with 90% market share?
It's a numbers game. It's the same as the old telemarketers who called you up trying to sell you a free vacation. The entire pitch was ridiculous (as was the "free" vacation), but eventually they found a sucker. Then another and another.
What's more, there are more tools to exploit Windows than Apple (see putting resources where the people are).
Every year, the attacks against Macs get more sophisticated. They're following a trend that's not unlike the attacks against Windows in the 90's...we're now up to around 2000 or so.....in short, we're still in the proof of concept stage.
RE: Apple leads the pack for ballooning bug count
OSX remains the gold standard for security, that's why most computer professionals now use Macs and not Windows.
So you'll get a Mac someday and see why it's so highly valued, but until then, you're probably going to be stuck with the far less secure, Windows.
RE: Apple leads the pack for ballooning bug count
The market share argument is so BUGUS from so many different angles. First and foremost, marketshare might explain if there were 400K Windows viruses and 40K Mac viruses or even 4K Mac viruses but ZERO Mac viruses??
Even then Mac OS 9 had 35K known viruses with a much much smaller market share than Mac OS X.
Take a look on the IOS side. What are the comparisons of viruses for IOS compared to Android. IOS has a much larger market share but Android has the malware.
Lastly Mac users tend to be more affluent than Windows users so that there is more to steal. mac run the number one e-commerce site on the web, a very attractive target. In addition any virus writer would want to be the first to successfully attack the Mac.
If you think, and I use the term loosely here, the dearth of viruses for the Mac OS is because of market share, you, like Mr. Hughes, have earned the right to be Windows users.
RE: Apple leads the pack for ballooning bug count
RE: Apple leads the pack for ballooning bug count
RE: Apple leads the pack for ballooning bug count
A full read of this article states the problems on PC's using WinOS. This is not about Mac OS X or Linux. The applications from Apple are Safari, Quicktime and iTunes. Any software written using MS API's will suffer similar vulnerabilities.
From page 10 of the report:
Typical Software Portfolio & Operating System
We first examine the number of vulnerabilities of this Top-50 software portfolio together with the operating system, namely Windows XP and Windows Vista. Windows 7, released in October 2009, is excluded as we have no full year of data yet.
RE: Apple leads the pack for ballooning bug count
apple getting too big too fast?
I recommend Windows 7 on the MBP
[i]My newly purchased Macbook Pro is crashing more than any of my previous Macbooks and iMacs.[/i]
OS X is truly a terrible OS. I tried it for about a month, truly tried to see what the fuss was about, but crash after crash after crash was just too much for me. One Windows 7 install later, and my MBP went from being the worst laptop I've ever had to the best.