Under the headline “Surprise, Microsoft Listed as Most Secure OS,” Internetnews.com’s Andy Patrizio writes, “Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.”
MacDailyNews Take: This is what we wake up to? TGIF! Okay, let’s begin: that’s not what the report said, Andy. It’s merely the spin you’ve decided to give it. We’re not yet sure if you’re trying to spread FUD or if you’re just not too bright. Let’s read on…
Patrizio continues, “The information was a part of Symantec’s 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
“The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006,” Patrizio reports. “During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It’s an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.”
“Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days,” Patrizio reports. “The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.”
“Then there’s Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority,” Patrizio reports. “Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.”
Full article – Think Before You Click™ – here.
[Thanks to just about every MacDailyNews Reader for the heads up.]
“Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about.”
Okay, so now we know it’s FUD. For you, Andy:
Bad news, Andy, we read the report. Nowhere in the report does Symantec claim Microsoft has the “Most Secure OS.” (By the way, Patrizio’s headline, “Surprise, Microsoft Listed as Most Secure OS,” doesn’t even make sense: Microsoft is a company, not an OS. Maybe he’s leaving himself some wiggle room?)
Let’s now take a novel approach and apply logic to the report’s findings. Instead of ignoring the most important point, the severity of the vulnerabilities, we’re going to apply Symantec’s information correctly and give it the weight it deserves.
Microsoft’s Windows had twelve (12) “severe” vulnerabilities vs. Apple’s one (1) “severe” Mac OS X vulnerability that affected no one or we certainly would have heard it trumpeted from the rooftops by the likes of Patrizio.
Now – and this goes for all of the companies’ response times – the number of days to patch a vulnerability in the Symantec report is an average! Which means that we have no idea if Apple, or Microsoft for that matter, patched the “severe” issues — or issue in Apple’s case — rapidly and then took their time with other patches for less severe vulnerabilities. Apple may have fixed their sole “severe” vulnerability in 5 minutes. For that matter, Microsoft may have had similar rapid response for their dozen “severe” vulnerabilities. We don’t know, the report doesn’t say, it only gives an average response time for all vulnerabilities in their sample, regardless of severity.
Clearly, the severity of the vulnerabilities, the number of such vulnerabilities, and how many vulnerabilities actually affect end users in the wild are much more important considerations for determining who gets called “Most Secure OS” in your headline. Which OS would you rather use with security as your goal?
Patrizio’s sole use of patch response time to determine “Most Secure OS” is a nothing more than an attempt at spreading FUD and/or generating hits; nobody can be that stupid and still be able to write. Symantec granted no such “Most Secure OS” designation in their report. Patrizio made up the “Most Secure OS” to suit his agenda and, it sounds like, get back at Apple for those stinging “Get a Mac” ads.
This whole thing would be laughable if it weren’t for the fact that this piece of FUD will now get picked up and regurgitated by media types who like a good headline regardless of facts and/or who won’t read the actual report and/or who lack the ability to spot deception and spin.
Symantec’s Internet Security Threat Report is here.
Contact Andy Patrizio and JupiterWeb (Internetnews.com) management via online form here.
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003