Thursday, December 20,2007 @ 4:20pm
Doubts cast on Mac/Windows vulnerability
Sharp criticism is being directed at ZDNet's George Ou for a piece suggesting that Macs are more vulnerable than Windows PCs. Ou compiled a list of Secunia notices from 2007, and noted that while Windows XP and Vista had a total of 44 security warnings issued, Mac OS X had 243, all but two of which were deemed "highly critical." One problem with this, say observers, is that Secunia itself includes a warning on its website, advising people not to use its statistics to compare products against each other.
Another claimed issue is that even flaws which are listed as critical are not necessarily more likely to occur. Mac OS X, for example, was at one point cited as having a tcpdump vulnerability, but many users may have never had to approach the application. Conversely, a DirectX opening in Windows Vista could have been exposed with a WAV or AVI file, something much more likely for the average user.
Moreover, categories for the operating systems analyzed are said to have been biased. Only XP Pro and Vista were counted on the Windows side, whereas all versions of Mac OS X were factored in, including server editions. There are also said to be a number of warnings mislabeled by Ou, ones which either affected all operating systems, third-party software, or Apple programs running on Windows or the iPhone. It is suggested that if all factors were properly weighed, a user of Mac OS X Tiger or Leopard would likely encounter far fewer risks than someone using Windows XP, and possibly Vista. [via ZDNet]