Security - Mac OSX and Windows

[Zombie9920]

The Micorsoft Windows application is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.

The statistics, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.

The figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said.

This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

"Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news," said Secunia chief executive Niels Henrik Rasmussen. "The myth that Mac OS X is secure, for example, has been exposed."

Entire article @ Computer Weekly

[Laukev7]

From Slashdot:

 

quote:  Re:Missing Stats? (Score:5, Insightful)
by radicalskeptic (644346) <thinkofone AT mac DOT com> on Monday July 05, @12:39PM (#9613792)
The stats don't make sense to me. Here's what I see:

Windows XP Professional saw 46 advisories in 2003-2004, with 48% of vulnerabilities allowing remote attacks and 46% enabling system access, Secunia said.

So that would mean, multiplying 46 by 48% would give you the number of remote attacks, and multiplying 46 by 46% would give you the number of attacks enabling system access. So for Windows:

    * 22.08 remote attacks.
    * 21.16 system access attacks.

Don't ask me why they are not integers. I suppose that some advisorys covered more than one bug?

Now, for OS X f the 36 advisories issued in 2003-2004, 61% could be exploited across the internet and 32% enabled attackers to take over the system.

Using the same system as before, I got:

    * 21.96 remote attacks.
    * 11.52 system access attacks.

So they're saying OS X allows HALF of the number of attacks that can gain access to a system as XP, but their conclusion is that "The myth that Mac OS X is secure, for example, has been exposed"???Hmmm....

  :rolleyes:

[M51DPS]

Alright, I know many vulnerabilities were discovered for OS X, but how many were actually used? I haven't heard of too many compromised Macs, but however many that could have been are easily compensated with Blaster alone.

[Orethrius]

quote:Originally posted by M51DPS:
Alright, I know many vulnerabilities were discovered for OS X, but how many were actually used? I haven't heard of too many compromised Macs, but however many that could have been are easily compensated with Blaster alone.

I agree with you there.  In my opinion, in order for a vulnerability to count, it must be exploited at one time or another.  Simply discovering a security vulnerability is not the same as discovering that said vulnerability has actually been used to penetrate a system.  Additionally, in order for that exploit to count, it must be discovered before a major patch is made widely available to the general public.  Still getting the same numbers, Secunia, or has Microsoft stopped sliding a few hundred thousand to you under the table every month?

[jjoonathan]

...and apple releases the secuurity updates...

[hm_murdock]

Again, I contend that people who find security holes and release the information publicly before informing the maker of the software, should be held liable for any and all compromises that are executed. After all, they're the ones who told the world.

edit: Oh, and this Secunia report sounds like a load of malarky. I mean, anybody who calls an OS an "application" or "program" is obviously a dipshit.

[ August 24, 2004: Message edited by: JimmyJames: GenSTEP Founder ]