14 DAY TRIAL // Believe it or not, operating systems - such as Mac OS X and Red Hat Linux - recognized for the high level of security they deliver are in fact no match for Windows XP. In fact, users of Mac OS X and Red Hat Linux are exposed to attacks for a longer period of time than Windows XP customers are.
"The time period between the disclosure date of a vulnerability and the release date of an associated patch is known as the "patch development time." If exploit code is created and made public during this time, computers may be immediately vulnerable to widespread attack," revealed Symantec.
As far as the patch development time is concerned, Windows XP is the safest operating system. Symantec has compared the exposure window in which users of various operating systems are vulnerable to attacks, and concluded that Microsoft Windows XP comes on top of Apple Mac OS X, Hewlett-Packard HP-UX, Red Hat Linux (including enterprise versions and Red Hat Fedora), and Sun Microsystems Solaris.
According to data made public by Symantec, in the last six months of 2006, the average patch development time of Windows was of 21 days. In the first months of the past year, the Redmond Company took an average of 13 days to patch the 22 vulnerabilities reported.
"Of the 39 Microsoft vulnerabilities disclosed during this period, 12 were considered high severity, 20 were medium severity, and seven were low. In the first half of 2006, of the 22 Microsoft vulnerabilities, five were considered high severity, 11 were medium severity and six were low," Symantec added.
Red Hat Linux had an average patch development time during the last six months of 2006 of 58 days. In this period, Red Hat Linux has been impacted by no less than 208 vulnerabilities, a consistent growth in the security exposure compared with the first months of 2006 when only 42 vulnerabilities were patched in Red Hat with a patch development time of 13 days.
"Of the 208 Red Hat vulnerabilities during the second half of 2006, two were considered high severity, 130 were medium severity, and 76 were considered low. During the first half of 2006, of the 42 vulnerabilities in Red Hat, one was considered high severity, 21 were medium severity, and 20 were low severity," Symantec informed.
Apple Mac OS X has managed a patch development time more than three times that of Windows in the second half of 2006, which translates in an average of 66 days spent for a sample set of 43 vulnerabilities. In the first half of the past year, Mac OS X was impacted by only 21 vulnerabilities and it took Apple a 37-day average to provide security updates.
"Out of 43 vulnerabilities in Mac OS X during the current period, one was considered high severity, 31 were medium severity, and 11 were low. In the first half of 2006, 21 vulnerabilities were documented for Apple. Of these, three were considered high severity, 12 were medium severity, and six were low," Symantec mentioned.
As you can see from the graphic included herein, Hewlett Packard HP-UX and Sun Solaris had a patch development time of 101 days and 122 days, respectively, also lagging behind Windows XP.
