SuperSite Blog

Holly crap !! the guys at Cupertino must be pretty busy writing patches to secure that thing ! Good that OSX is still low profile on the hacker radar ! Might not be for long though as the market share increases and the iphone pops up everywhere...

oh, yeah...

Number of flaws is the wrong metric to be looking at. You should be asking how for how many days was each system vulnerable to known exploits that remained unpatched.

(For example. One publicly disclosed critical vulnerability that remains unpatched for a month is worse than 5 vulnerabilities that have a fix available within a day.)

"You should be asking how for how many days was each system vulnerable to known exploits that remained unpatched."

Actually, that's the wrong metric too.  For every exploit that you actually read about, there are 100 more that you don't that are currently working their way through enterprise systems.  In these situations, Apple fails big time, because they are extremely slow to patch many flaws - citing in their typical ignorance "that there simply are no exploits".  That's another reason why Apple won't see the light of day in enterprise operations - they don't take security seriously.

Take a serious look at MoAB and consider that many of those were already submitted to Apple's so-called security team long before that time, in some cases many months, but still were left unpatched until they were made public.

"That's another reason why Apple won't see the light of day in enterprise operations - they don't take security seriously."

So has Microsoft just been getting an A for an effort with XP from enterprises?

Pingback from  Think Different : Unexpected

Pingback from  kher » re: Surprise… Mac versus Windows vulnerability stats for 2007

It's no surprise that Vista did well, because Microsoft just had to do so. I would be interested in the numbers for Leopard alone, rather than Mac OS, which includes 10.4 and 10.5 together [and may even include more older versions?]. However, what's the point since theses make no matter at all in the cyberworld. Besides, I don't exactly trust Secunia, as the 'break into this Mac contest' or any such contest should never occur, especially when all the contestants were given accounts on the computer, which is like letting in the burglar and asking him to find your hidden belongings when he has a map to them. These numbers are as meaningful as how many "A"s are in my bowl of alphabit soup. Anyway, kudos to the Vista team writers for their efforts in writing a secure OS. Good luck keeping it that way.

"I don't exactly trust Secunia, as the 'break into this Mac contest'"

Huh?  Secunia didn't host this challenge, someone else did.  It is linked to in the article (www.matasano.com/.../mtso). Secunia is an independent clearinghouse of vulnerabilities across many platforms and is trusted in the industry.  You can do a search on your own for all of these vulnerabilities if you like.  The data from Secunia many times comes from another reliable and readily searchable source, CVE:  http://cve.mitre.org/cve/

It's all there for anyone that has the time to want to find out more.

Pingback from  Mac OS X More Vulnerable than Windows

Wow!  It is hilarious to watch you guys try and explain away the fact that there were "over 114,000 known viruses for PCs last year, and 0 (ZERO!) for the Mac."

[Fivepoint is pointing out the obvious facts.  Cancel or Allow?]  "Allow."

Who cares how many have been patched, the only ones are the ones that are exploited!

[Fivepoint is stating the obvious, and you are beginning to get defensive.  Cancel or Allow?]  "Allow."

I don't care WHY my mac in invulnerable to attack, or why I haven't had to spend a nickle on anti-virus in over 5 years of mac computing... I am just glad that is the case!  

[Fivepoint is pointing out that macs 'just work', and that pcs require hundreds of dollars worth of time and software to keep your machine virus free.  Cancel or Allow?]  "Allow."

Keep tryingn to explain away your inferiority with the 'no one writes viruses for macs' crap!  

[You are coming to a sad realization...]  "allow."

Dipsh, the comparison is still irrelevant. But thanks for the info. I still don't trust the establishment, dude.:)

fivepoint, I perfer it if the os is stable in secure in first place, not having to be patched be it exploited or not. And besides, not all security vulernabilites are from viruses.

The problem with CNet and ZDNet is that they are filled with truly pathetic "writers" and "bloggers" that suckle at Microsoft's teat. The joint has gone down the toilet in 2007 and I'm sure they'll have more (and worse) to come in 2008. I mean, have you seen the quality of their "writing"? Truly grade four material. The only plus on their card is that they are helping the homeless by taking them off the street and giving them writing gigs on their blogs.

If you Windows fanboys are so cocksure of yourself, why don't you do a simple test to see which OS is more secure. A fresh install of Vista and one of OS X. Each with their latest patches and updates. OS X guy will wait for you Vista guys while you reboot 103 times to get up to date. Leave the default setting on, firewall etc. But PC Guy, don't install anti-virus, anti-spyware, anti-rootkit... um what else anti thing do you guys need to run? Mac Guy won't install any such thing either. Then go around clicking on websites, look around and use your machine. Lets see who's more infected after a week. I bet Vista Guy will have more viruses than an 80 year old prostitute. Then again, funny thing is, Vista's UI actually looks like an 80 year old woman with lots of make-up on.

How confident are you about the methodology employed here? I randomly looked at a few of the OSX ones and it's a little dodgy.

The first vulnerability listed for osx, CVE-2006-0024, is also reported as a Windows issue:

secunia.com/.../CVE-2006-0024

www.microsoft.com/.../ms06-020.mspx

but is not listed in the Windows columns.

The second, secunia.com/.../CVE-2007-1218 seems to be a generic Linux 802.11 vulnerability which does not mention OSX. I don'[t know if OSX uses the same 802.11 stack as the Linux distros.

secunia.com/.../CVE-2007-4710 is listed as a mac issue but seems to be just a reservation of an issue number. There are a number of these.

secunia.com/.../CVE-2007-3004 is listed as a dupe of secunia.com/.../CVE-2007-2788 but both are counted in  the OSX column.

"I don't care WHY my mac in invulnerable to attack"

A proper IT department will lock down enterprise systems, preventing users from doing things they shouldn't.  That also prevents unauthorized software from running in administrative privilege levels by using the local user account.  It's not hard to do that with group policy deployed over a domain - something Mackie's just don't know how to do.

Besides, Windows Vista has UAC which, when run from a limited user account, is equal to privilege escalation on any *nix OS (including OS X).  The fact is that UAC doesn't prompt for credentials when you're already logged in as an administrative.  Other operating systems do, and on OS X, many installers even run at elevated privileges under a limited account without any prompt to the user - a HUGE security risk.

"It is hilarious to watch you guys try and explain away the fact that there were "over 114,000 known viruses for PCs last year, and 0 (ZERO!) for the Mac.""

and it's hilarious to watch you Mackie's regurgitating marketing FUD.

"Who cares how many have been patched, the only ones are the ones that are exploited!"

You have no clue how many security flaws are privately exploited.  It's that kind of attitude that is slaughtering Apple in the corporate market.  I've seen 3 different simple exploits that were written a buddy that works for a security company in about 20 minutes to prove to a client of his of how insecure OS X really is.  Those types of attacks happen every day in the real world.

"I don't care WHY my mac in invulnerable to attack"

I can spot a Kool-Aid drinker a mile away.  Your turtleneck is pulled over your eyes.

"The problem with CNet and ZDNet is that they are filled with truly pathetic "writers" and "bloggers" that suckle at Microsoft's teat. The joint has gone down the toilet in 2007 and I'm sure they'll have more (and worse) to come in 2008. I mean, have you seen the quality of their "writing"? Truly grade four material. The only plus on their card is that they are helping the homeless by taking them off the street and giving them writing gigs on their blogs."

Um, that's not exactly true.  If you want to see welfare blogging at it's best, go to eWeek.com.  Mary Jo Foley (and many others at ZDNet) used to work for eWeek (owned by CNet).  The new Microsoft guy, Joe Wilcox, is a Microsoft-bashing Mackie, and the rest of the site wreaks of pro-OSS software, written by leftover wannabe's from the FSF.

"OS X guy will wait for you Vista guys while you reboot 103 times to get up to date."

Try "ONCE".

"Leave the default setting on, firewall etc."

Yes, let's.  Let's leave the default firewall setting of Leopard.  That's "Firewall: OFF" for you Mackies.

"Then go around clicking on websites, look around and use your machine. Lets see who's more infected after a week. I bet Vista Guy will have more viruses than an 80 year old prostitute."

With what?  Firefox?  Firefox has more security problems than IE 7 on Vista, due mostly in part because Vista's IE has Protected Mode, while Firefox does not.  

Perish the thought that you'd be using Safari (on any operating system).  That browser is so full of bugs, the closest metaphoric visualization would be something that resembles a block of fermenting swiss cheese.  WHEW!  What a stinker!

"How confident are you about the methodology employed here? I randomly looked at a few of the OSX ones and it's a little dodgy."

It's so hilarious how Mackie's would rather discredit trusted publications rather than admit to the truth.

"I don'[t know if OSX uses the same 802.11 stack as the Linux distros."

OS X is based on BSD Unix, not Linux.

It's never amazing to see the Mac community come out and scream to the top of their lungs that the rest of us should pretty much go in our houses and shoot ourselves in the head.

Anyway, if this is accurate, why is this amazing? Apple can be somewhat lax in the security department and focus largely on UI due to the point their audience is much smaller than Windows and who's going to get famous for making 10% or so of the population angry? I mean, if you made the other 90% angry, or even just half of that 90%, you'll be all over the news like it was years ago with the "Code Red" fear and all.

Either way, it's just a reminder that we are all open to problems, and that Apple needs to shut their pie hole a little bit with the commercials. Maybe I'm in the minority still, but Vista is a pretty good operating system, and in terms of an earlier post, UAC is not that bad and honestly is just one more click to get work done, nothing even a five year old couldn't handle! Are we too up-our-own to click one more button to get things done, possibly stopping us from harm if, for some unknown reason, an unknown installer starts?

"It's so hilarious how Mackie's would rather discredit trusted publications rather than admit to the truth."

Riiiight. A zdnet blog is a trusted publication? So anything it says must be true then? I pointed out some actual problems with his data and this is the best you can do?

Take another example:

secunia.com/.../CVE-2007-3655

This is listed as affecting MacOSX only. So, the bug description states "Stack-based buffer overflow in javaws.exe". Hmmm, could that affect Windows too? Follow the link to Sun (sunsolve.sun.com/.../document.do) and you'll see this:

"This issue can occur in the following releases (for Windows, Solaris, and Linux):"

So that counts in the OSX column and not in the Windows column?

The data being used is bad and so any conclusions drawn must be unsafe too. Choose what you want to believe. It seems you may already have.

More from the PC zealot crowd.

The best rebuttal to this I saw on slashdot -

"Mac OS X contains many third-party open source software packages. The bugs are found through source code auditing. These bugs may or may not become exploitable depends on how the code is used.

Just take a quick look at the bugs list. Most of them are found in third-party code like PCRE library. These are labeled "highly critical" without a demonstrable proof that it can be exploited. The software using PCRE is vulnerable to malformed regular expression strings, but I've never seen any software accepting arbitrary regular expression strings from another machine. . . . Those same bugs also affect Linux. If you use Cygwin on Windows, these bugs also affect you, so they can be Windows bugs too.

On the other hand, since we can't audit proprietary Windows code, we only find bugs that are actually exploitable, in contrast to the open source bugs that are only potentially exploitable. Therefore, the severity of Windows bugs are vastly underrated compared to open source bugs. And there are more potentially exploitable bugs in Windows that we don't find, which aren't being counted.

My question is if there were as many Mac OS computers out there right now as Windows would they be able to run without anti virus? Or would hackers have them huddling in a corner?

""Leave the default setting on, firewall etc."

Yes, let's.  Let's leave the default firewall setting of Leopard.  That's "Firewall: OFF" for you Mackies."

Like I said, install all the updates so both OSes are up to date. Leopard, with the latest updates, has the firewall ON. So you're wrong on that one. Nice try.

"It's so hilarious how Mackie's would rather discredit trusted publications rather than admit to the truth."

That's amusing. Trusted publication? CNet and ZDnet are rags. Nothing more, nothing less.

I bet you, given my original premise, that should one compare the two OSes, after a week's use, you'd find Vista filled with spyware (and possibly a virus or two). The Mac will have zero.

Pingback from  Mac OS X More Vulnerable than Windows | Nomen Nescio

Waethorn...

I won't take the time to go through each of your blowhard statements... but I will just make one simple statement, that you can't not deny.

"I've been running my mac for 5 years -- using Safari -- with not a single incidence of a virus, trojan, or relative thereof.  Do you mean to tell me that you would be willing to do the same with a new PC (without virus protection... just like me) and not be worried about any of those things?"  

Hahaha... if so, you are less intelligent than I thought!  I wouldn't us a PC for ONE DAY without virus scanners and all that jazz.  You can make all of the theoretical retorts you want... but the TRUTH of the matter is, just like the Apple ad states:

"There were 114,000 known viruses for PCs last year.  None for the mac."  None!  Zero!

Argue that, moron.  In the real world... its not what your intentions are, or what the theoretical results would be... it is your actions and actual results that matter.

"I bet you, given my original premise, that should one compare the two OSes, after a week's use, you'd find Vista filled with spyware (and possibly a virus or two). The Mac will have zero."

That's funny.  In all of the years of running Windows, I had a spyware infection once, and that was because *I* did something that I shouldn't have, which was download some warez.  It was my fault.  No drive by infections.  And I'm going way back to Windows 3.1.

And guess what, that is where the fault lies, no matter what OS you are running on it's the users that are going to determine the security of the platform.  We only need to look at the recently reported DNS changer codecs that are being made available to both Windows AND OS X.  It only takes stupid users, which there are plenty of them.  Up until recently, the sheer number of OS X users has been low, but increasing.  It is now seen as profitable enough for the hackers to attack.  And remember, the virus/spyware game is not done for sport any more, it is done for PROFIT.

I suggest you guys clean your Kool-Aid stained glasses and start getting used to the real world out there.

BTW, if anyone actually wants to do real research, and see what the article was talking about, see the Security-Announce mailing list from Apple.  For example, the December update fixed 41 security problems.

lists.apple.com/.../msg00002.html

Also notice that Apple calls the security update 2007-009, which means it was the ninth broad security update.  Looking at the Ou article shows that December is the 9th such broad security patch of the year, matching the list that Ou compiled.  So everyone complaining about where Ou got his figures from should look at Apple and see what they are patching.  And those that don't trust the CVE's data, should also note that Apple extensively uses this database in their security vulnerability disclosure.

"The first vulnerability listed for osx, CVE-2006-0024, is also reported as a Windows issue:

secunia.com/.../CVE-2006-0024

www.microsoft.com/.../ms06-020.mspx

but is not listed in the Windows columns."

And if you look at the naming convention used in the CVE, Apple, and MS, they put the year then an incremental number.  That means that in what you have shown here that MS patched this in *MAY 2006*, and was actually first reported in November 2005.  It should be noted that Apple also patched this in May of 2006, but they re-released it to incorporate a newer version of the software.

"Do you mean to tell me that you would be willing to do the same with a new PC (without virus protection... just like me) and not be worried about any of those things?"

That I personally use?  Yeah, why not?  The user has plenty to do with the security of the computer, and I'm savvy enough to not download fake codecs (which are an extremely popular attack vector) or randomly run executable files of unknown quality.

"None for the mac."

They're going to have to change this wording, because it is no longer true.

Pingback from  Mac OS X More Vulnerable than Windows teasered @ Feed UP !!

I can't believe that no one is commenting on how this info fails to show how much more secure Vista is compared to XP. This is what the buzz has been, and these numbers don't show it. It's probably the best reason for the average user to upgrade to Vista, IMO.

You know, add in the Grandma  or Mom and Dad factor here...

My parents run XP.  They are not technical, they just need word processing, email, and internet.  They have virus protection and spyware protection.  (That they would never renew unless I come over and do for them.... "Yes, I was getting that message for the past 3 months but I just ignored it...)  I constantly have to go over there and "fix" stuff for them...  Do cleanup and maintenance work...  

On the other hand, my mother-in-law has a Mac.  No virus protection, no spyware protection.  I never have to do ANYTHING to her computer.  She never has any issues or questions.

This is real-world stuff here...  There are many other freinds of the family that call me for help with their PCs... I go over there and they have spyware / viruses/ and all kinds of bloatware that somehow got installed...  It takes hours to get them cleaned up and functional again.

On the ones that switch to a Mac, I hear nothing but praise, and never have to go over to do all of this cleanup work.

It is one thing for technical people on these boards to argure about vulnerabilities and which OS is more secure...  But get out there in the real world with people who know nothing about computers and just use them as a tool to surf the internet and send emails, and the clear choice for them is OSX.

I use both, OSX and Vista.  I personally find OSX is MUCH less bothersum than Vista...  

solaranox, I have the exact same experience with the 'average users' in my group. Now, 1/3 of my group have new Macs. However, those with Vista like it [Vista] too. Although the Vista users report some driver problems, they would never would agree that Vista was slow. Their new hardware is almost certainly responsible for the increased speed from XP, but they only proclaim that their systems are fast. I usually configure their hardware selection.

personaly vista is as good for people who want to do symple things as well as complex ones. OSX i fined to be about the same. (i just dont like how it works personal choice) but xp has to be the worst operating system out there.. Example..

XP: 1 month 2 spyware (god knows were...)

Vista 1 year 0spyware 0 vireses (no anti vires!)

now for me i cannot complain anymore when it comes to using windows. But i will never say xp was a great operating system.

Some of this [their are plenty more] from ZDnet blows a few holes in those numbers, clearly indicating that the report [from the renown expert Secunia?] is flawed, skewed and plain old wrong:

"There are 16 reports in the OS X column for the Sun JRE/JDK. However, Sun does not provide a JVM for OS X. Indeed, the corresponding CVE reports don’t list OS X as an affected OS. Why are those reports in the OS X column ?"

"The OS X column also contains Ruby on Rails vulns. And Safari 3 vulns (which Apples lists under OS X AND Windows but not you). And Adobe Flash player."

"CVE-2007-3504 is described as Windows-only. However, it appears in the OS X column."

"The problem being that you are only reporting CVEs for Windows for the XP Professional and Vista products (leaving out the Home Edition and Server products). However, you are reporting all OS X CVEs, including any for 10.0, 10.1, 10.2, 10.3, and their respective SERVER products because Secunia doesn’t provide a finer-grained OS X search"

There were many more brilliant comments explaining why the stats are a load of crap, but hey, I'm just a doctor, not an IT guy.

oops, more importantly, thank you all for your help with aiding my partners computer selections. the recent 3 went well, and the dv9500t series 17in laptop from the HP Home & and Home Office makes me drool more than when I look at my wife's butt. It's sweet... and so is the laptop!

"CVE-2007-3504 is described as Windows-only. However, it appears in the OS X column."

Once again, when you see these in the list the Ou provided, they are things that *APPLE* is providing as bug fixes.  Take a look at this link:

lists.apple.com/.../msg00001.html

This CVE is listed in it, and when you go to the bottom, you can see that *APPLE* is updating it as part of updating the OS.

Those outside of the IT or security communities may have never heard of Secunia, but they are indeed very well respected, and they simply don't make stuff up.  These vulnerabilities that they list are provided to them by other parties.

To rehash:

The list that Ou provides is exactly from what Apple provides, ie, these are the things that Apple is updating in its OS software.  No matter what everyone finds in CVE's listed, they are being patched by Apple.  This information comes directly from their "security-announce" mailing list.  Since all of this data is originating from the same place, Apple, we can all assume that it is true.  In that regard, the general methodology is solid.  However, since the lists that Secunia provides, and Apple's own method of reporting is different and not as fine grained as MS, the analysis has to be deeper since you can not compare Apples (of Cupertino) to Apples (NOT of Cupertino).

Once again, for those that may have some turtleneck fuzz stuck in their brains, the list that George Ou provides is from Apple directly by way of Secunia and CVE.  Apple extensively uses the CVE, like they should, and Secunia culls the CVE information.

Yep, but some of the quotes state that Apple is reporting vulnerabilitiesm that are in third party software, not the OS, and that these are in the list, and obviously should not be there. So sorry, I don't and many others don't agree with them, and stating that a 3rd party security problem is the OS problem is wrong, flawed and inappropriate when reporting OS vulnerabilities. If Ou did it, then he is the wrongster instead of Secunia. But Ou is and has been a Mac basher for a long time and anything that he reports should be scrutinized due to heavy bias. Also, not using XP Home in the data and not separating the older Mac OS's is just not fair, but that's just what was done, and more. Here's the link with the much of the rebuttal:

blogs.zdnet.com/Burnette

"don't and many others don't agree with them"

By them you mean Apple?  Because, once again, Secunia and CVE don't use some black art to determine these vulns, they use the data from the security community and the software publishers.

"stating that a 3rd party security problem is the OS problem is wrong, flawed and inappropriate when reporting OS vulnerabilities"

Hmm, now we are getting in to an interesting situation.  If Quicktime and Acrobat (two very popular attack vectors on Windows) allows a piece of malware to get through, who gets the blame?  No doubt, Apple and Adobe should get the blame in these cases, but how many of the same people right here on this board would squawk about how bad the security is on Windows (fivepoint I'm looking at you)?  Now if Office 2008 allows a piece of malware to get through on a Mac, guess who will get the blame by many of the people on this board?  No need to respond, we already know the answer.  

"If Ou did it, then he is the wrongster instead of Secunia."

Wrong on both accounts.  Apple is the "wrongster" as you put it.  They (being Apple of Cupertino) are fixing these vulnerabilities and offering them for download.  Look at the security fixes that Apple posts, it's all there for anyone who wants to look.  Secunia and the CVE are just clearinghouses for this data.  Ou is analyzing it.  You can complain about how the data is being analyzed, but you CAN NOT complain about where the data is coming from, because, like I have now said 2-3 times, the data is coming directly from ***APPLE***!  Once again, see where this data is coming from right here, hosted on Apple's web site:

--> lists.apple.com/.../Security-announce <--

I see your point, but don't agree. Apple is reporting what some person spent many hours hacking away, as it was in his interest to produce such data. [He probably would of had more fun trying to pick up chicks, but to each his own]. There was no indendent study looking for these exploits and Microsoft may not be doing the same type of reporting, so a comparison data/report is statistically flawed and the methodolgy for this reporting is flawed. Also, I meant that the person tallying the vulnerabilities [Apple just listed them as reported by specific users] as OS vulnerabilities is wrong. The link you supplied is for JAVA, and there is a report that Apple does not use ["There are 16 reports in the OS X column for the Sun JRE/JDK. However, Sun does not provide a JVM for OS X"]. Sorry, but I think that the tally and method are wrong. If a group of numerous people sat down for a few months and searched for vulnerabilities in any software, don't you think that the gizillion software titles for Windows would find many, many more in Windows than on a Mac just because there is a zillion more apps for Windows? I do, and I bet most sensible person would as well.

But, lets assume that the tally is correct, since that is all we have. Isn't it ironic that people were claiming that Bill Gates was delusional when he stated something to the effect that the Mac had more vulnerabilities, and he turns out to be correct! You gotta love the media. They are pretty much all self serving pecker heads.

You are not really getting it.

The listing that Ou compiled, which he got from Secunia, which culls CVE data, shows the vulnerabilities that were patched during any given month.  For the month of December, according to the list by Ou, they had a ton that ***APPLE*** has acknowledged and FIXED themselves.  As in, APPLE's programmers in Cupertino sat down and programmed away these vulnerabilities, then released a patch or series of patches to fix them.  There really is no flawed methodology, and since Secunia is only reporting what --->APPLE<--- is *FIXING*, there really is no ambiguity.  If you don't agree with this, then you are not agreeing with Apple's own disclosure of vulnerabilities and fixes.

Directly from APPLE, you can find this information listed here:  lists.apple.com/.../msg00001.html

Very straight forward, as it is on APPLE's web site, on APPLE's security announcement list, and is patched by APPLE.

Straight from that article, it states:

"Java Release 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:

www.apple.com/.../"

The Java update is being supplied by APPLE!

A little bit better explanation of patched vulnerabilities here:

docs.info.apple.com/article.html

Once again, on APPLE's web site.

In reference to the Java issue, see here:

docs.info.apple.com/article.html

Count the number of CVE's referenced in the lower part of the article.  I did it, and guess what, it comes to?  16, the amount you mentioned.

"Apple is reporting what some person spent many hours hacking away, as it was in his interest to produce such data"

Who's interest?  Do you mean Ou found all of these vulnerabilities?  If you do think this, then you are very wrong, and you are not reading what is being posted in the list.

Some facts and reality for you uneducated Windows fanboys.

www.roughlydrafted.com/.../vista-vs-mac-os-x-security-why-george-ous-zdnet-vulnerability-numerology-is-absurd

Another fact why there are so many exploits for 3rd party apps is because they are pre-installed with OS X (i.e. ruby, java, adobe acrobat, safari) but they are not on any copy of windows install media.

With all due respect, I 'get it' all too well. I have published scientific papers and know what valid accurate data collection is supposed to be, and this collection of data for comparison purposes is not valid [which is exactly what has been done as you can see in the side-by-side chart], regardless of where it came from [feel free to type Apple in caps all you want it's still flawed/invalid for this comparison]. Any conclusion from such comparison is therefore invalid. Also, adding your comments to my words to make their meaning fit your defense/and invalidate is a little over the top ['Who's interest...']. You either did not understand what I wrote, or something else...Either way you are quite wrong, no matter what part of the data you like to defend. This is just an invalid comparison. Again [should I type caps?] if you look for vulnerabilities of 3rd party software, AND reported them, I would bet that Windows has infinitely more by the great volume of software. But an exhaustive detailed, unbiased method of collecting and reporting did not even close to get accomplished in this data, in any parameter. [shipped software only, OS only, all software ever written, whatever...]

Could Vista or XP has less vulnerabilities than Leopard or Tiger? Absolutely possible. But to do a fare, unbiased comparison, you cannot use the method employed in the above data. I guess that I was a little redundant.

Pingback from  Learn about apples  &raquo; Blog Archive   &raquo; re: Surprise&#8230; Mac versus Windows vulnerability stats for 2007

Pingback from  Surprise&#8230; Mac versus Windows vulnerability stats for 2007Paul&#39;s SuperSite blog | Techitorial Gadget Reviews and Tech Updates

Pingback from  I Organize  &raquo; Blog Archive   &raquo; Surprise??? Mac versus Windows vulnerability stats for 2007Paul&#39;s &#8230;

a fact: who the hell cares making a virus for a computer that is below 10 percent in the market share they are just wasting their time making such and its not worth it thats why no viruses does really attack mac platform at the moment....im not a pc fan but i prefer pc right at this time due to hardware and software support. if apple really wants to go head to head with microsoft make your OS compatible to non-apple hardware....