I know this will be hard to swallow, not to mention hell to digest for the bellicose Mac fans, but while Apple is readying the final details for Mac OS X Leopard, the world's most advanced and still
advancing operating system, it is also lagging behind Microsoft. Windows Vista has been available since the end of January, it's real and palpable and simply better than Mac OS X. How do I know this? Well
Mac OS X has failed to outperform Windows XP in terms of security, according to Symantec.
A lot can be said about Symantec, but not that the security company supports Microsoft in any way, or Windows for that matter. The bottom line is that Symantec makes its living off the insecurity of Windows. And still in a recent statistic put together by the Cupertino-based security outfit, Symantec has credited Windows with the shortest average security patch development time, besting Red Hat Linux, Mac OS X, Hewlett-Packard HP-UX and Sun Microsystems Solaris. And this is Windows XP, not Windows Vista. But just consider Vista a Windows platform superior to XP and to Windows Server 2003, and do the rest of the math yourselves.
Proof of Vista's superiority can be found in the security updates released in March 2007 by Microsoft and Apple. While Apple has patched over 40 security holes across a range of its products including the operating system, Microsoft has released a total of zero security bulletins, plugging just as many security vulnerabilities. Hmmm...
Let's take a look at the Windows XP vs. Mac OS X vs. patch development time in the second half of 2006, the time it took Microsoft, Apple and other OS developers to release security updates for zero-day vulnerabilities since the disclosure date and the actual availability of the fix is known as the patch development time. Throughout the duration of the patch development process end users are wide open to attacks just because the developers have not moved fast enough to mitigate the security issues.
And in this regard, Microsoft moves three times faster than Apple. In the last six months of 2006, there were a total of 39 vulnerabilities impacting Windows and there were no less than 43 vulnerabilities affecting Mac OS X. What? Is this possible? Mac OS X had more vulnerabilities than Windows? Yes. Don't believe me? Just go ahead and read the
Symantec Internet Security Threat Report - Trends for July-December 06 - Volume XI, Published March 2007.
But surely this is just a trend, illustrative for just the last six months of 2006. Well, no. Remember the month of Apple bugs in January? One flaw was disclosed each day for Apple products. Each day! Need I say more? And also let's consider the first half of 2006. Windows had 22 vulnerabilities, while Mac OS X had 21 flaws. That's pretty much equal. And Apple Mac OS X is the safer OS? I don't think so...
But what about the time it took Microsoft and Apple to patch Windows and Mac OS X vulnerabilities. Well, according to Symantec Windows had an average patch development time of 21 days, mainly because of the monthly patch cycle.
As for Apple, a company that serves security updates when necessary, Mac OS X users were exposed to exploits for an average of 66 days, three times as much as Windows users. But I guess they're lucky that Apple just owns 6% of the OS market, and as such, Mac OS X is not the prevalent target for attacks like Windows.
In all fairness, I should also mention that out of the 39 Windows vulnerabilities, 12 had a high severity rating, 20 were medium and 7 were low. For Mac OS X just one vulnerability was considered high severity, 31 were medium and 11 low.
