Posted on 07/22/2010 7:40:23 AM PDT by for-q-clinton
Here's another blow to those insist that Apple products are rock solid and unhackable: The security company Secunia reports that Apple products have more vulnerabilities than those of any other company. Oracle came in second place, with Microsoft in third.
Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart, below.
The chart shows that Apple products consistently have more vulnerabilities than do Microsoft ones.
...
However, there will certainly be one surprise for those who believe that Microsoft products are particularly vulnerable --- Secunia reports that they're not. The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs, it says:
...
The report then concludes:
Users and businesses must change their perception that Microsoft products pose the largest threat in order to allocate security resources effectively. General awareness on the risk of 3rd party programs must be established.
(Excerpt) Read more at pcworld.com ...
But but but OSX is really Unix so this can't be. /sarcasm
tech ping pls.
This one is really interesting.
Who will be the first to claim Secunia is biased?
I thought you’d find this article interesting.
Oh my God where do I get the protection software I need? I will pay anything to stay safe.
On second thought...Never mind.
Golly, so all those millions of people infected who where running windows were just mistaken? Time to uninstall their adblockers, scanners, antivirus, and live free and secure...
Of course, all those Mac users only THINK they haven’t gotten in viruses, when in fact they are loaded with them and didn’t even know it all this time !!
HA HA HA HA HA HA HA !!
This one is funny.
Was it written for people who have never USED a Mac or PC?
Cause my guess is... there might be a few people with the personal experience to just shake their heads at THIS whopper of a tall tail.
Windows is more secure then OS X.... and if my grandma had wheels she’d be a wagon !!
I know...there are more and more people running windows 7 without AV. Personally it’s stupid; however, if you only go to known sites and don’t open attachments in email you will most likely be ok. I know I have done it in the past without any issues. It’s just on the machine that I do my deep internet dives that I make sure my AV is up-to-date and working properly.
This is the fifth or sixth time I have asked for a verification.
Put up or shut up time : )
At this point I can only conclude that you are completely dishonest.
I think what gets overlooked most of the time is that the reason Windows has been so targeted for years is because it is the most common OS being used. Of course hackers are going to target the system used by most of the public and businesses. As a side note, this has given Microsoft years of experience fixing and improving their security. Now that Macs are becoming more ‘common’ in the market place, they are getting more ‘attention’ from hackers, which is beginning to expose the security flaws in their software.
This just proves that point...Mac is just too small to worry about by the malware creators.
Security of Mac has been proven time and time again (3 years in a row) that it was the easiest/quickest to hack and gain full access to it at the Pawn2own contest.
So by all objective standards the only plausible reason why it’s not hacked much in the wild is becuase of its small footprint.
Macbots should start telling people not to switch to OSX if they want to keep their system “secure”.
Uh oh. Guess I better run out and buy McAfee Total Protection 2010 and Norton Antivirus 360 for my Macbook! Wait. I can’t find them for Apple products. What is going on here?
I ask the same of you. Where can I go to have my win7 box taken over? It's put up or shut-up time for you.
The absence of such site doesn't mean it can't happen. But I guarantee you with only 5% of the market share that website will be a lot harder to find than the windows one. So I'll let you go first.
You can’t point me to a site that will take over my machine either.
However if I sit with you in starbucks for 10 min i’ll flip your display 180 and be logging keystrokes or redirecting you to a phishing site.
You mactards have no idea
OSX has built in anti-malware software. Apple provides that functionality for you.
Sshhhh....we can’t let that fun little trick out of the bag. That was supposed to be a secret.
They don’t have to worry about black hats...oh shi-—
What a load. Experience tells otherwise.
Of course, when Windows users used that same argument as to why they were attacking Windows they scoffed.
My favorite is mass disconnect attacks on Apple MAC addresses. (Sucks balls to have Vendor specific hardware, no?)
Oh you mac people want to connect to a hotspot? DENIED
The best is when you see people whine to baristas (who don’t know jack f’ing sh—) about the internet not working.
I know experience has told me that all Systems are vulnerable. And with Microsoft having over 90% of the PC market you think they'd be #1, but reality is they have really learned a lot from being the top dog and have really improved security.
If Apple ever gets a decent market share with Macs they'll need to learn quickly or their secure reputation will tank. Instead of marketing security they should have been fixing things and working on improving thier code and architecture.
Pawn2Own has proven 3 years in a row that OSX is the easiest/quickest to hack.
OS X has been getting attention for years. Nothing effective in the wild yet. Why would hackers bother to exploit software with a vulnerable population of 12,000, yet ignore 50+ million Mac users? That's a lot of machines out there, waiting to become a rather large botnet if they are that insecure.
Becuase 95% > 5%.
When simply counting numbers, it makes no distinction between "wide open, gaping hole that lets a remote user take over your entire machine" and "may be able to read private data if the attacker has already gained access to the machine". But those are radically different security threats.
Oh, and this is a laugher, too:
The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programsBut those third party programs are exposing holes in the underlying OS protection. Besides, it also fails to note that most Mac "vulnerabilities" are due to the third-party BSD Unix system that Mac OS X is built on, many of which's utilities are rarely, if ever, used by most desktop users.
hey, look, I found an article too: Socialism IS better than capitalism: http://thisiscommunism.org/speech.htm
Odd...in real world experience, my article doesn’t seem to reflect reality...
Secunia isn’t biased in the way that, say, Rob Enderle is seriously biased against Linux. The problem with Secunia is not so much them, but the misinterpretation of the raw numbers that don’t necessarily have a correlation to real-world security.
Because 5% of a big number is still a big number.
How is this possible...Ive been hearing from Mac Freepers all these years that Apple is God’s machine (sarc/)
This is impossible because the Evil Empire is Headquartered in Redmond.
I guess we just see that differently. And will have to agree to disagree. I think 5% is very small relatively speaking and you don't. Not much we can do to overcome that disagreement.
And a lot bigger than 0.5%. Many a virus has been created for client systems with an installed base number 10's of thousands, but somehow a system with an installed base numbering well over 10 million is safe via "security through obscurity"?
“What a load. Experience tells otherwise.”
Exactly! My Etch-A-Sketch has never been hacked, and I use it all the time in starbucks!
Therefore, with my argument, my Etch-A-Sketch is better than your Mac.
Oh, and “Bob’s OS” is the most secure. It has never been hacked. Nevermind that Bob is the only person using his OS, it has 100% reliability.
All kidding aside, I’m not sure which OS is more secure. I don’t really care, I ran apple products up to the mid 80’s when IBM compatibles took over the market place due to more software available, and the open end system. Lotus 123 was the changing point for us.
I love being able to customize my system, build new systems, and I like the broad variety of software available to my PC. And I have never been the victim of a virus. Oh yeah, I don’t hang out on porn sites or other nefarious sites.
My kid uses Windows as well, but he’s a teen, and we’ve had to wipe his system a few times. Not really an issue, we know he’s young, we know he probably visits more high-risk sites, we know he downloads every app he can get his hands on, opens every email that comes along, but at the same time, he has nothing of value on his system other than his games, so its no biggie, he doesn’t even back up his system.
We have had a Mac in the house for a few years now, but it sits idle, except when our girls want to surf the web and the other computers are in use. We don’t use it for business, because the standard is Excel and Word, and all our forms must be submitted in these formats.
Oh yeah, the pricetag too. I can build a PC at home for a fraction of the cost of buying a pre-made PC, and at a fraction of a fraction (is there such a thing?) of what I can buy an Apple for.
If Apple ever became the standard that most folks would use, and the price dropped, and I could tinker with them, build them from scratch, and get all the software I needed, I would switch.
Safari is 3rd party? I thought Apple created Safari For three years in a row Safari has led to OSX being the first machine hacked in the pawn2own contest. I guess if that's 3rd party IE must be 3rd party for windows as well.
It is small relatively speaking. What you forget is that it is still a very large number.
Not much we can do to overcome that disagreement.
No, because you are doing it from the point of view of not wanting Macs to be inherently secure. It would mess up your world view.
So tell me this one thing: Why did OS 8 and 9 have effective viruses in the wild when they were far below a 5% marketshare and far below the current installed base of over 50 million OS X machines?
Every Mac OS X vulnerability is in Safari? Glad I use Firefox instead. (For the record, I use OS X, Windows XP, and Fedora Core 11 on different machines, but all of them run Firefox and Open Office as my primary applications.)
Link to viruses written for a system that only has .5% of the install base.
Obviously it will depend on what type of virus we are talking about and how big the security hole is. I’m not saying OSX is complete rubbish. It does have decent security; however, it’s not fool proof. Most viruses today require user interaction and for that you will either target an individual that you want to trick or you will target the masses.
Writing such a virus for the Mac obviously isn’t worth the effort (yet) even though we know they exist as proven by the pawn2own contest having OSX being the first one hacked 3 years in a row!
I'm pretty sure this article and the pawn2own conests have proven it's not inherently secure. The only thing that is in debate is why the virus writers haven't put much effort in attacking OS X.
I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users. For those attacks it's best to focus on the >90% of the market.
I'm not sure what you're saying though. You are saying it's inherently secure when we know that's not true based on pawn2own and this article detaling all the holes in the system.
So Safari is 3rd party or not?
... only because Charlie Miller is better at weaponizing his exploits than the people who were going after other systems. He is able to package an exploit so that it can be deployed in seconds. The guy is good.
Real world: There has not been one successful self-replicating pice of malware in the wild for nine years of OS X. There have been many attempts, but the best we've seen is supposedly pirated software downloaded from P2P sites that contained malware that required the user's permission to run.
Whatever the reason, be it architecture or some supposed obscurity, the real world fact is that you are safer on a Mac.
So let me get this straight. Charlie Miller is so good he is able to attack a system and make it fall faster than any other system. Even though the system he is attacking is "inherently secure" (as stated by you) and the other is just dumb old windows.
He is so smart that not a single person in the world can attack windows faster than he can attack the "inherently secure" system of OSX. Three years in a row!
Something isn't adding up.
Oh and in 2010's contest he was able to get read and write access where as the windows system attack only got read access. Didn't Charlie also attack windows as well? Why didn't he get write access to windows as well?
They have put in the effort. Not much real-world success so far. I believe it is inevitable that one will eventually be successful, but even one out there puts you in far better shape than on Windows.
I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.
But you don't explain how populations smaller and more obscure than that of OS X have been targeted with wild success.
That is flat out wrong and couldn't be further from the truth about security. We can do the starbucks test and see which system is able to get online without issues :-)
But seriously security by obscurity is not any type of real security. Anyone who understands security will laugh at your statement.
Did you finish reading the statement you responded to?
I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.
When needing user interaction you are better off targeting the masses as opposed to a handful of users. Now if I know my target is using a Mac then I will tailor my attack to that system. Much like Charlie does. Who would have the resources to do such a thing? How about other nations? They can write viruses to attack Macs just as easy as Charlie does. And with over 20 exploits remaining on Charlie's list of known OS X vulnerabilities I would say it's not safe as you like to think it is.
Exactly
Keep the Mac footprint small enough to cruise under the hacker's radar.
I don't want to worry about security.
According to Jeff Jones, the director of Microsoft's security group, the Pwn2Own contest is "simplifying security to the point of uselessness."
Pretty much as useless as counting "vulnerabilities" without looking at their practical application, I'd say.
Note that all of the browsers at these events were eventually hacked, and all with pre-developed exploits. That fact that Miller was quicker than his competitors has little to do with the overall system security.
I’m not a Mac user. Never have been, except I used a Quadra for about two months in an office once. I don’t even own an iPhone. I can still see that this article is utter B.S.
Like someone said above, numbers are meaningless if you don’t consider severity.
Doesn't your "Starbucks test" exploit the router, not the MacBook? What does that prove?
Actually safari gave up read and WRITE access to the system. Where as IE8 only gave up read access. Now both are very serious issues but WRITE access is way worse. So even though everyone knew this contest was approaching best they could do against IE8 was read access.
Did you even read the full article? This article had to be excerpted to be posted. The article does mention that along with other things that had to be excerpted. Try reading the whole thing before calling it BS.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.