George Ou, a writer over at ZDNet, will surely be getting some fan hate mail with his latest work of art. He was curious as to how Windows stacked up against Mac OS X in terms of the number of vulnerabilities, and using data from the impartial Secunia he managed to gather some rather interesting facts to say the least.

He counted up how many vulnerabilities there have been for Mac OS X and Windows XP/Vista. To make the comparison fair he had to combine the number of Windows XP & Vista vulnerabilities because Secunia doesn’t break down the flaws for Mac OS X 10.4 and 10.5. In doing so, however, he made sure not to double-count the same flaws that appeared on both Windows XP and Vista.

The results? Over the past year Windows XP and Vista combined have averaged less than 4 vulnerabilities per month, but Mac OS X rolled in a whopping 20 vulnerabilities each month! One thing that he made sure to lay out was how critical the flaws were for each operating system, and you can see from this chart I put together most of Apple’s were highly critical:

Mac Windows Vulnerabilities

George also laid out a table listing all of the vulnerabilities that he found for each operating system so that there is little doubt about the results that he uncovered. And despite being a much newer operating system, Vista (1.67 vulnerabilities per month) is averaging less flaws each month than XP (2.83 vulnerabilities per month)!

With such a high number of critical vulnerabilities there is no wonder that businesses are so weary to adopt Mac computers in the work place. And as the Mac market share continues to rise I can only imagine that the pace of exploits will rise as well.

What I would like to see now is a comparison of how much time passed by between the disclosure of vulnerabilities and the release of the patches.

ZDNet Blog [via SuperSite Blog]

There Are 13 Comments

  1. Hm. I think I hear Mac Fanboys/girls squirming and wriggling. I can hear Microsoft fans rejoicing. I’m happy, period.

  2. I think a more interesting study would be to see how many vulnerabilities there are compared to how many of those are actually being exploited. I mean, Firefox could have more vulnerabilities than IE (which, recently, I think it has), but it doesn’t mean you’re ever going to actually run into them in the wild.

  3. I’d be interested to see the stats on how long these vulnerabilities remained unpatched, as ‘Day with an unpatched critical exploit’ is a key stat here. I wonder whether Windows or OS X gets patched quicker?
    Taking a quick look at total unpatched vulnerabilities, XP & Vista have 3 while OS X has 6, but 5 of the OS X exploits are only available to local users.

  4. Seems Apple is a bit over confident in the security department.

  5. Dave wrote:
    I think a more interesting study would be to see how many vulnerabilities there are compared to how many of those are actually being exploited. I mean, Firefox could have more vulnerabilities than IE (which, recently, I think it has), but it doesn’t mean you’re ever going to actually run into them in the wild.

    Many of the exploits are patched before details on them are even released though, so a minimum number of people actually know they exist. I would guess not many of the exploits are actually taken advantage of in the wild for that very reason.

    Amak wrote:
    Seems Apple is a bit over confident in the security department.

    They don’t really boast a whole lot in terms of security though. They do the general “oh we’re secure” routine, but don’t actually throw a lot of focus on that.

    Oropher wrote:
    I’d be interested to see the stats on how long these vulnerabilities remained unpatched, as ‘Day with an unpatched critical exploit’ is a key stat here. I wonder whether Windows or OS X gets patched quicker?

    I mentioned in the article that I would like to see those stats, but Secunia doesn’t provide dates as to when they are actually patched.

  6. How many compromised PCs are under the control of “botnet herders?” Is there any evidence of macs being hacked into and compromised? If so, present it.

  7. John P wrote:
    How many compromised PCs are under the control of “botnet herders?” Is there any evidence of macs being hacked into and compromised? If so, present it.

    How would one even go about checking for such a thing? Is there any evidence that macs aren’t being hacked into and compromised? If so, present it.

    See? There is no proof either way, so it’s a bit silly to demand such proof.

Leave Your Comment


Message is the only required field.
Emails are not published.