We read Symantec’s report: Microsoft WIndows not listed as ‘most secure OS’

Apple StoreUnder the headline “Surprise, Microsoft Listed as Most Secure OS,” Internetnews.com’s Andy Patrizio writes, “Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.”

MacDailyNews Take: This is what we wake up to? TGIF! Okay, let’s begin: that’s not what the report said, Andy. It’s merely the spin you’ve decided to give it. We’re not yet sure if you’re trying to spread FUD or if you’re just not too bright. Let’s read on…

Patrizio continues, “The information was a part of Symantec’s 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.

“The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006,” Patrizio reports. “During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It’s an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.”

“Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days,” Patrizio reports. “The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.”

“Then there’s Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority,” Patrizio reports. “Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.”

Full article – Think Before You Click™here.

[Thanks to just about every MacDailyNews Reader for the heads up.]
“Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about.”

Okay, so now we know it’s FUD. For you, Andy:

Bad news, Andy, we read the report. Nowhere in the report does Symantec claim Microsoft has the “Most Secure OS.” (By the way, Patrizio’s headline, “Surprise, Microsoft Listed as Most Secure OS,” doesn’t even make sense: Microsoft is a company, not an OS. Maybe he’s leaving himself some wiggle room?)

Let’s now take a novel approach and apply logic to the report’s findings. Instead of ignoring the most important point, the severity of the vulnerabilities, we’re going to apply Symantec’s information correctly and give it the weight it deserves.

Microsoft’s Windows had twelve (12) “severe” vulnerabilities vs. Apple’s one (1) “severe” Mac OS X vulnerability that affected no one or we certainly would have heard it trumpeted from the rooftops by the likes of Patrizio.

Now – and this goes for all of the companies’ response times – the number of days to patch a vulnerability in the Symantec report is an average! Which means that we have no idea if Apple, or Microsoft for that matter, patched the “severe” issues — or issue in Apple’s case — rapidly and then took their time with other patches for less severe vulnerabilities. Apple may have fixed their sole “severe” vulnerability in 5 minutes. For that matter, Microsoft may have had similar rapid response for their dozen “severe” vulnerabilities. We don’t know, the report doesn’t say, it only gives an average response time for all vulnerabilities in their sample, regardless of severity.

Clearly, the severity of the vulnerabilities, the number of such vulnerabilities, and how many vulnerabilities actually affect end users in the wild are much more important considerations for determining who gets called “Most Secure OS” in your headline. Which OS would you rather use with security as your goal?

Patrizio’s sole use of patch response time to determine “Most Secure OS” is a nothing more than an attempt at spreading FUD and/or generating hits; nobody can be that stupid and still be able to write. Symantec granted no such “Most Secure OS” designation in their report. Patrizio made up the “Most Secure OS” to suit his agenda and, it sounds like, get back at Apple for those stinging “Get a Mac” ads.

This whole thing would be laughable if it weren’t for the fact that this piece of FUD will now get picked up and regurgitated by media types who like a good headline regardless of facts and/or who won’t read the actual report and/or who lack the ability to spot deception and spin.

Symantec’s Internet Security Threat Report is here.

Contact Andy Patrizio and JupiterWeb (Internetnews.com) management via online form here.

Related articles:
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

45 Comments

  1. So what else is new? Idiots like this are obviously on Microsoft’s payroll to put out false propaganda like this. The best thing you can do is just simply ignore it, and definitely don’t click through to read this guy’s crap.

  2. This whole thing would be laughable if it weren’t for the fact that this piece of FUD will now get picked up and regurgitated by media types who like a good headline regardless of facts and/or who won’t read the actual report and/or who lack the ability to spot deception and spin.

    So, in other words, every media outlet in America. I, for one, have had a belly full of agenda journalism. For once I’d love to read a ‘just the facts’ article regarding anything…

  3. In other news, Patrizio has been desperately trying to get back online all morning to defend his spin but his Dell’s been pwned by some l33t haxxor. On the plus side, his exclusive offer for free Viagra will still be valid.

  4. If you want a “just the facts” type reporting, you need to find people who believe that there is a verifiable, external, shared, existing truth. Good luck on finding that among 95% of American journalists. They’d rather tell you about such existentialistic spin as the “cycle of violence”.

  5. We just all need to ignore the first ten years of Windows. That doesn’t matter anymore. Clearly, Winodws is superior because for this past week, there have not been any announcements of Windows exploits. In light of this evidence, I conclude that Windows is my grandmother. The connection is obvious. ” width=”19″ height=”19″ alt=”confused” style=”border:0;” />

  6. Enderle will say something in the coming days about “news of vulnerabilities in Mac OS X” or “Macs less secure than Apple faithful like to believe”. He will reference this report. Bet on it.

    -c

  7. I would like to visit the “security through obscurity myth”

    I’m a diehard Macfan, but I can understand the effects of zealotry (my sister is a jesus freak) can have on common sense.

    Lets look at the facts:

    1: “During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows…”

    2: “Red Hat Linux… vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.”

    3: “…..43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority….For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.”

    Now that Mac OS has re-appeared on the scene from a what appeared a certain death several years ago, and actually increased in market share the last few years.

    Isn’t it logical to see that perhaps it’s true that Mac OS X was only secure because not many people paid attention to it?

    Look at the recent events, Apple pisses off black hats with their smugness and they started paying attention to Mac OS X and DO find plenty of security issues.

    This proves we Mac users have been living in denial, sure Mac OS 9 was very secure because it was hard to get to code for and it had little market share. But Mac OS X is based upon open source, which is easier to code for. So more hackers can pay attention to it.

    Now don’t give me the “Windows has more viruses and Mac OS X has none” crap, it served Microsoft’s purpose to keep their OS rather “loose” to generate a IT workforce that would support it’s product.

    Squeaky wheel gets the grease. M$ is no dumb-asses.

    So now M$ has tightened up their OS and actually looking on par with Mac OS X as far as vulnerabilities go.

  8. Mac OS X has been out for nearly 6 years now, so it’s not like it’s anything “new” at all. And we still haven’t seen ANY of these so called vulnerabilities ever actually impact anyone out in the wild.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.