updated 02:10 pm EDT, Mon April 2, 2007
Apple lax in security?
Apple is falling behind in keeping Mac OS X as secure as it should be, according to InformationWeek. The author's latest article cites several sources as evidence, such as a recent Internet Security Threat Report by Symantec, which notes that it now takes an average of 66 days for Apple to patch a vulnerability; conversely, Microsoft is averaging three weeks. This is also substantially slower than what was noted in the last Threat Report issued six months ago, which gave Apple an average of 37 days.
This is compounded by McAfee figures released in 2006, which noted that Mac OS vulnerabilities grew from 45 in 2003 to 143 in 2005, a growth of 228 percent. Windows problems rose a compartively small 73 percent.
Macs are, however, still considered more secure than PCs, experts tell InformationWeek. "Vulnerabilities just don't equal attacks," says McAfee researcher Craigh Schmugar. "Some people are saying the Mac is less secure than Windows because there have been more vulnerabilities in it than in Windows, but there are far fewer attacks reported on Mac OS X than Windows." This is supported by data from another McAfee researcher, Marius van Oers, who observes that of the over 236,000 malware apps for computers, only seven target Mac OS X. The vast majority are aimed at Windows, with about 700 being written for Linux and Unix.
"It is clear that OS X malware is not taking off yet," van Oers writes. "With an estimated OS X market share of about 5% on the desktop systems, one would expect to see more malware for OS X." Schmugar suggests this figure may rise if Apple marketshare increases dramatically, but until then, attackers will focus on the operating system with the largest userbase. "They haven't had to turn to the Mac for extra victims," he notes.