The most comprehensive study ever undertaken by the mi2g Intelligence Unit over 12 months reveals that the world’s safest and most secure 24/7 online computing environment – operating system plus applications – is proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin. This is good news for Apple Computer whose shares have outperformed the benchmark NASDAQ, S&P and Dow indices as well as Microsoft by over 100% in the last six months on the back of revived sales and profits. The last twelve months have witnessed the deadliest annual period in terms of malware – virus, worm and trojan – proliferation targeting Windows based machines in which over 200 countries and tens of millions of computers worldwide have been infected month-in month-out.
The latest mi2g Intelligence Unit study analyses 235,907 successful digital breaches against permanently connected – 24/7 online – computers across the globe. The nearly quarter million digital breaches carried out by hackers span twelve months from November 2003 to October 2004. Global proliferation data from over 459 malware species since the start of 2004 has also been analysed.
The sample of breached computing environments is holistic and possesses some anti-virus protection and basic security at the very least. It consists of micro entities – homes and small offices without a separate firewall unit; small entities – organisations with a turnover of below $7 million with a separate firewall unit; medium entities – organisations with a turnover between $7 million and $40 million with a separate firewall unit and basic intrusion detection; and large entities – organisations with a turnover in excess of $40 million with firewall layers, intrusion detection systems and dedicated computer security staff.
In 2004, 32.7% of all digital breaches were carried out against micro entities including home-based individuals with 24/7 online computers; 58.8% of all digital breaches were against small entities; 6.1% of all digital breaches were against medium size entities; and only 2.5% of all digital breaches were against large entities – businesses, government agencies and non-government organisations inclusive.
The study also reveals that Linux has become the most breached 24/7 online computing environment in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded, with 154,846 successfully compromised Linux 24/7 online computers of all flavours. The number of successful manual hacker attacks against Microsoft Windows based online computers has remained steady and accounts for 25.19% of all breaches recorded, with 59,419 successfully compromised Windows targets of all versions. In sharp contrast, the number of successful hacker attacks against Mac OS X or BSD based online computers has demonstrated a declining trend and accounts for just 4.82% of all breaches recorded, with 11,370 successfully compromised BSD targets of all flavours including Apple.
In a remarkable switch in top rank within the Government computing environment over the last twelve months, the most breached Operating System for online systems has now become Windows (57.74%) followed by Linux (31.76%) and then BSD and Mac OS X together (1.74%). This is in stark contrast to the situation six months ago, when Microsoft Windows was significantly lower in terms of recorded government server breaches in comparison to Linux. The number of recorded breaches against government online computers running BSD or Mac OS X worldwide remains very low.
The recent global malware epidemics have primarily targeted the Windows computing environment and have not caused any significant economic damage to environments running Open Source including Linux, BSD and Mac OS X. When taking the economic damage from malware into account over the last twelve months, including the impact of MyDoom, NetSky, SoBig, Klez and Sasser, Windows has become the most breached computing environment in the world accounting for most of the productivity losses associated with malware – virus, worm and trojan – proliferation. This is directly the result of very insignificant quantities of highly damaging mass-spreading malware being written for other computing environments like Linux, BSD and Mac OS X.
In 2004, the overall economic damage from hacker perpetrated overt, covert and DDoS digital attacks worldwide is estimated to have been between $103bn and $126bn by the mi2g Intelligence Unit. These figures exclude malware attacks through viruses, worms and trojans which account for an additional estimated damage of between $166bn and $202bn worldwide.
Economic damage is calculated by the mi2g Intelligence Unit on the basis of helpdesk support costs, overtime payments, contingency outsourcing, loss of business, bandwidth clogging, productivity erosion, management time reallocation, cost of recovery and software upgrades. When available, Intellectual Property Rights (IPR) violations as well as customer and supplier liability costs have also been included in the estimates.
“More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004,” according to a statement released by DK Matai, Executive Chairman, mi2g. “For how long can the truth remain hidden that the great emperors of the software industry are wearing no clothes fit for the fluid environment in which computing takes place, where new threats manifest every hour of every day. There is an accelerating paradigm shift visible in 2004 and busy professionals have spotted the benefits of Apple and BSD because they don’t have the time to cope with umpteen flavours of Linux or to wait for Microsoft’s Longhorn when Windows XP has proved to be a stumbling block in some well chronicled instances.”
For the record, neither mi2g Ltd nor the mi2g Intelligence Unit have a business relationship with Apple Computer and we do not own any shares in that corporation. Previously, the mi2g data for one month was considered to be too small a sample and not representative of the global environment within which different types of entities – micro, small, medium and large – exist. We have addressed those concerns in the new study. The critics were against the previous study which also came out in favour of Apple and BSD, because the entrenched supporters of Linux and Windows felt that mi2g was guilty of ‘computing blasphemy’. In subsequent months, mi2g’s reputation was damaged on search engines and bulletin boards. We would urge caution when reading negative commentary against mi2g, which may have been clandestinely funded, aided or abetted by a vendor or a special interest group.
Related MacDailyNews article:
Security expert who called ubiquity of Microsoft software a national security risk fired – September 26, 2003
Switching to Macintosh will save your business money – February 09, 2004
Study: Apple’s Mac OS X is most secure operating system – February 20, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Study shows unpatched Windows PCs compromised in 20 minutes – August 17, 2004
AT&T Corp. evaluating Apple’s Mac OS X, Linux in face of Windows’ insecurity – October 05, 2004
Well, I have to confess, it’s our fault. I ordered Ballmer to make Linux less secure. So we created all the programs that break into Linux. Since Windows is 90 percent of all computers out there now, we have a lot of zombie computers to utilize in breaking into Linux computers.
And this 1.74 percent Macs that were broken into? We broke into a few, but the owners remembered to turn on their firewalls, and we were locked out of them tool
I actually have a Mac G5 on my desk these days. Why not? Mac Office is the best office there is, and I would never risk my email to Exchange! I may be evil, but I’m not stupid!
“In 2004, 32.7% of all digital breaches were carried out against micro entities including home-based individuals…”
I would like to see the percentages expressed relative to the number of entities sampled. For example, 2.5% of all digital breaches against “large entities” sounds low, but if the number of large entities is small then the relative percentage is high.
It would also be nice to separate “BSD” from “MacOS X” to get a feel for the relative security of the default MacOS X configuration.
Oh yeah, first post!
And remember what they say in Chicago: “Vote early, and vote often!”
Let’s turn the security through obscurity myth on its heads. Thank you, Windows users, for running a piece of Swiss cheese OS that draws the hackers away from my nice, secure, OS X computer. Keep up the good work!
Oops! make that “head”
Wintel apologists will crow over the fact that Linux had more breaches and call the rest of the study flawed.
more proof your pc sucks
but we all knew this long ago, you dont need a study to recognize both dells and windows are shite
Wow, good article. I missed their first article and their subsequent trashing. Anybody have any links?
Idea for Apple ad:
Your computer will get a virus, and you will DIE!
Hey, it works for the republicans, why not Apple too.
In our small office, it has taken years to bring the PC workers around to the Mac way of things, though the spouses of these employees still don’t get it.
The proof of the pudding is that the home PCs of our colleagues are ofen afflicted with adware, spyware, locked up printers, and crashing software, while the workplace Macs just keep plugging along. That in itself has been the contrast that our officemates needed to be convinced.
The study above just confirms our real world experience. I think it is courageous of this group to publish their findings in the face of world wide consequences to discredit them.
I’m confused. I’m not trolling, I just don’t understand how they got their numbers. If BSD/Mac OS X accounts for 4.82% of all breaches, and Mac OS X is like 2% of the global market, then assuming Mac OS X makes up a majority of the BSD systems, Doesn’t that mean that Mac OS X/BSD accounts for a higher ratio of breaches to market share than Windows? I’m assuming the sample is representative of actual global market share figures, or does the sample contain an equal proportion of each platform?
How exactly are they getting their numbers, and how are they reaching their conclusion? At first glance, it appears this study is supporting the “security by obscurity” myth and that Mac OS X/BSD is actually less secure than Windows.
Someone please clear this up!
Andy C.
“We would urge caution when reading negative commentary against mi2g, which may have been clandestinely funded, aided or abetted by a vendor or a special interest group.”
Gee… I wonder who they could be referring to, hmmm?? Certainly not anyone we would know about.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
good 1 apelock
” width=”19″ height=”19″ alt=”smile” style=”border:0;” /> thats about how brainless the Bush message is 😀
“Let’s turn the security through obscurity myth on its heads.”
And how exactly does this study prove anything beyond security though obscurity? It looks to me that the numbers jibe pretty well with the Mac’s marketshare.
(FYI: I do believe the Mac is more secure; this study just doesn’t prove it.)
Hey, I’m new to security issues, and I would like to know more of why Windows is so insecure, and OS X is not. Is there a good website that explains this in laymen’s terms?
Apparently security through obscurity is not a myth, and MDN should stop pretending that it is.
“…This is directly the result of very insignificant quantities of highly damaging mass-spreading malware being written for other computing environments like Linux, BSD and Mac OS X…”
It’s not impossible to screw up Macs. It’s just no fun. There’s no reward. Macs are safe because who cares if Sarah Jessica Parker has trouble getting e-mail. LINUX and Windows are attacked because a) That’s where the action is, and b) That’s where the talent is.
Hey Apelock… All over Los Angeles there are posters put up by Democrats that say, “Vote or Die.” Democrat shit looks just like Republican shit with just a few chunks of naturally grown corn in it. Give us a break with your half baked political observances.
Andy C.- wake up!
These are SYSTEMS, not desktops. Forget the Micro$oftopoly FUD about marketshare. Apple has a significant presence in many commercial and governmental markets. This is a company that advises Banks, Insurance Companies and others about SYSTEM security- not some teenager playing Halo or URT online.
Took ’em all of twelve months to figure that out?
I’m no troll either, I only use Macs and believe them to be inherently better all around but Andy C. has a good point. How would these percentages look normalized against the percentages of each platform in the sample? It would have been nice of mi2g to go into a bit more detail about how the got their numbers.
My Kingdom For A Horse:
Um, you should read the article again. The study covered breaches to computers from home and small business users all the way up to medium and large businesses.
32.7% of the breaches in the sample occured to home users; 58.8% of the breaches occured to small businesses. So no, the study didn’t focus on “systems” as you put it (I think you meant “servers”).
The fact remains: according to this study, almost 5% of all breaches occur to Mac OS X/BSD based computers & servers. That’s double of Apple’s worldwide marketshare. That seems to indicate that Mac OS X is breached quite often compared to Windows which accounted for 25.19% of the breaches while having a ~90% share of the market.
Something doesn’t add up. Unfortunately, we don’t have any details about the methodology. I think MDN should dig a little deaper and find out for us.
Andy C.
Jack A
Click on the mi2g…. link at the top and you will find the link to the previous report in the “Important note section”
Andy C
The full report is 160+ pages long and cost UK�880 (well over US$1500) , again click on the mig2 link above and locate the FAQ section near the bottom of the page .
Ned is correct. Some of the questions here are no doubt answered in the full multi-page report. I would also be interested in learning more, but not at that price. They do have some selected page “samples” of the report available. Check the bottom of the page with the article.
Looking at the sample pages, it appears that the percentages are based on number of successful attacks vs total number of attacks.
meant successful breaches vs attacks