Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Mac OS X security myth exposed

And thousands of other products and OSes given security rundown.

Article comments

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.

The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.

One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

"Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news," said Secunia chief executive Niels Henrik Rasmussen. "The myth that Mac OS X is secure, for example, has been exposed."

Its new service, easily acessible on its website, allows enterprises to gather exact information on specific products, by collating advisories from a large number of third-party security firms. A few other organisations maintain comparable lists, including the Open Source Vulnerability Database (OSVDB) and the Common Vulnerabilities and Exposures (CVE) database, which provides common names for publicly known vulnerabilities.

Secunia said the new service could help companies keep an eye on the overall security of particular software - something that is often lost in the flood of advisories and the attendant hype. "Seen over a long period of time,the statistics may indicate whether a vendor has improved the quality of their products," said Secunia CTO Thomas Kristensen. He said the data could help IT managers get an idea of what kind of vulnerabilities are being found in their products, and prioritise what they respond to.

For example, Windows security holes generally receive a lot of press because of the software's popularity, but the statistics show that Windows isn't the subject of significantly more advisories than other operating systems. Windows XP Professional saw 46 advisories in 2003-2004, with 48 percent of vulnerabilities allowing remote attacks and 46 percent enabling system access, Secunia said.

Suse Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58 percent of the holes exploitable remotely and 37 percent enabling system access. Red Hat's Advanced Server 3 had 50 advisories in the same period - despite the fact that counting only began in November of last year. Sixty-six percent of the vulnerabilities were remotely exploitable, with 25 granting system access.

Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent.

As for the old guard, Sun's Solaris 9 saw its share of problems, with 60 advisories in 2003-2004, 20 percent of which were "highly" or "extremely" critical, Secunia said.

Comparing product security is notoriously difficult, and has become a contentious issue recently with vendors using security as a selling point. A recent Forrester study comparing Windows and Linux vendor response times on security flaws was heavily criticised for its conclusion that Linux vendors took longer to release patches. Linux vendors attach more weight to more critical flaws, leaving unimportant bugs for later patching, something the study failed to factor in, according to Linux companies. Vendors also took issue with the study's method of ranking "critical" security bugs, which didn't agree with the vendors' own criteria.

Secunia agreed that straightforward comparisons aren't possible, partly because some products receive more scrutiny than others. Microsoft products are researched more because of their wide use, while open-source products are easier to analyse because researchers have general access to the source code, Kristensen said.

"A third factor is that Linux / Unix people are very concerned about privilege escalation vulnerabilities, while Windows people in general are not, especially because of the shatter-like attacks which have been known for six years or more," he said. "A product is not necessarily more secure because fewer vulnerabilities are discovered."



Share:

More from Techworld

More relevant IT news

Comments

vinny da tech said: httpwwwwiredcomwiredarc

vinny da tech said: for goodness sake macs windows and linux do get virus Most viruses are from users not knowing what they are doing httpwwwfierceciocomstory I have use ubuntu linux mac os x windows xpvista and 7 i like all three but windows does catch more viruses then the other two and reason being is because it is the most watered down version of the three plus do to advertisement windows is some what more popular and hackers us linux and mac to right codes just for windows becuase it is a little more vulnerable the boot set up of the three linux and mac boot is more secured then windows making windows more prone to viruses i have 7 i like it but every few days i make sure to scan and i mac sure i have a firewall and malware and other antivirus that scan periodically as for my mac and linux i still us the recommend steps and have virus scanners but no firewall and no periodical scanning linux and mac codes are a little stronger then windows in my opinion linux because you can program it to you liking and add more codes to the os to make it secure then it would be mac and as the weakest os windows go to makeuseofcom and download hackerproof pc security and read the third chapter they back up what i think plus has anyone heard of the worm called slammer it took out all the server within 24hrs here is the article read it httpwwwwiredcomwiredarcviruses and trojans were made to take out windows since it is more popular and better advertised but worms dont care what os you use its going to bring you down and hard more so to windows then the other two but it is un bias and this is comming from a real techie

siegie said: GPL doesnt forbid you to sell the product

Derp said: Using a type of operating system for a long time and helping out at a computer repair shop does not a security expert make Your experiences with Windows having more malware is because it is more popular and more malware is written for the Windows platform Anything to the contrary is ridiculous at best

paul nass said: This has not been my experience EverI use all three OSs My Linux and Mac run wo AV software Now I run Windows only as a VM When I used it as a stand-alone desktop it was mostly fine as long as nobody else used it But sometimes another person at our office needed to use the Windows box too As soon as I agreed to let them use it it got hammered with malware It took me the better part of a day to remove the malware and put the machine right again They never were allowed on it again I think the Windows version was early XP So the comment about the user being the biggest source of trouble is absolutely accurateHowever I also had to run AV on the Windows box once every two weeks Even as strict as I was about where I browsed etc malware would get in nothing devastating just the annoying piddly stuff I also had to clean the registry although that was only occasionally By comparison I get no malware on the Mac or the Linux boxes None Never have And I occasionally browse to some pretty edgy sites And when I have to browse somewhere edgy thats when I make a point of using the Mac or Linux boxes And note I dont have any AV software on themClearly this article and research has a Microsoft bias to itBTW I also help out at a local computer shop We fix anything The only OS that we ever see with malware is WindowsIve been using Linux for 12 years and Windows and Mac for even longer Based on my experience Linux and Mac are more secure than Windows and certainly more stable And as far as being productive is concerned my friends coworkers and I do a fair amount of photo editing image creation video and audio work presentations long document creation as in several sections and several hundred pages with indices etc database development Java programming and Ive done the occasional 3D project And Im probably forgetting something None of it is done with the Windows OS We do have a license for Office but I dont know whyNote that I dont discourage anyone from using Windows Use what you like But try to be objective and factual when commenting about other systems

Asdsadas said: correction Max OS is not linux you couldnt sell it as is it GPL anyways but a unix derivate or better called unix with down syndrome

aoliveri2 said: I was a windows user for over 10 years I recently bought a macbook which I absolutely love Definitely feel more secure with the Mac and still no viruses pop-ups spam I think its much better than windows

Me said: Ive used OS X for the first time logged on to MSN and the next day I got a message that I am logged on somewhere elseThat is also what led me hereOS X is interesting to work with but all the storys of it beeing reliable and better has so far been absolutely false no I am not working on a outdated mac or a macbook just a new mac pro

Tux said: Sounds like Microsoft PR even if it were true Id still choose a Mac over Windows

softwareDev78 said: Yes its true like defects security flaws are possible on any operating systemI wish to point out that raw statistics providing overall vulnerability counts and ambiguous threat summaries are insufficient to understand the true security risks of any operating systemA detailed summary of a each vulnerability likelihood of vulnerability exploitation OS vendor response and final fixtesting assessment must be done to determine which OSs can be considered at present secure or insecure

iMacFanboisFTL said: Hey iMacFTWflawless httpdiscussionsapplecomtRemember thatFlawless I think not

fakenamehere said: No matter what OS you have its the person using it that attributes to any fault of it Dont think so install xp on a machine connect it to the internet and NEVER use it NEVER 1 2 3 years down the road it wont have any viruses Simple common sense would go a long way in preventing these things over any fanboy rant for either product

peppl said: iMacFTWs comment is the demonstration that Apples greatest asset is human imbecility

iMacFTW said: Its really a shame that there are no viruses for my Mac honestly im disappointed DWhen will they learn that Apple makes product that are better than EVERY OTHER COMPETITION OUT THERE They dont have stupid glitches and security flaws They are flawless and always will be Apple will rule the world in exactly 3 years 21 days and 146 hours Microsoft will step out of the competition and paint sidewalks for apple users to walk on

IT-Guy said: This is an out dated article However it is amusing to see none unbiased comments Plus many failed to comprehend the concept of security flaw and virus Wheres the knowledge

asdf said: As i turn on my win7 in 2s this is not an argument

Ivan said: Its very nice to walk into the office and start work while listening to the Win-men trying get setup complaining of how slow their PCs have become I get behind my desk and open my Laptop and start work The Win-men keep complaining I use to be now I work

RHP said: httpnewstechworldcomsecuYou are mistaken there ARE viruses for Mac OSX and it doesnt matter if there isnt viruses anyway hackers can easily hack OS X

Kevin said: Lee - There are a lot of viruses for OS X If you dont believe me Google Mac antivirus and try to explain why OS X has anti-virus programs if no viruses exist

lee said: First this article was written in 2004 Still there is not one virus for a mac not one at all And this is because the OS is based on UNIXSecondly Mac OS 9 had a couple hundred viruses for it with hardly any market-share and when apple rebuilt the OS and called it OS X not one virus is available for it OS X came out in 2001 it is now 2009 and not one virus and has triple the marketshare of OS 9 Seriously if any one of you could code hack and crack wouldnt you try to write a virus for mac just to shut mac users up So think of how many people hate mac and probably quite a few of them can actually hack dont you think they would have tried to infect a mac So far it looks as if they have failedI find it funny how Windows Fanboys which are worse than mac fanboys clutch at straws just to defend the bloatware they are using So there goes the market-share myth



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *