Apple tops operating system, Microsoft application vulnerability chart
If you had to guess the operating system with the highest number of reported vulnerabilities, which would you pick? I guess it is fairly certain that the majority would pick Windows 7 or Windows in general but that is not the case, at least not when you grab data from the 2014 NVD database.
According to the database, or more precisely Christian Florian over at the GFI Blog who analyzed the data, Apple's Mac OS X operating system tops the chart with 147 reported vulnerabilities of which 64 had a severity of high and 67 one of medium.
The second place goes to the company's iOS operating system and 127 reported vulnerabilities, and the third to the Linux Kernel with 119 vulnerabilities.
And Windows? Makes up all the remaining seven places in the top ten list lead by Microsoft Windows Server 2008 with 38 reported vulnerabilities.
It is somewhat surprising to see Windows not making top spot in that list. Windows editions are however listed individually while Mac OS X, Linux and iOS are not.
Microsoft's Internet Explorer tops the application vulnerability chart by a large margin. A total of 242 vulnerabilities were reported for the Internet browser with 220 of them with a severity of high.
Google Chrome in second and Mozilla Firefox in third place are listed before Java and Adobe Flash Player.
It would have made sense to list different application versions here for all programs as well in a separate chart to make more sense of the data.
What is definitely missing is how long it took each company on average to fix high, medium and low vulnerabilities reported for its products.
As far as overall stats are concerned: the number of reported vulnerabilities rose from 4794 in 2013 to 7038 in 2014, a huge jump. Vulnerabilities with a high severity rating increased as well from 1612 to 1705 in total.
If you check the data, it becomes obvious that things don't add up. Just a check of all security bulletins released by Microsoft in 2014 alone shows a higher number than what is reported in the chart for the operating system.
What's your take on the data? True representation or missing information that would paint a different picture if included?
They’ve aggregated all the OSX versions into one AND counted IE outside of Windows but Safari inside of OSX LOL
ergo, windows is actually a lot less secure than OSX.
This should be used as “learning material” for better understanding.
Meanwhile , living in an area with more than 60% mac’s i had for repairing 1 macbook pro in 7 years ( 10-15 pc’s /week).
Yet Apple users, in the real world experience, are not having virus problems — go figure? People are taking their PC with Windows on it into the shops each and every day it seems with some sort of virus on their computers. Personally, I have not had a problem with Windows, OS X, or Linux, so far. No problem with Android or iOS so far. Not sure what people are doing. Perhaps a router, AdBlocker and a few other measures make the difference?
So of these malware attacks on Apple require physical install, as in someone grabbing your PC. Some require you clicking on buttons to approve the next step.
I cannot believe that Windows is safer or less vulnerable than the Apple Mac OS. Each month Windows users are saddled up with loads of patches and updates. I have much more confidence in Apples OS, qua security, stability and speed.
If each month Windows is receiving patches versus Mac OS, wouldn’t that technically make Windows more secure because patches are being applied quicker? It’s not like Windows is some sloppy independently programmed OS.
So, Windows / servers have 214 vs OS X with 147, yet OS X is on top ? OS X too have different versions (Yosemite, Mavericks, Mountain Lion..) just like Windows.
You cannot just add the Windows vulnerabilities. I agree that the listing is somewhat misleading and that it would have made more sense to either divide Mac and Linux (Kernel) into separate versions as well or combine the Windows vulnerabilities into one listing. I also wonder where Android is in that listing.
Yes. Android is a bit of a wild-west rodeo right now, I think. Distributing patches and updates appears to be in the hands of the device manufacturers, not the OS curators. And worse, device manufacturers appear to be cooking their own versions of the OS, making the whole idea of patching and updating a bit of a muddle.
I wonder about intrinsic biases in reporting: it would seem that an open codebase would be more easily inspected than a proprietary one, hence more vulnerabilities would be found in Linux than in Windows. On the other hand, everyone +dog is looking for vulnerabilities in Windows just because there money to be made — antivirus, security consulting, etc.
Dunno how that adds up.
I have to admit, my first reaction was… Linux has more kernel vulnerabilities than Windows? Noooooooooo!
But really, security through obscurity is always mentioned as one reason Linux desktops don’t see much exploitation. Linux has a strong presence in the webserver sector, and yeah, Linux gets hacked in that sector with regularity.
And the stats given don’t tell the full tale.
1. Patch frequency matters. My Ubuntu, Mint, Salix, Manjaro, and OpenSUSE installations were patched within hours as each iteration of the Bash bug came to light. The number of vulnerabilities is one statistic, but the number of vulnerabilities times the duration they remain unpatched after being discovered is another.
2. Implementation matters. If you run a Windows default install next to a NetSecL Linux default install, I would guess that the Windows would be far more vulnerable. NetSecL (and some other distros) put the kernel behind a stringent firewall, close most ports by default, and — in some implementations — sandbox applications inside virtual environments. Kernel vulnerabilities are mitigated when an attacker can’t get to the kernel.
That said… Gotta hand a rose to Microsoft. Much as I distrust them, and as much as I have eradicated Windows from my home machines, they have done a heck of a job getting Windows as secure as it is. Their ecosystem is filled with potential infections and parasites, and the fact that any Windows computer can stay clean (and many can!) is amazing.
Apple? Dunno. I use a Mac sometimes, but I don’t really know the system well. Haven’t had much problem with the Macs.
“The world’s most advanced operating system” <<<— Apple's tagline for OS X over the years. I've always found it hilarious that they make such a claim – one would be led to believe that such an operating system would be rock solid and dependable in most any role yet their own EULA says this:
"YOU FURTHER ACKNOWLEDGE THAT THE APPLE SOFTWARE AND SERVICES ARE NOT INTENDED
OR SUITABLE FOR USE IN SITUATIONS OR ENVIRONMENTS WHERE THE FAILURE OR TIME DELAYS
OF, OR ERRORS OR INACCURACIES IN THE CONTENT, DATA OR INFORMATION PROVIDED BY, THE
APPLE SOFTWARE OR SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE
PHYSICAL OR ENVIRONMENTAL DAMAGE, INCLUDING WITHOUT LIMITATION THE OPERATION OF
NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC
CONTROL, LIFE SUPPORT OR WEAPONS SYSTEMS. "
Is it just me or is their claim of being the world's most advanced operating system just a bit fallacious? Or perhaps facetious considering just how hilarious their marketing double-speak proves itself constantly? :)
+1 lol but it certainly doesn’t stop them from being the hardware of choice in movies with the subject or scene involving nuclear facilities, aircraft navigation, communication system, air traffic control, weapons system and life support. Notice how many damn movies have iMac’s in the background or part of set design which implies or suggests that Apple is in those vary fields they actually have a disclaimer for…
I’ve been in the industry for a while now and I can tell you that Apple users tend to be totally ignorant or ambivalent about Apple security. No one is confused about Windows. Everyone views it as insecure. Which is good. But why does Apple get a pass?
Good question. I’m not trying to bash Apple users, but I have yet to talk to an Apple user that can acknowledge shortcomings in their products. It’s perplexing, isn’t it? It’s sort of like political radicals for this party or that thinking their party is amazing and won’t listen to any opposing view no matter how rational it is. Or, maybe it’s marketing. I don’t know.
Maybe Windows users should be thankful there is so much media coverage about Windows vulnerabilities, at least we get to know about them when they appear, right? Better that than be out of the loop.
I like this article because is proves that no matter which OS you use, there are risks.
“Constant vigilance!” ~ Alastor “Mad-Eye” Moody