Apple Mac operating systems had more critical vulnerabilities reported in 2007 than Microsoft's operating systems, according to research.
George Ou, a writer for ZDNet.co.uk's sister site ZDNet.com, analysed in-depth statistics from security research company Secunia as a basis for his research. He found that Apple's latest operating system, Mac OS X, faced more critical flaws than Windows XP and Vista combined.
While Mac OS X had 234 highly critical vulnerabilities reported in 2007, Vista and XP combined had 23, Ou wrote.
"This shows that Apple had more than five times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious," wrote Ou. "Clearly this goes against conventional wisdom."
Macs have traditionally been viewed as suffering from fewer vulnerabilities than Windows.
Ou made the comparison as an indicator of how many vulnerabilities might exist in 2008, rather than a comparison of the relative security of the operating systems. He said that security had improved with both Windows Vista and Mac OS X Leopard (version 10.5) this year.
Read this
Q&A: When more bugs can mean tighter security
Mozilla Europe's president Tristan Nitot explains why having fewer disclosed vulnerabilities doesn't mean Internet Explorer is safer than the open-source web browser
Some experts have said that counting vulnerabilities is not necessarily reliable as a measure of security.
Tristan Nitot, president of Mozilla Europe, told ZDNet.co.uk this month that it was more important to take into account the time it takes to patch vulnerabilities.
The amount of exploit code available in the wild also has an impact on security. While there are thousands of pieces of code that seek to exploit Windows XP vulnerabilities, exploit code for Mac OS X is relatively rare.
Talkback
The count may be correct, but it fails to take into account those people running XP without SP2, or SP1. What about people still running 98SE?
These are vulnerabilities that will never be fixed. Plus Microsoft tends to bundle patches together with no information on what is being patched, so you have no idea how many problems are taken care of, just hope they got them all and that the patches aren't broke.
"Microsoft tends to bundle patches together with no information on what is being patched, so you have no idea how many problems are taken care of, just hope they got them all and that the patches aren't broke."
Is that a fact? Amazing what one can turn up when one does a search of Microsoft's knowledge base...
Windows XP SP2 fixes
838199 - List of Internet Explorer fixes in Windows XP Service Pack 2
838200 - List of multimedia fixes in Windows XP Service Pack 2
838202 - List of Remote Desktop fixes in Windows XP Service Pack 2
838203 - Shell fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
838206 - List of printing fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
838209 - List of Microsoft Data Access Components (MDAC) fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
838210 - List of the management and administration issues that are addressed in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
838211 - List of Com+ fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005
838213 - List of base operating system fixes in Windows XP Service Pack 2 and Windows XP Tablet PC Edition 2005
838214 - List of the program compatibility problems and the update scenarios that Microsoft Windows XP Service Pack 2 fixes
838193 - List of Windows XP Media Center Edition fixes in Windows XP Service Pack 2
SMS SP5
816549 - List of Bugs Fixed in Systems Management Server 2.0 Service Pack 5
816290 - List of security changes in Systems Management Server 2.0 Service Pack 5
Windows 2000 SP4
327194 - List of bugs that are fixed in Windows 2000 Service Pack 4
324953 - List of Security Fixes in Windows 2000 Service Pack 3
And the list continues.
Care to revise your BS statement?
When your computer alerts you that updates are being installed, and you click on the balloon, do you see a description of each update, and an explanation? No, you see,"this update fixes a vulnerability in IE7 that may allow your computer to be accessed by unauthorized personnel." This is from Microsoft.com in 2006:
As part of Microsoft's routine, monthly security update cycle, we released the following security updates on November 14, 2006:
MS06-066 - addresses a vulnerability in Microsoft Windows
MS06-067 - addresses a vulnerability in Microsoft Internet Explorer
MS06-068 - addresses a vulnerability in Microsoft Windows
MS06-069 - addresses a vulnerability in Microsoft Windows
MS06-070 - addresses a vulnerability in Microsoft Windows
MS06-071 - addresses a vulnerability in Microsoft XML Core Services
How many people check the knowledge base BEFORE installing updates?