The Most Secure OS Is... Windows?
The Most Secure OS Is... Windows?
by , 8:55 AM EDT, March 23rd, 2007
A report released earlier this week by the security product company Symantec claims that Microsoft Windows is the most secure operating system, beating out Mac OS X and Linux. The information was part of Symantec's Internet Security Threat Report, according to internetnews.com.
Symantec's report looked at the number of operating system patches, and the shortest average time for patch development for Microsoft Windows, Mac OS X, Red Hat Linux, HP-UX, and Sun Solaris over the past six months. The conclusion was that Windows had 39 vulnerabilities, 12 considered high priority or severe, with an average fix time of 21 days, making it the most secure OS.
Red Hat Linux came in second place with 208 vulnerabilities and a 58 day average patch time. Only two vulnerabilities were considered high priority.
Mac OS X took third place with 43 vulnerabilities and a 66 day average for the related patches. Of those 43, only one was considered high priority. Mac OS X manager, Anuj Nayar, responded "Apple takes security very seriously and has a great track record of addressing vulnerabilities before they affect you."
Sun, which came in last, was more critical of the Symantec report. "Symantec's data on security vulnerabilities simply does not match Sun's. We can't verify Symantec's sources and consider their report on Sun inaccurate."
What we don't see in these figures, however, are the number of actual exploits that take advantage of the vulnerabilities Symantec reported, or the number of worms, viruses, and trojan horses each of the monitored operating systems suffer from. And statistics can always be manipulated to favor a certain view point.
Using Symantec's own numbers, for example, the report also shows that over the six month period monitored, over 30 percent of the vulnerabilities in Windows were ranked as high priority or severe. But for the same time period, less than one percent of the vulnerabilities found in Red Hat Linux and 2.3 percent in Mac OS X were high priority.
As with any report from a company that stands to gain from the data it presents, take this one with an appropriate dosage of salt.
Observer Comments
What a wacky standard. Windows is the most secure OS because it released the post patches in the quickest time? Well if you have 200, 000 plus security holes, I suspect your going to be releasing patches at quicker intervals. Moreover, the article doesn't even evaluate the seriousness of the security breaches.
The Norwegian-Danish comedy playwright Ludvig Hoberg wrote a comedy - Erasmus Montanus - in which the son of a farmer went to the University, learnt latin and logic and came back with a new name and through logic "proved" that his mother was a stone! Poor Nille began to cry because she wouldn't be a stone, so the good Erasmus proved that she was Ma Nille after all!
They must have read that comedy at Symantec!
Fri Mar 23, 2007 10:42 am Subject: A week early
Fri Mar 23, 2007 11:22 am Subject:
QuoteIntruder wrote:
That's not what the report actually said. That was the spin that one "journalist" put on it.
Yes, thank you.
Symantec didn't say any of this. They just reported the numbers and others used those to make silly cases with them. Hardly Symantec's fault.
More:
http://www.tuaw.com/2007/03/22/fud-windows-is-most-secure-os/
Fri Mar 23, 2007 12:03 pm Subject: Ba,ha,ha,ha,ha,ha,ha,ha!!!!!!!!!!!! Windows??????
That's the funniest dumbest idiotic thing I've read in a long time! Now read who actually does have the most secure operating system according to the National security Agency.
http://www.applelinks.com/index.php/more/national_security_agency_gives_os_x_104_tiger_thumbs_up_os_x_odyssey_862/
I just read the whole report. The reason that Apple Safari (and it is the Safari web browser, not the whole OS) gets any kind of a black mark is because the one vulnerabilty took over 62 days to patch. However, in the paper, Symantec takes care to mention that "this increase is based on a sample set of only one vulnerabilty, a sample size that is too small to ensure valid conclusions." They also mention that the problem "affected a third-party HTML rendering component, so it is possible that the third-party nature may have slowed the patch release time."
Meanwhile, for the same time period, MSIE had 15 vulnerabilities with a maximum development time of 78 days.
So in other words, although MSIE had 14 more vulnerabilities and actually took longer to sort out at least the worst one, it supposedly is more secure ... right?
First, you don't just count up the number of vulnerabilities and then count up the average number days to fix those vulnerabilities. OS X had less than 10% of the serious vulnerabilities that Windows had, so by this metric Windows is far less secure than OS X.
But let's look at it another way: your average well-run Windows network has multiple layers of defense from malware. My little 20-node network as three different products protecting Exchange, and two more protecting the filesystem on the servers and on the workstations. No Windows network admin in his right mind would run a Windows network without multiple layers of defense. All these defenses cost thousands of dollars a year to implement.
I know of no Macintosh user who uses any protection from viruses or malware. I also know of no Macintosh user who has ever suffered from even one attack from a virus, keylogger, trojan horse, etc.
By this much more practical metric, which OS is more secure? OS X, hands down.
Fri Mar 23, 2007 8:53 pm Subject: less serious issues...
Fri Mar 23, 2007 11:33 pm Subject: Black is White, Up is Down
Sat Mar 24, 2007 12:55 am Subject: Symantec's secret agenda
Symantec should have their butts kicked over this one. To ignore the unpatched exploits that STILL exist in the wild is totally reprehensible. Not to mention the millions of Windows users pre-XP SP2 that no longer get patches. And my suspicion that significant numbers of Windows users don't systematically patch anyway..
Here is a section of the actual report, note what they say are the real secuerity threats. Stop being blinded by the Steve Jobs reality distortion field.
"Instead of exploiting high-severity vulnerabilities in direct attacks, attackers are now discovering and
exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web
browsers. Those vulnerabilities are often used in “gateway†attacks, in which an initial exploitation takes
place not to breach data immediately, but to establish a foothold from which subsequent, more malicious
attacks can be launched.
Symantec has observed high levels of malicious activity across the Internet, with increases in phishing,
spam, bot networks, Trojans, and zero-day threats. However, whereas in the past these threats were often
used separately, attackers are now refining their methods and consolidating their assets to create global
networks that support coordinated criminal activity."
Mon Mar 26, 2007 12:07 pm Subject:
Those may very well be the security threats. However, how many of them are actually working on OS X? I've seen no hard numbers regarding Macs involved in 'bot neworks, nor anything other than anecdotal reports of trojans affecting the average OS X user. Where are the reports from respected companies that say "200,000 Macintoshes were enslaved into a bot network."? Or "Trojan horse affects 50,000 Macintoshes."? But you do see reports of the Blaster worm affecting over 25 million Windows computers, for example.
Phishing is primarily social engineering, and probably affects all OS's equally (as it is successful because of the user, not the OS). The same could be said of spam.
And none of it has anything to do with the base article,which erroneously states that the Symantec report claims that Windows is the most secure OS. Not even Microsoft believes that.
Thu Mar 29, 2007 3:39 pm Subject:
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 22nd
- Fri, 7:07 PM
- Games - Soccer Sim Championship Manager 2010 Released for Mac
- 6:47 PM
- Games - EA Publishes Original Monopoly for iPhone
- 6:15 PM
- News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
- 6:11 PM
- Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- 5:47 PM
- Games - Star Trek D-A-C Game Headed to the Mac Next Month
- 4:57 PM
- Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
- 4:26 PM
- John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
- 2:59 PM
- Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- 1:50 PM
- Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
- 11:24 AM
- TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
- 10:43 AM
- Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
- 10:06 AM
- News - Hack Enables Mac OS X 10.6.2 on Netbooks
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: Get the Right Memory for Your Mac Top Quality, Competitive Price, Lifetime Backed Free Expert Support + Installation Videos too! MacBook & mini 8GB, iMac 16GB, Mac Pro up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
