REPORT: Apple software is the most insecure
July 22, 10:10 PM
Tech Buzz Examiner
Michael Santo
examiner.com
Apple is at the industry leader in many areas, but it certainly doesn't want to know it's the industry leader in terms of security flaws. That's the conclusion reached by security firm Secunia, in their half-year report for 2010 (.PDF).
In the first six months of 2010, Apple had more reported vulnerabilities than any other company. Oracle was second, and Microsoft was third. It should be noted, however, that the report only notes the number of vulnerabilities, not how severe they are, how quickly they are patched, or what the possibility of exploit is.
Follow my_iria on Twitter After all, hackers still target Windows PCs far more than Macs. It's the sheer number of Windows PCs that make them more attractive, naturally.
In fact, as well, many of the flaws in Apple software are not OS flaws in Mac OS X, but rather in third-party software. Secunia makes a point that this is true not just for Mac OS, but for Windows as well, and that they are testing their Secunia Personal Software Inspector (PSI) 2.0, which will have the ability to update third-party software.
PSI currently can be downloaded from Secunia's site, and examines your PC for out-of-date, unpatched software. It can't, however, patch them.
Some key bullet points from the report:
* On average, 10 vendors are responsible for 38 percent of the vulnerabilities per year. Among those companies are Apple, Oracle, Microsoft, HP, Adobe, IBM, VMware, Cisco, Google, and Mozilla.
* In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010 to 760.
* During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.
* A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.
* A user can patch 35 percent of his PC's vulnerabilities with one update mechanism (Microsoft’s, naturally), but needs to master another 13 or more different update-mechanisms to patch 65 percent of third party program vulnerabilities.
The most positive part of this rather depressing report is that, according to Secunia, since 2005, the total number of vulnerabilities in the more than 29,000 products monitored by Secunia has been flat, neither trending upward nor downward. It's something, isn't it?
Watch one of those Mac vs. PC ads where WIndows security is skewered: |
