The number of vulnerabilities in the first half of 2010 was close to the number recorded in the whole of 2009, security notification firm Secunia reports. Apple ranks first, ahead of runner-up Oracle, and Microsoft in the number of security bugs found in all their products in 1H 2010. During the first six months of 2010, Secunia …
3rd party software seems to be the big vector for attacks and Firefox is right at the top of that list. (Page 14)
1. Mozilla Firefox Mozilla Foundation 56% 96 15
2. Apple Safari Apple 15% 84 9
3. Sun Java JRE Sun (Oracle) 89% 70 5
4. Google Chrome Adobe 30% 70 14
5. Adobe Reader Adobe 91% 69 7
6. Adobe Acrobat Adobe 8% 69 7
7. Adobe Flash Player Adobe 99% 51 4
8. Adobe AIR Adobe 41% 51 4
9. Apple iTunes Apple 43% 48 3
10. Mozilla Thunderbird Mozilla Foundation 10% 36 7
Interesting to see that Opera maintains it's track record of great security... (it's clearly considered here, as it's marketshare it pretty much on-par with Safari)
It's also interesting to see that Secunia think Adobe makes Google Chrome...
Secunia also seems to think that adding up the Adobe app liability as compared to others, including adding up the ***partial Microsoft vulnerable app list*** seems to not rank above the others. Math challenged?
Where is MS Word and MS Outlook (Internet Typhoid Mary)?http://www.theregister.co.uk/Design/graphics/icons/comment/fail_32.png
Nick Farell & The Inq?
I had to check the URL to make sure I wasn't reading another sensationalist bollocks anti-Apple article. El Reg, I'm ashamed of you for going this route.
The summary of the report (per your article) is that most vulnerabilities in modern OSes are due to 3rd party code. Then go on to say that this will increasingly be the case. Well...... DUH!
The fact of the matter is, and has been for some time, that the vast majority of security issues in OS X is actually due to third party code. Notice I said "vast majority". Actual Apple code has had security issues as well. But, they haven't been as many as MickeySoft by any means. To be fair, I applaud MS for getting better in the past 2-3 years and would prod Apple to more thoroughly test the included 3rd party code as well as their own.
Oh my Reg, will you ever be more than just tech paparazzi?
Your headline is awesome, though not as good at the NYP's 'Headless Body in Topless Bar'.
The attached report is interesting to read, and I recommend that others read it in FULL as well, it's a touch less sensationalist than the Reg headline.
Actually, it was to be expected.
Apple hasn't really been security-focused. They've been driving up their install base by lying to their customers, and shirking their responsibility for providing security.
That is one of the many reasons why I cannot in good faith buy, service, or recommend Apple products. My reputation is more valuable than any profit earned by selling dishonest kit.
Maybe one day Apple will do security right. But right now, Microsoft is the clear winner for me - they've worked really hard over the last 9 years on their security, and that means a lot to me.
BTW: I hate Microsoft, and prefer Linux. I'm not a Microsoft fanboy.
From the Report: Page 6, Figure 2
Oracle (including Sun Microsystems and BEA Logic) ranked #1 in four out of five years overtaken by Apple in the first half of 2010, with Apple consistently ranking higher than Microsoft.
This seems to justify the headline.
RTF Article- Its all about WinOS, not OS X or Linux
A full read of this article states the problems on PC's using WinOS. This is not about Mac OS X or Linux. The applications from Apple are Safari, Quicktime and iTunes. Any software written using MS API's will suffer similar vulnerabilities.
From page 10 of the report:
Typical Software Portfolio & Operating System
We first examine the number of vulnerabilities of this Top-50 software portfolio together with the operating system, namely Windows XP and Windows Vista. Windows 7, released in October 2009, is excluded as we have no full year of data yet.
Suspect Analysis, Suspect Data
How do you tally the application bad boy list and separate the MS apps when judging system vulnerability. Who makes the app it immaterial. It is about the Swiss cheese holes in the system.
Worst and most suspect neither MS Word or MS Outlook are on the list of popular & vulnerable MS apps. MS Outlook is the typhoid Mary of the Internet.
Suggest the report is not only misrepresenting data, it is misinterpreting it's own data. http://www.theregister.co.uk/Design/graphics/icons/comment/fail_32.png