Under the headline “Surprise, Microsoft Listed as Most Secure OS,” Internetnews.com’s Andy Patrizio writes, “Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.”
MacDailyNews Take: This is what we wake up to? TGIF! Okay, let’s begin: that’s not what the report said, Andy. It’s merely the spin you’ve decided to give it. We’re not yet sure if you’re trying to spread FUD or if you’re just not too bright. Let’s read on…
Patrizio continues, “The information was a part of Symantec’s 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
“The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006,” Patrizio reports. “During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It’s an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.”
“Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days,” Patrizio reports. “The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.”
“Then there’s Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority,” Patrizio reports. “Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.”
Full article – Think Before You Click™ – here.
[Thanks to just about every MacDailyNews Reader for the heads up.]
“Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about.”
Okay, so now we know it’s FUD. For you, Andy:
Bad news, Andy, we read the report. Nowhere in the report does Symantec claim Microsoft has the “Most Secure OS.” (By the way, Patrizio’s headline, “Surprise, Microsoft Listed as Most Secure OS,” doesn’t even make sense: Microsoft is a company, not an OS. Maybe he’s leaving himself some wiggle room?)
Let’s now take a novel approach and apply logic to the report’s findings. Instead of ignoring the most important point, the severity of the vulnerabilities, we’re going to apply Symantec’s information correctly and give it the weight it deserves.
Microsoft’s Windows had twelve (12) “severe” vulnerabilities vs. Apple’s one (1) “severe” Mac OS X vulnerability that affected no one or we certainly would have heard it trumpeted from the rooftops by the likes of Patrizio.
Now – and this goes for all of the companies’ response times – the number of days to patch a vulnerability in the Symantec report is an average! Which means that we have no idea if Apple, or Microsoft for that matter, patched the “severe” issues — or issue in Apple’s case — rapidly and then took their time with other patches for less severe vulnerabilities. Apple may have fixed their sole “severe” vulnerability in 5 minutes. For that matter, Microsoft may have had similar rapid response for their dozen “severe” vulnerabilities. We don’t know, the report doesn’t say, it only gives an average response time for all vulnerabilities in their sample, regardless of severity.
Clearly, the severity of the vulnerabilities, the number of such vulnerabilities, and how many vulnerabilities actually affect end users in the wild are much more important considerations for determining who gets called “Most Secure OS” in your headline. Which OS would you rather use with security as your goal?
Patrizio’s sole use of patch response time to determine “Most Secure OS” is a nothing more than an attempt at spreading FUD and/or generating hits; nobody can be that stupid and still be able to write. Symantec granted no such “Most Secure OS” designation in their report. Patrizio made up the “Most Secure OS” to suit his agenda and, it sounds like, get back at Apple for those stinging “Get a Mac” ads.
This whole thing would be laughable if it weren’t for the fact that this piece of FUD will now get picked up and regurgitated by media types who like a good headline regardless of facts and/or who won’t read the actual report and/or who lack the ability to spot deception and spin.
Symantec’s Internet Security Threat Report is here.
Contact Andy Patrizio and JupiterWeb (Internetnews.com) management via online form here.
Related articles:
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
So what else is new? Idiots like this are obviously on Microsoft’s payroll to put out false propaganda like this. The best thing you can do is just simply ignore it, and definitely don’t click through to read this guy’s crap.
Ads clicks are all this is about.
This whole thing would be laughable if it weren’t for the fact that this piece of FUD will now get picked up and regurgitated by media types who like a good headline regardless of facts and/or who won’t read the actual report and/or who lack the ability to spot deception and spin.
So, in other words, every media outlet in America. I, for one, have had a belly full of agenda journalism. For once I’d love to read a ‘just the facts’ article regarding anything…
What a load of poppycock! I guess the author didn’t bother reading anything the NSA had to say.
The only security hole on my mac that affects me is on the back (desktops) or besides (laptops)
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
In other news, Patrizio has been desperately trying to get back online all morning to defend his spin but his Dell’s been pwned by some l33t haxxor. On the plus side, his exclusive offer for free Viagra will still be valid.
If you want a “just the facts” type reporting, you need to find people who believe that there is a verifiable, external, shared, existing truth. Good luck on finding that among 95% of American journalists. They’d rather tell you about such existentialistic spin as the “cycle of violence”.
Regarding the MDN take, I couldn’t have said it better.
We just all need to ignore the first ten years of Windows. That doesn’t matter anymore. Clearly, Winodws is superior because for this past week, there have not been any announcements of Windows exploits. In light of this evidence, I conclude that Windows is my grandmother. The connection is obvious.
” width=”19″ height=”19″ alt=”confused” style=”border:0;” />
Blast this Mo-Fo’s Email with corrective information!!!!!
Vulnerabilities are one thing, the ability to exploit them is quite another.
Enderle will say something in the coming days about “news of vulnerabilities in Mac OS X” or “Macs less secure than Apple faithful like to believe”. He will reference this report. Bet on it.
-c
I would like to visit the “security through obscurity myth”
I’m a diehard Macfan, but I can understand the effects of zealotry (my sister is a jesus freak) can have on common sense.
Lets look at the facts:
1: “During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows…”
2: “Red Hat Linux… vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.”
3: “…..43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority….For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.”
Now that Mac OS has re-appeared on the scene from a what appeared a certain death several years ago, and actually increased in market share the last few years.
Isn’t it logical to see that perhaps it’s true that Mac OS X was only secure because not many people paid attention to it?
Look at the recent events, Apple pisses off black hats with their smugness and they started paying attention to Mac OS X and DO find plenty of security issues.
This proves we Mac users have been living in denial, sure Mac OS 9 was very secure because it was hard to get to code for and it had little market share. But Mac OS X is based upon open source, which is easier to code for. So more hackers can pay attention to it.
Now don’t give me the “Windows has more viruses and Mac OS X has none” crap, it served Microsoft’s purpose to keep their OS rather “loose” to generate a IT workforce that would support it’s product.
Squeaky wheel gets the grease. M$ is no dumb-asses.
So now M$ has tightened up their OS and actually looking on par with Mac OS X as far as vulnerabilities go.
I’m confused. Is Patrizio a reporter or a politician? No difference? OK.
Mac OS X has been out for nearly 6 years now, so it’s not like it’s anything “new” at all. And we still haven’t seen ANY of these so called vulnerabilities ever actually impact anyone out in the wild.
Contact Form >I did>
Send to: Andy Patrizio
Note: We have too many contributors to list by name. To contact a writer, use the reply link in the story byline.
Subject: “Surprise, Microsoft Listed as Most Secure OS,”
“I’m a diehard Macfan, but I can understand the effects of zealotry (my sister is a jesus freak) can have on common sense.”
Important distinction: Macs exist.
WiseGuy: produce evidence of a real-world user who’s actually been affected by these vulnerabilities, then we’ll talk.
Don’t you think most every hacker would be champing at the bit to be the one to bring Apple down a peg or two? Well, it ain’t happened yet.
You addressed an important issue, but let’s not confuse vulnerabilities with exploits. The security by obscurity works with exploits, but vulnerabilities tell us more about the quality of code. If there were 12 critical vulnerabilities in Windows and only one in Mac OS X then I would say, that taking only this piece of data, Mac is 12x more secure than Windows.
a total bogus conclusion, for a more thorough analysis:
slashdot
in this modern day and age, there is one microsoft OS that can and will stand up to the threat of any virus and malware out there today and forever more.
windows 3.1.
seriously. every virus/whatever out there today is in 32 bit code, right? windows 3.x is 16 bit! it can’t execute the 9x/nt code! granted, you’re limited to IE5 and a bunch of ludicrously obsolete hardware and software… =) now get out that 486 and experience the net virus free!
mw: half. half the bits = twice the security!
>> Fortunately, only one was high priority,” Patrizio reports. “Like the others, this is also an increase over the first half of the year.
So, they had no severe vulns in the first half of the year? And M$ had at least 12 yet is more secure?
MW: Showed. Show me the logic
ChrissyOne: Jesus probably existed, God probably doesn’t.
I wrote to him saying that his conclusions were unwarranted. He needs to develop a mathematical model take three factors into account and weight them right: the number of vulnerabilities, the severity of the vulnerabilities, and the time to fix them.
What is important to the user (and what constitutes “being secure”) is not how fast the vendor fixes the vulnerability, but how likely it is to be hit by one and how severe the damage is. It doesn’t matter if a vendor whips out a fix in ten days if in the meantime several thousand of their customers were affected. On the other hand, it doesn’t matter if the vendor takes five years to fix a vulnerability if no one is affected by it.
If he made a proper comparison, I doubt that Windows would come out on top.
“WiseGuy: produce evidence of a real-world user who’s actually been affected by these vulnerabilities, then we’ll talk.”
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013702&intsrc=hm_list
“Don’t you think most every hacker would be champing at the bit to be the one to bring Apple down a peg or two? Well, it ain’t happened yet.”
http://kernelfun.blogspot.com/