Mac OS: More critical flaws than Windows in 2007

Mac OS: More critical flaws than Windows in 2007

Summary: Mac OS X had 234 highly critical vulnerabilities reported in 2007 but Vista and XP combined had 23, according to US research

SHARE:
TOPICS: Security
3

Apple Mac operating systems had more critical vulnerabilities reported in 2007 than Microsoft's operating systems, according to research.

George Ou, a writer for ZDNet.co.uk's sister site ZDNet.com, analysed in-depth statistics from security research company Secunia as a basis for his research. He found that Apple's latest operating system, Mac OS X, faced more critical flaws than Windows XP and Vista combined.

While Mac OS X had 234 highly critical vulnerabilities reported in 2007, Vista and XP combined had 23, Ou wrote.

"This shows that Apple had more than five times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious," wrote Ou. "Clearly this goes against conventional wisdom."

Macs have traditionally been viewed as suffering from fewer vulnerabilities than Windows.

Ou made the comparison as an indicator of how many vulnerabilities might exist in 2008, rather than a comparison of the relative security of the operating systems. He said that security had improved with both Windows Vista and Mac OS X Leopard (version 10.5) this year.

Read this

Q&A

Q&A: When more bugs can mean tighter security

Mozilla Europe's president Tristan Nitot explains why having fewer disclosed vulnerabilities doesn't mean Internet Explorer is safer than the open-source web browser

Read more

Some experts have said that counting vulnerabilities is not necessarily reliable as a measure of security.

Tristan Nitot, president of Mozilla Europe, told ZDNet.co.uk this month that it was more important to take into account the time it takes to patch vulnerabilities.

The amount of exploit code available in the wild also has an impact on security. While there are thousands of pieces of code that seek to exploit Windows XP vulnerabilities, exploit code for Mac OS X is relatively rare.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • More critical flaws

    The count may be correct, but it fails to take into account those people running XP without SP2, or SP1. What about people still running 98SE?
    These are vulnerabilities that will never be fixed. Plus Microsoft tends to bundle patches together with no information on what is being patched, so you have no idea how many problems are taken care of, just hope they got them all and that the patches aren't broke.
    ator1940
  • Re-check your facts, ator1940

    "Microsoft tends to bundle patches together with no information on what is being patched, so you have no idea how many problems are taken care of, just hope they got them all and that the patches aren't broke."

    Is that a fact? Amazing what one can turn up when one does a search of Microsoft's knowledge base...

    Windows XP SP2 fixes

    838199 - List of Internet Explorer fixes in Windows XP Service Pack 2
    838200 - List of multimedia fixes in Windows XP Service Pack 2
    838202 - List of Remote Desktop fixes in Windows XP Service Pack 2
    838203 - Shell fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
    838206 - List of printing fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
    838209 - List of Microsoft Data Access Components (MDAC) fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
    838210 - List of the management and administration issues that are addressed in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
    838211 - List of Com+ fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
    838213 - List of base operating system fixes in Windows XP Service Pack 2 and Windows XP Tablet PC Edition 2005
    838214 - List of the program compatibility problems and the update scenarios that Microsoft Windows XP Service Pack 2 fixes
    838193 - List of Windows XP Media Center Edition fixes in Windows XP Service Pack 2

    SMS SP5

    816549 - List of Bugs Fixed in Systems Management Server 2.0 Service Pack 5
    816290 - List of security changes in Systems Management Server 2.0 Service Pack 5

    Windows 2000 SP4

    327194 - List of bugs that are fixed in Windows 2000 Service Pack 4
    324953 - List of Security Fixes in Windows 2000 Service Pack 3

    And the list continues.

    Care to revise your BS statement?
    willb8472
  • Microsoft's knowledge base...

    When your computer alerts you that updates are being installed, and you click on the balloon, do you see a description of each update, and an explanation? No, you see,"this update fixes a vulnerability in IE7 that may allow your computer to be accessed by unauthorized personnel." This is from Microsoft.com in 2006:
    As part of Microsoft's routine, monthly security update cycle, we released the following security updates on November 14, 2006:
    MS06-066 - addresses a vulnerability in Microsoft Windows
    MS06-067 - addresses a vulnerability in Microsoft Internet Explorer
    MS06-068 - addresses a vulnerability in Microsoft Windows
    MS06-069 - addresses a vulnerability in Microsoft Windows
    MS06-070 - addresses a vulnerability in Microsoft Windows
    MS06-071 - addresses a vulnerability in Microsoft XML Core Services
    How many people check the knowledge base BEFORE installing updates?
    ator1940