Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Security Firm: Apple Has More Security Holes Than Microsoft
PC World ^ | 22 Jul 2010 | Preston Gralla

Posted on 07/22/2010 7:40:23 AM PDT by for-q-clinton

Here's another blow to those insist that Apple products are rock solid and unhackable: The security company Secunia reports that Apple products have more vulnerabilities than those of any other company. Oracle came in second place, with Microsoft in third.

Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart, below.

The chart shows that Apple products consistently have more vulnerabilities than do Microsoft ones.

...

However, there will certainly be one surprise for those who believe that Microsoft products are particularly vulnerable --- Secunia reports that they're not. The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs, it says:

...

The report then concludes:

Users and businesses must change their perception that Microsoft products pose the largest threat in order to allocate security resources effectively. General awareness on the risk of 3rd party programs must be established.

(Excerpt) Read more at pcworld.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; ilovebillgates; iwanthim; iwanthimbad; mac; microsoftfanboys; osx; windows
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 201-216 next last
To: antiRepublicrat
... only because Charlie Miller is better at weaponizing his exploits than the people who were going after other systems. He is able to package an exploit so that it can be deployed in seconds. The guy is good.

So let me get this straight. Charlie Miller is so good he is able to attack a system and make it fall faster than any other system. Even though the system he is attacking is "inherently secure" (as stated by you) and the other is just dumb old windows.

He is so smart that not a single person in the world can attack windows faster than he can attack the "inherently secure" system of OSX. Three years in a row!

Something isn't adding up.

Oh and in 2010's contest he was able to get read and write access where as the windows system attack only got read access. Didn't Charlie also attack windows as well? Why didn't he get write access to windows as well?

41 posted on 07/22/2010 9:20:24 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 40 | View Replies]

To: for-q-clinton
The only thing that is in debate is why the virus writers haven't put much effort in attacking OS X.

They have put in the effort. Not much real-world success so far. I believe it is inevitable that one will eventually be successful, but even one out there puts you in far better shape than on Windows.

I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.

But you don't explain how populations smaller and more obscure than that of OS X have been targeted with wild success.

42 posted on 07/22/2010 9:22:25 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 38 | View Replies]

To: antiRepublicrat
Whatever the reason, be it architecture or some supposed obscurity, the real world fact is that you are safer on a Mac.

That is flat out wrong and couldn't be further from the truth about security. We can do the starbucks test and see which system is able to get online without issues :-)

But seriously security by obscurity is not any type of real security. Anyone who understands security will laugh at your statement.

43 posted on 07/22/2010 9:23:01 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 40 | View Replies]

To: antiRepublicrat
But you don't explain how populations smaller and more obscure than that of OS X have been targeted with wild success.

Did you finish reading the statement you responded to?

I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.

When needing user interaction you are better off targeting the masses as opposed to a handful of users. Now if I know my target is using a Mac then I will tailor my attack to that system. Much like Charlie does. Who would have the resources to do such a thing? How about other nations? They can write viruses to attack Macs just as easy as Charlie does. And with over 20 exploits remaining on Charlie's list of known OS X vulnerabilities I would say it's not safe as you like to think it is.

44 posted on 07/22/2010 9:27:26 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 42 | View Replies]

To: for-q-clinton
Macbots should start telling people not to switch to OSX if they want to keep their system “secure”.

Exactly

Keep the Mac footprint small enough to cruise under the hacker's radar.

I don't want to worry about security.

45 posted on 07/22/2010 9:31:43 AM PDT by Vinnie (You're Nobody 'Til Somebody Jihads You)
[ Post Reply | Private Reply | To 10 | View Replies]

To: for-q-clinton
You put an awful lot of stock in the results of "pwn2own" (notice the correct spelling, by the way). More so than does Microsoft itself:

According to Jeff Jones, the director of Microsoft's security group, the Pwn2Own contest is "simplifying security to the point of uselessness."

Pretty much as useless as counting "vulnerabilities" without looking at their practical application, I'd say.

Note that all of the browsers at these events were eventually hacked, and all with pre-developed exploits. That fact that Miller was quicker than his competitors has little to do with the overall system security.

46 posted on 07/22/2010 9:32:17 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: esoxmagnum

I’m not a Mac user. Never have been, except I used a Quadra for about two months in an office once. I don’t even own an iPhone. I can still see that this article is utter B.S.

Like someone said above, numbers are meaningless if you don’t consider severity.


47 posted on 07/22/2010 9:32:21 AM PDT by B Knotts (Just another Tenther)
[ Post Reply | Private Reply | To 32 | View Replies]

To: for-q-clinton
We can do the starbucks test and see which system is able to get online without issues

Doesn't your "Starbucks test" exploit the router, not the MacBook? What does that prove?

48 posted on 07/22/2010 9:35:02 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 43 | View Replies]

To: kevkrom
Note that all of the browsers at these events were eventually hacked, and all with pre-developed exploits. That fact that Miller was quicker than his competitors has little to do with the overall system security.

Actually safari gave up read and WRITE access to the system. Where as IE8 only gave up read access. Now both are very serious issues but WRITE access is way worse. So even though everyone knew this contest was approaching best they could do against IE8 was read access.

49 posted on 07/22/2010 9:36:40 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 46 | View Replies]

To: B Knotts

Did you even read the full article? This article had to be excerpted to be posted. The article does mention that along with other things that had to be excerpted. Try reading the whole thing before calling it BS.


50 posted on 07/22/2010 9:38:01 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 47 | View Replies]

To: for-q-clinton
“But you don't explain how populations smaller and more obscure than that of OS X have been targeted with wild success. “

Like what “populations” for example?

51 posted on 07/22/2010 9:39:51 AM PDT by SmokingJoe
[ Post Reply | Private Reply | To 44 | View Replies]

To: for-q-clinton
So Safari is 3rd party or not?

No, it isn't. Is every Mac OS X vulnerability in Safari?

And in at least one of the "pwn2own" contests, Miller targeted a 3rd party component (an open source Perl runtime library) that was used by Safari, not Safari itself. Do we get to discount that like the original article tries to shrug off Microsoft vulnerabilities because they come from 3rd parties?

The original article is PP World spin, trying to use meaningless statistics and metrics to prove a point they want to prove.

As to your claim that Windows 7 is so much more secure, how about these recent stories (Google "Windows 7 virus" and go to "News"):

Virus appears to seek firms' top-secret data
USB Drive Malware Exploit Windows 7 Flaw in Apparent Espionage Effort

Note that changing the query to "Mac OS X virus" only brings up stories about 1) Windows viruses or 2) The fact that Mac OS X doesn't have viruses.

52 posted on 07/22/2010 9:46:05 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 39 | View Replies]

To: kevkrom
Every Mac OS X vulnerability is in Safari? Glad I use Firefox instead.

{whisper} you may want to read the full report. Firefox has the most vulnerabilities out of all 3rd party apps...even more than adobe products.

53 posted on 07/22/2010 9:48:25 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 36 | View Replies]

To: kevkrom

Exactly. These are targeted viruses. Want to see them on Mac have nations and big companies switch to Mac.


54 posted on 07/22/2010 9:50:01 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 52 | View Replies]

To: for-q-clinton
you may want to read the full report. Firefox has the most vulnerabilities out of all 3rd party apps...even more than adobe products.

Oh, so every Mac OS X vulnerability isn't in Safari. Hmm. Well, you mean they come from third party software too, just like the original article tries to pooh-pooh Windows' vulnerabilities by pushing them of as 3rd party issues? Who'd have thunk it?

55 posted on 07/22/2010 9:51:10 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 53 | View Replies]

To: kevkrom
Doesn't your “Starbucks test” exploit the router, not the MacBook?

As long as it's able to get at the Macbook that's what counts. One could use that same/similar excuses for most Windows exploits. That never stopped the Applebots from attacking Windows at will anyways.

What does that prove?

That the macbook is not as secure as Steve Jobs and the Applbots claim? In fact, Win 7 has consistently proved to be more secure in tests than Snow Leopard.

56 posted on 07/22/2010 9:51:55 AM PDT by SmokingJoe
[ Post Reply | Private Reply | To 48 | View Replies]

To: kevkrom
Oh, so every Mac OS X vulnerability isn't in Safari. Hmm. Well, you mean they come from third party software too, just like the original article tries to pooh-pooh Windows' vulnerabilities by pushing them of as 3rd party issues? Who'd have thunk it?

Huh? Many macbots have claimed that OS X is inherently secure. If it were inherently secure these 3rd party apps shouldn't have any impact on the OS. But as proven by the Safari hacks it can apply to 3rd parties as well.

57 posted on 07/22/2010 9:55:23 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 55 | View Replies]

To: for-q-clinton
That specific virus had a specific target. But it exploited a "Windows bug that affects every Microsoft operating system, including the recently released Windows 7".

And it is a virus in the wild. What's the Windows 7 installed base compared to OS X? Something like 2 to 1, tops? Enough of a gap to make OS X, which has been out far longer be "obscure" by comparison and yet it has no viruses in the wild?

58 posted on 07/22/2010 9:59:37 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 54 | View Replies]

To: SmokingJoe
As long as it's able to get at the Macbook that's what counts.

It doesn't "get at the MacBook" at all. It just tells the router to ignore MAC addresses in a range that MacBooks use.

The same "exploit" could be used in reverse, telling the router to only let MacBooks connect and block everything else.

Proves nothing other than the router is easy to hack, not the machines connecting to it.

59 posted on 07/22/2010 10:02:35 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 56 | View Replies]

To: kevkrom

But it requires physical access to the machine or physical interaction. By Macbot standards that doesn’t count as a virus.

I’m not saying it’s not an issue, but I’m just applying the same rules to both systems.


60 posted on 07/22/2010 10:04:49 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 58 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 201-216 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson