Is the volume of vulnerabilities a true measure of security?When it comes down to the Windows Vista vs. Mac OS X face-off, consumer perception is an important factor in bringing to center stage the most secure operating system of the two. And driven by an immutable Apple marketing ideology, Mac OS X manages to position itself in the limelight. OS X is nothing short of the Holly Grail in terms of protecting its users, while Windows Vista, via the inherent associating with the Windows line-up of products, is situated at the very opposite pole.
But at the same time, statistics manage to paint an entirely different picture of the two platforms. A new perspective over Vista vs. Mac OS X begins to take contour, one that is largely in the advantage of Microsoft's latest Windows client. Apple has not reacted in any manner to the vulnerability and update counting games that tilt the balance in Vista's favor. Not that it would have many avenues to deny hard facts.
Now, I am all too sure that you are already familiar with the Windows Vista vulnerability reports put together by Jeff Jones, a Security Strategy Director in Microsofts Trustworthy Computing group. Jones threw Vista in the same arena against Mac OS X Tiger and three of the most popular distributions of Linux from Novell, Canonical and Red Hat. In this context, Vista always comes on top with the least amount of security flaws.
More recently, Zero Day has done a similar initiative, counting all the vulnerabilities that have affected Mac OS X, Windows Vista and Windows XP in 2007, through statistics provided by Secunia. In a single year, XP was impacted by 34 vulnerabilities, Vista by 20, while Mac OS X had no less than 243, or five times as many as Vista and XP put together. On top of this, XP accounted for 19 highly critical security flaws, Vista for just 12, whereas OS X takes the trophy with 234.
Robert Hensing, from the Microsoft PSS Security Team, commented that "XP + Vista vulns vs. OSX vulns for 2007. We had a good year - Apple - not so much", without making any attempt to hide the satisfaction of his tone. And the fact of the matter is if OS X were a boat and the vulnerabilities were actual holes, it would sink in record time. The problem? OS X is a boat on dry land.
What does this mean? Well, the water is obviously an analogy of the threat environment. Both XP and Vista are confronted with mature threat environments, full of viruses, adware, spyware, Trojan horses, worms, keyloggers, and so on and so forth. Apple, on the other hand, benefits not only from an obscure market share of 6%, but also from an absent threat environment. This spawns the question if the volume of vulnerabilities is an accurate measure of security?
Sure, OS X holes are there, but without any malicious code to exploit them, the Apple operating system is as safe as possible. On the other hand, Windows vulnerabilities are under a constant barrage of fire. OS X is a product virtually swarming with flaws, but with no malware to attack them. And Windows has less vulnerabilities, but malicious code and attacks are drawn to them like moths to a flame. Now, you decide which is more secure.