Posted on 07/22/2010 7:40:23 AM PDT by for-q-clinton
Here's another blow to those insist that Apple products are rock solid and unhackable: The security company Secunia reports that Apple products have more vulnerabilities than those of any other company. Oracle came in second place, with Microsoft in third.
Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart, below.
The chart shows that Apple products consistently have more vulnerabilities than do Microsoft ones.
...
However, there will certainly be one surprise for those who believe that Microsoft products are particularly vulnerable --- Secunia reports that they're not. The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs, it says:
...
The report then concludes:
Users and businesses must change their perception that Microsoft products pose the largest threat in order to allocate security resources effectively. General awareness on the risk of 3rd party programs must be established.
(Excerpt) Read more at pcworld.com ...
So let me get this straight. Charlie Miller is so good he is able to attack a system and make it fall faster than any other system. Even though the system he is attacking is "inherently secure" (as stated by you) and the other is just dumb old windows.
He is so smart that not a single person in the world can attack windows faster than he can attack the "inherently secure" system of OSX. Three years in a row!
Something isn't adding up.
Oh and in 2010's contest he was able to get read and write access where as the windows system attack only got read access. Didn't Charlie also attack windows as well? Why didn't he get write access to windows as well?
They have put in the effort. Not much real-world success so far. I believe it is inevitable that one will eventually be successful, but even one out there puts you in far better shape than on Windows.
I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.
But you don't explain how populations smaller and more obscure than that of OS X have been targeted with wild success.
That is flat out wrong and couldn't be further from the truth about security. We can do the starbucks test and see which system is able to get online without issues :-)
But seriously security by obscurity is not any type of real security. Anyone who understands security will laugh at your statement.
Did you finish reading the statement you responded to?
I say it's because it's too small of a footprint and is secure enough to keep their efforts at exploit limited to the dumb users.
When needing user interaction you are better off targeting the masses as opposed to a handful of users. Now if I know my target is using a Mac then I will tailor my attack to that system. Much like Charlie does. Who would have the resources to do such a thing? How about other nations? They can write viruses to attack Macs just as easy as Charlie does. And with over 20 exploits remaining on Charlie's list of known OS X vulnerabilities I would say it's not safe as you like to think it is.
Exactly
Keep the Mac footprint small enough to cruise under the hacker's radar.
I don't want to worry about security.
According to Jeff Jones, the director of Microsoft's security group, the Pwn2Own contest is "simplifying security to the point of uselessness."
Pretty much as useless as counting "vulnerabilities" without looking at their practical application, I'd say.
Note that all of the browsers at these events were eventually hacked, and all with pre-developed exploits. That fact that Miller was quicker than his competitors has little to do with the overall system security.
I’m not a Mac user. Never have been, except I used a Quadra for about two months in an office once. I don’t even own an iPhone. I can still see that this article is utter B.S.
Like someone said above, numbers are meaningless if you don’t consider severity.
Doesn't your "Starbucks test" exploit the router, not the MacBook? What does that prove?
Actually safari gave up read and WRITE access to the system. Where as IE8 only gave up read access. Now both are very serious issues but WRITE access is way worse. So even though everyone knew this contest was approaching best they could do against IE8 was read access.
Did you even read the full article? This article had to be excerpted to be posted. The article does mention that along with other things that had to be excerpted. Try reading the whole thing before calling it BS.
Like what “populations” for example?
No, it isn't. Is every Mac OS X vulnerability in Safari?
And in at least one of the "pwn2own" contests, Miller targeted a 3rd party component (an open source Perl runtime library) that was used by Safari, not Safari itself. Do we get to discount that like the original article tries to shrug off Microsoft vulnerabilities because they come from 3rd parties?
The original article is PP World spin, trying to use meaningless statistics and metrics to prove a point they want to prove.
As to your claim that Windows 7 is so much more secure, how about these recent stories (Google "Windows 7 virus" and go to "News"):
Virus appears to seek firms' top-secret data
USB Drive Malware Exploit Windows 7 Flaw in Apparent Espionage Effort
Note that changing the query to "Mac OS X virus" only brings up stories about 1) Windows viruses or 2) The fact that Mac OS X doesn't have viruses.
{whisper} you may want to read the full report. Firefox has the most vulnerabilities out of all 3rd party apps...even more than adobe products.
Exactly. These are targeted viruses. Want to see them on Mac have nations and big companies switch to Mac.
Oh, so every Mac OS X vulnerability isn't in Safari. Hmm. Well, you mean they come from third party software too, just like the original article tries to pooh-pooh Windows' vulnerabilities by pushing them of as 3rd party issues? Who'd have thunk it?
As long as it's able to get at the Macbook that's what counts. One could use that same/similar excuses for most Windows exploits. That never stopped the Applebots from attacking Windows at will anyways.
What does that prove?
That the macbook is not as secure as Steve Jobs and the Applbots claim? In fact, Win 7 has consistently proved to be more secure in tests than Snow Leopard.
Huh? Many macbots have claimed that OS X is inherently secure. If it were inherently secure these 3rd party apps shouldn't have any impact on the OS. But as proven by the Safari hacks it can apply to 3rd parties as well.
And it is a virus in the wild. What's the Windows 7 installed base compared to OS X? Something like 2 to 1, tops? Enough of a gap to make OS X, which has been out far longer be "obscure" by comparison and yet it has no viruses in the wild?
It doesn't "get at the MacBook" at all. It just tells the router to ignore MAC addresses in a range that MacBooks use.
The same "exploit" could be used in reverse, telling the router to only let MacBooks connect and block everything else.
Proves nothing other than the router is easy to hack, not the machines connecting to it.
But it requires physical access to the machine or physical interaction. By Macbot standards that doesn’t count as a virus.
I’m not saying it’s not an issue, but I’m just applying the same rules to both systems.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.