14 DAY TRIAL // Mac OS X 10.4 Tiger has chocked on the biggest vulnerability ball in its existence since the debut of 2007. This year simply started wrong for the Cupertino-based company with the month of the Apple bugs in January. As Windows Vista made its triumphant transition to general availability, Apple was licking its 30 wounds from the daily vulnerability disclosures in the first month of 2007.
Now, fast forward to May, the performance Windows Vista delivered in terms of customer protection is beginning to erode the myth of Apple producing the most secure operating system. Jeff Jones, a Security Strategy Director in Microsoft's Trustworthy Computing group compiled the April 2007 - Operating System Vulnerability Scorecard, and things look gloomy for Mac OS X Tiger.
The adjacent image, courtesy of Jones, is a graphic representation of the vulnerabilities in Windows Vista, Windows XP, Novell SLED 10, RHEL4WS, Ubuntu LTS and Mac OS 10.4 Toger in February, March and April 2007. You will be able to see that while Tiger features in excess of 60 vulnerabilities, in the past three months, Windows Vista has barely passed 5.
You can also see that open source solutions, meaning distributions of the Linux operating system from Novell, Red Hat and Ubuntu all feature between 30 and 50 vulnerabilities in the past three months. And the fact of the matter is that in the past 100 days, with the exception of Windows Vista and RHEL4WS all other operating systems have at least 10 critical vulnerabilities, with Tiger, the only platform passing the 20 critical vulnerabilities milestone.
"Examining the 3-month chart, we see that the Windows Vista fixes in April had some effect in pushing total vulnerabilities up to 7, with 5 of them being High severity. The subset of RHEL4WS has had a relatively low 3-month period for High Severity vulnerabilities fixed as well, with only 6 of its 34 vulnerabilities being High sev. Mac OS X, on the other hand, had the worst 3-month count for both total and High Severity vulnerabilities," Jones revealed.
The second graphic on the left represents all the vulnerabilities in the workstations mentioned above since the beginning of 2007. In the over four months that have passed, the Novell distribution of Linux and the Mac OS X Tiger are both close to 70 vulnerabilities. You will be able to see that Windows Vista is at the same level as the past month. "The year-to-date chart for client starts to show how the cumulative effect of vulnerabilities differs from only a 3-month view, with overall totals pushing up above 40 for all of the non-Windows clients and all of the products except Windows Vista having at least 10 High Severity vulnerabilities," Jones concluded.
