Yet Another Reason Why Macs Need Security

Recommended Posts

May 8, 2009 12:06 PM PDT

Yet another reason why Macs need security

by Jon Oltsik

"As expected, my blog this week about Macintosh security generated a lot of comments. Some were personal in nature (author's note: I really do know the difference between a Trojan and a virus but typos happen), some were quite thought-provoking.

I did receive some interesting data from a colleague from IBM. According to the X-Force 2008 Trend & Risk Report (PDF) released early this year, Mac OS X Server and Mac OS X top the list of operating systems with the most disclosed vulnerabilities for 2008. Each accounts for 14.3 percent, and has been in the top five in each of the last three years. Rounding out the top five were: Linux Kernel at 10.9 percent, Sun Solaris at 7.3 percent, and Microsoft Windows XP at 5.5 percent.

The purpose of this data is to compare the total number of disclosed vulnerabilities with each individual operating system. Vulnerability data is submitted to the Mitre Corp. and then appears in the CVE (Common Vulnerabilities and Exposures) List.

This is not a perfect study as there are common vulnerabilities across different operating systems. Additionally, the Windows-based total vulnerability "footprint" is much larger than the Mac because of the size of the Windows installed base. Finally, this is a cumulative study but the data does not break down the vulnerabilities in terms of how critical they are. All that said, the X-Force data puts the whole "Mac is secure and Windows is not" discussion in perspective with some real numbers. I don't think IBM has an ax to grind here. "

story at CNET -

Link to post
Share on other sites

This doesn't say anything. How many are not disclosed?

"does not break down the vulnerabilities in terms of how critical they are." Then this is useless info. If something has a vulnerability but there is no way to exploits it, should it even be on the same list as a vulnerability that is easily exploited.

Link to post
Share on other sites
  • 2 weeks later...

I am confused..

So Apple, and Linux distributions tell people that there are issues and release patches, and are said to have more security holes based on this number.. so the only thing you need to be secure is to not tell people of the issues, like some companies do.

the number of published bugs, shows that they care more about security because they will let you know when they find them, and not hide them to protect their image.

Link to post
Share on other sites

Actually many of the holes with the mac OS are in the open source Mach Kernel. Not much apple can do to hide that. Even though they sometimes acknowledge holes, they like MS many times take there time with patches so they don't break other software.

The last update 10.5.7 replaced something like 1600 lines of code fixing 60+ holes and less then half were known by anyone other then apple.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.