Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mac OS X security myth exposed
Techworld ^ | 24 June 2004 | Matthew Broersma, Techworld

Posted on 01/16/2005 12:04:57 PM PST by Bush2000


24 June 2004
Mac OS X security myth exposed
And thousands of other products and OSes given security rundown.

By Matthew Broersma, Techworld

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.

The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.

One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

"Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news," said Secunia chief executive Niels Henrik Rasmussen. "The myth that Mac OS X is secure, for example, has been exposed."

Its new service, easily acessible on its website, allows enterprises to gather exact information on specific products, by collating advisories from a large number of third-party security firms. A few other organisations maintain comparable lists, including the Open Source Vulnerability Database (OSVDB) and the Common Vulnerabilities and Exposures (CVE) database, which provides common names for publicly known vulnerabilities.

Secunia said the new service could help companies keep an eye on the overall security of particular software - something that is often lost in the flood of advisories and the attendant hype. "Seen over a long period of time,the statistics may indicate whether a vendor has improved the quality of their products," said Secunia CTO Thomas Kristensen. He said the data could help IT managers get an idea of what kind of vulnerabilities are being found in their products, and prioritise what they respond to.

For example, Windows security holes generally receive a lot of press because of the software's popularity, but the statistics show that Windows isn't the subject of significantly more advisories than other operating systems. Windows XP Professional saw 46 advisories in 2003-2004, with 48 percent of vulnerabilities allowing remote attacks and 46 percent enabling system access, Secunia said.

Suse Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58 percent of the holes exploitable remotely and 37 percent enabling system access. Red Hat's Advanced Server 3 had 50 advisories in the same period - despite the fact that counting only began in November of last year. Sixty-six percent of the vulnerabilities were remotely exploitable, with 25 granting system access.

Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent.

As for the old guard, Sun's Solaris 9 saw its share of problems, with 60 advisories in 2003-2004, 20 percent of which were "highly" or "extremely" critical, Secunia said.

Comparing product security is notoriously difficult, and has become a contentious issue recently with vendors using security as a selling point. A recent Forrester study comparing Windows and Linux vendor response times on security flaws was heavily criticised for its conclusion that Linux vendors took longer to release patches. Linux vendors attach more weight to more critical flaws, leaving unimportant bugs for later patching, something the study failed to factor in, according to Linux companies. Vendors also took issue with the study's method of ranking "critical" security bugs, which didn't agree with the vendors' own criteria.

Secunia agreed that straightforward comparisons aren't possible, partly because some products receive more scrutiny than others. Microsoft products are researched more because of their wide use, while open-source products are easier to analyse because researchers have general access to the source code, Kristensen said.

"A third factor is that Linux / Unix people are very concerned about privilege escalation vulnerabilities, while Windows people in general are not, especially because of the shatter-like attacks which have been known for six years or more," he said. "A product is not necessarily more secure because fewer vulnerabilities are discovered."


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: computersecurity; kneepads; littleprecious; lowqualitycrap; macuser; paidshill; redmondpayroll; tech; trollfromredmond
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 281-286 next last
To: rwfromkansas
They have lots of probs in the town newspaper with their Macs though, according to the publisher.

That may be so, but I'll guarantee you it ain't the Macs fault...

61 posted on 01/16/2005 3:06:23 PM PST by papertyger
[ Post Reply | Private Reply | To 50 | View Replies]

To: cyborg
Aside from frequent crashes, the battery discharges in thirty minutes when it's supposed to last four hours.

Ouch. How many charge/discharge cycles did the battery have before that started?

As for the SP2, too late for me to say DON'T DO IT. But it's not too late to save your data, wipe the harddrive and reinstall everything from scratch--except SP2, of course.

62 posted on 01/16/2005 3:08:27 PM PST by Petronski (Alles klar, Herr Kommissar?)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Doohickey
Did you two date the same woman or something?

Don't think so. We're both happily married professionals.

It's not personal - we just enjoy a good argument like Novak and Carville do on Crossfire. (I'm Novak, He's Carville).

63 posted on 01/16/2005 3:08:37 PM PST by HAL9000 (Spreading terrorist beheading propaganda videos is an Act of Treason!)
[ Post Reply | Private Reply | To 59 | View Replies]

To: rwfromkansas
OS X had the highest proportion of "extremely critical" bugs at 19 percent

Mac OS X - Currently, 0 out of 41 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Microsoft Windows XP Professional- Currently, 20 out of 80 Secunia advisories, is marked as "Unpatched" in the Secunia database.

64 posted on 01/16/2005 3:08:46 PM PST by Vermonter
[ Post Reply | Private Reply | To 36 | View Replies]

To: Petronski

I bought the laptop december 2003 so that's about a year. I may just back up everything and do what you say.


65 posted on 01/16/2005 3:11:12 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 62 | View Replies]

To: Petronski

two years and the cord quality sucks too


66 posted on 01/16/2005 3:13:45 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 62 | View Replies]

To: cyborg

A year, on daily discharge-recharge could do that pretty easily. And replacements are usually expensive too, like $80 street, $150 MSRP.


67 posted on 01/16/2005 3:17:41 PM PST by Petronski (Alles klar, Herr Kommissar?)
[ Post Reply | Private Reply | To 65 | View Replies]

To: Petronski

Plugging it in daily does that? Wow.


68 posted on 01/16/2005 3:19:17 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 67 | View Replies]

To: cyborg

No, I misspoke. A battery can only be discharged, then plugged in and recharged, a finite number of times, depending on the chemistry of the battery (L-ION v. Nickel Metal Hydride etc.).

If it's always plugged in, or even almost always plugged in, there should be no problem. It's hard to tell what's going on without more info, like a model number for instance.


69 posted on 01/16/2005 3:21:52 PM PST by Petronski (Alles klar, Herr Kommissar?)
[ Post Reply | Private Reply | To 68 | View Replies]

To: Vermonter

"Patched" would imply that users have downloaded and installed the patches. Judging from comments I read of FR, Mac users don't believe their computers have security problems. I would guess they are not in the habit of downloading patches on a regular basis.


70 posted on 01/16/2005 3:22:14 PM PST by js1138 (D*mn, I Missed!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Petronski

When I get home, I'll look and see. It's a bit annoying though.


71 posted on 01/16/2005 3:25:20 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 69 | View Replies]

To: cyborg

Annoying meaning the laptop and battery, or annoying meaning looking to see? ;O)


72 posted on 01/16/2005 3:28:03 PM PST by Petronski (Alles klar, Herr Kommissar?)
[ Post Reply | Private Reply | To 71 | View Replies]

To: js1138

Patched, from that site, means that the OS maker has provided a 'fix' for the bug.

Apple makes software upgrades and patches available automatically by default. The user merely has to click OK and provide his password to install them. OS X lets me know about them as soon as they are released.
(note, assumes you are connected to the net)


73 posted on 01/16/2005 3:28:36 PM PST by Vermonter
[ Post Reply | Private Reply | To 70 | View Replies]

To: Petronski

LOL the laptop battery of course.


74 posted on 01/16/2005 3:30:31 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 72 | View Replies]

To: HAL9000
Sure, I can. I just did.

Uh, HAL, you obviously didn't read this article. Macs are just as vulnerable as other OSes. You're lying when you say that nobody was affected by the security exploits. You simply can't provide such guarantees -- because you don't know.
75 posted on 01/16/2005 3:32:22 PM PST by Bush2000
[ Post Reply | Private Reply | To 60 | View Replies]

To: Vermonter
Microsoft Windows XP Professional- Currently, 20 out of 80 Secunia advisories, is marked as "Unpatched" in the Secunia database.

None of which pose a significant risk.
76 posted on 01/16/2005 3:33:00 PM PST by Bush2000
[ Post Reply | Private Reply | To 64 | View Replies]

To: Bush2000
This isn't a post one way or the other in the Windows wars. It's just a couple general sociological observations that applies to real practical security and safety in any human endeavour.

Medical researchers studying asthma have suggested that what one of these observations I am about to observe may the reason why so many children now have asthma. Or even hyper-allergenics.

Insurance statisticians and risk modelers believe the other explains why some cars that do very poorly in crash tests are in practise amoung the safest cars per mile driven.

What are they?

(1) Observation of being somewhat dirty and sloppy contributing to health. That some low level of of virus and bacteria, or allergenic agents makes for long term health.

That over-isolation, over-zealousness in hygiene create people and systems that are vulnerable in catestropic fashion to attack, that are not robust, that are fragile.

(2) Observation of obvious and real danger contributing to safety. A car that is obviously dangerous to drive is driven more safely, an intersection or stretch of road that is obviously dangerous is driven through with more precaution and care. The obviousness of the danger -- which MUST be real -- engenders a countering psychological reaction which more than compensates for the danger.

77 posted on 01/16/2005 3:33:18 PM PST by bvw
[ Post Reply | Private Reply | To 1 | View Replies]

To: cyborg
LOL the laptop battery of course.

I ration my laptop battery use, because I am notoriously cheap about such things.

78 posted on 01/16/2005 3:34:20 PM PST by Petronski (Alles klar, Herr Kommissar?)
[ Post Reply | Private Reply | To 74 | View Replies]

To: Petronski

I've learned my lesson *lol*


79 posted on 01/16/2005 3:36:22 PM PST by cyborg (http://mentalmumblings.blogspot.com/)
[ Post Reply | Private Reply | To 78 | View Replies]

To: Bush2000
None of which pose a significant risk.

But, remain unfixed, unlike those from Apple

80 posted on 01/16/2005 3:38:48 PM PST by Vermonter
[ Post Reply | Private Reply | To 76 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 281-286 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson