George Ou takes Paul Murphy to task for denying George’s allegation that Mac OS X is less secure than Windows because Mac OS X has had 238 reported vulnerabilities in the last year as opposed to 95 for Windows XP. Sounds bad huh?
Why on Earth would we prefer to be on Mac OS X then?
Well, there’s a slight amount of disingenuousness (is that a word?) there?
In one Mac OS X security update, there are 40 vulnerabilities fixed. Sounds mad eh? But when you look at the detail – some of them are vulnerabilities in htdigest, Apache2, CUPS, MySQL, OpenSSL. I’m not denying that these are issues and I’m also not denying that the problems in AppKit, Safari or Corefoundation are indeed problems but a vulnerability in OpenSSL is not the same thing at all. Apple didn’t write this code. It’s written and maintained by the open source community. If you’re using OpenSSL on Mac OS X you don’t have to wait for Apple to patch it. you can go get the patches from OpenSSL directly and build it yourself. Waiting for Apple to patch it is different. It’s a choice. And people using OpenSSL will be more savvy users anyway. It’s unlikely that your maiden aunt with enable MySQL or OpenSSL on their iMac.
Compare that to a single vulnerability in Windows. Microsoft wrote the code. And they’re the only people who can patch it. You can’t pop along to a different supplier and grab the patch files. Or you can consider this one for Internet Explorer which is considered “extremely critical”. And it’s unpatched. And the only place you can get the patch is Microsoft.
Y’see, it’s not the number of vulnerabilities. It’s whether or not you’re actually vulnerable. While I may have openssl installed, it’s not enabled. I don’t have MySQL installed (it ships on Server). I don’t have apache2 either.
But doesn’t everyone on the planet have Internet Explorer?