ComputerWeekly: Security Statistics show Surprising Finds

Computer Weekly.com ^ | June 25, 2004 | Computer Weekly

[mikegi]

The Micorsoft Windows application is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.

[mikegi]

Just a little story to counter the hysterical postings by the Linuts and MacHeads.

[TomGuy]

That's going to chap the Mac-ies.

[But it doesn't take much to chap them, anyway.]

[G.Mason]

"That's going to chap the Mac-ies."

For sure. I've bookmarked this to come back to later.

It should get downright entertaining. ;)

[sushiman]

Ping

[ikka]

Then why am I always cleaning up after XP gets hits with the latest virus or trojan, while my Mac customers never call me about it? Hmm?

[mpreston]

Not a Max user but the last paragraphs caught my eye:

"Secunia agreed that straightforward comparisons are not possible, partly because some products receive more scrutiny than others.

Microsoft products are researched more because of their wide use, while open-source products are easier to analyse because researchers have general access to the source code, Kristensen said.

"A product is not necessarily more secure because fewer vulnerabilities are discovered," he added."


So it's an apples and oranges comparison. Microsoft products have the most market share so in pure numbers should have the most vulnerabilities and attacks. But the general premises of this article that Mac OSX is more susceptible is a little suspect. Especially during a week when the industry comes out and says "Don't use IE!"

[Catphish]

Windows is almost perfectly secure if the end-user uses just a modicum of caution and sense.

[Fiddlstix]

BTTT

[VOA]

bump

[ikka]

Windows is almost perfectly secure if the end-user uses just a modicum of caution and sense.

And as long as they never surf the web.

[adam_az]

This is a funny way of looking at statistics.

A more relevent point is that there is far more EXPLOIT CODE available for both Windows and Linux than there are for MacOs... And I say this being a Mac-hater.

Even armed with details, 99.9% of people can not exploit this stuff without code that someone else wrote.

The article says "The Micorsoft Windows application is more secure than you think, and Mac OS X is worse than you ever imagined." but then later says "Windows XP Professional saw 46 advisories in 2003-2004, with 46 advisories in 2003-2004...48% of vulnerabilities allowing remote attacks," and then about MacOs "Of the 36 advisories issued in 2003-2004... 61% could be exploited across the internet." Thats 22.08 remote attacks for Windows, and 21.96 for MacOS, using those statistics. This must be the New Math.

InfoSec Pinglist Information



Paging the InfoSec pinglist...
Let me know if you want to be 1 or 0. (That's ON or OFF, for those who are not binary-compliant)

[Catphish]

I haven't had one virus or even spyware in over ten years on the net as a personal PC user or in small business network setting. If you update your virus software, update your Windows, don't click "yes" when asked to install something, i.e. use common sense, you won't have any problems - simple as that.

[Ronly Bonly Jones]

I haven't had one virus or even spyware in over ten years on the net as a personal PC user or in small business network setting. If you update your virus software, update your Windows, don't click "yes" when asked to install something, i.e. use common sense, you won't have any problems - simple as that.

>>>

I don't buy that for a second. Download "AdAware" and run it on your system. You'll be apalled at the number of evil bugs you'll discover hiding under rocks. (First time I ran it I found more than 100 different forms of spyware!)

[Catphish]

I have adaware and it never comes up with anything (except for plenty of advertising cookies)- just don't install software with spyware and don't get spyware.

I use Zonealarm too, so I'd know if anything is trying to connect to a server from my computer that shouldn't be.

[Doohickey]

Placeholder bump. Mac users are just getting out of bed, so this ought to be good.

[Question_Assumptions]

This article was purchased days ago. Do a search for the thread on Free Republic if you want to see the earlier discussion.

Look, believe whatever you want. And I'll keep being happy that I have a Mac every time I hear a Windows user complaining about something going wrong with their system. Recently, a Windows-advocate friend accidentally connected to a neighbor's wireless network and realized that he could essentially own my neighbor's machine and network if he wanted to (everything was open or had default passwords -- and it was a new machine, too.). Another friend and I turned to each other and said, simultaneously, "I'm glad I own a Mac!" followed by a high-five. :-)

(I'm not just anti-Microsoft, by the way. I have licensed copies of MS Office on several of my Macs at home. I'm quite willing to pay Microsoft for their products when they work well.)

[Question_Assumptions]

"purchased" == "published"

Ugh.

[Swordmaker]

You are a few days late. This was posted on June 25th by a Mac user... me.

The original posting.

It was also debunked quite nicely in that posting... even Bush2000 had little to say.

From the posting:

OS X had the highest proportion of "extremely critical" bugs at 19 percent.

These "extremely critical bugs" were only critical in Secunia's opinion. Most were Non-exploited and patched fairly quickly.

I would consider only the latest of the 36 "advisory security concerns" as "extremely critical." That advisory demonstrated a proof of concept where a hostile website could actually install an executable on a Mac OS X computer AND execute it through the .dsk URI protocol handler. That door has been closed by Apple without a known exploit.