14 DAY TRIAL // Dino Dai Zovi - the New York security researcher that managed to hack into one of the Macbook Pro computers that were up for grabs at CanSecWest Vancouver 2007, for a $10,000 prize in addition to the Apple machine - has no doubt in his mind that Windows Vista delivers superior security compared to Mac OS X.
Zovi broke into the Macbook Pro computer via a vulnerability on QuickTime, Apple's media player that ships by default with Mac OS X and through the Java enabled Safari browser, also built into the Cupertino-based company's operating system.
The QuickTime vulnerability came at the end of a two months long security update marathon from Apple. The Cupertino based company patched a total of 70 vulnerabilities across its operating system and third-party software bundled with the Mac platform. Dino Dai Zovi's vulnerability is in fact a zero-day flaw, and not a previously resolved issue, as both of the Macbook Pro computers at CanSecWest were patched up to date.
But because the vulnerability is in QuickTime, it does not affect exclusively Mac OS X, but also other platforms with the plug-in installed including Windows Vista. This scenario is valid as long as the users are running a Java enabled browser, and it also impacts Internet Explorer 7.
"I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies," Zovi answered to a question from Computerworld via Macworld.