toggle

AAPL Stock: 112.01 ( -0.53 )

Printed from http://www.macnn.com

Apple lax in keeping Mac OS secure?

updated 02:10 pm EDT, Mon April 2, 2007

Apple lax in security?

Apple is falling behind in keeping Mac OS X as secure as it should be, according to InformationWeek. The author's latest article cites several sources as evidence, such as a recent Internet Security Threat Report by Symantec, which notes that it now takes an average of 66 days for Apple to patch a vulnerability; conversely, Microsoft is averaging three weeks. This is also substantially slower than what was noted in the last Threat Report issued six months ago, which gave Apple an average of 37 days.

This is compounded by McAfee figures released in 2006, which noted that Mac OS vulnerabilities grew from 45 in 2003 to 143 in 2005, a growth of 228 percent. Windows problems rose a compartively small 73 percent.

Macs are, however, still considered more secure than PCs, experts tell InformationWeek. "Vulnerabilities just don't equal attacks," says McAfee researcher Craigh Schmugar. "Some people are saying the Mac is less secure than Windows because there have been more vulnerabilities in it than in Windows, but there are far fewer attacks reported on Mac OS X than Windows." This is supported by data from another McAfee researcher, Marius van Oers, who observes that of the over 236,000 malware apps for computers, only seven target Mac OS X. The vast majority are aimed at Windows, with about 700 being written for Linux and Unix.

"It is clear that OS X malware is not taking off yet," van Oers writes. "With an estimated OS X market share of about 5% on the desktop systems, one would expect to see more malware for OS X." Schmugar suggests this figure may rise if Apple marketshare increases dramatically, but until then, attackers will focus on the operating system with the largest userbase. "They haven't had to turn to the Mac for extra victims," he notes.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. horvatic

    Joined: Dec 1969

    0

    Ba,ha,ha,ha,ha,ha,ha,!!

    It is to laugh when someone writes that Apple is lax on security when they purposely built OSX with security first not as an after thought like Microsoft. Again, how many viruses or spyware has anyone gotten lately using a Mac and OSX? Zero,zilch,nada,zip,none. How many hacked live OSX servers or computers has anyone heard of. Zero, zilch, nada,zip,none. I rest my case.

  1. SubPop

    Joined: Dec 1969

    0

    target..?

    Schmugar suggests this figure may rise if Apple marketshare increases dramatically, but until then, attackers will focus on the operating system with the largest userbase.

    With their ad campaigns touting Mac OS X security, Apple is becoming the holy grail of hacker targets. While "security by obscurity" is probably still a reality to some extent with the Mac OS, I don't see it providing the haven that it used to.

    If Apple keeps up this track record with regard to addressing security holes, and a serious one does surface (which I don't think we've really seen yet) we could be in for a pretty embarrassing wake-up call.

  1. shawnce

    Joined: Dec 1969

    0

    now now horvatic...

    Mac OS X systems can be compromised and are compromised (most often by local exploits) but the occurrences of that are few and far between and if you keep current on patches and run with default services you are in general protected.

    In other words you cannot claim it hasn't and doesn't happen.

  1. Enforcer5981

    Joined: Dec 1969

    0

    Look at the source!

    McAfee guy says Mac OS is vulnerable...oh and please buy his product.

    I love the security protection racket these guys have. Tony Soprano eat your heart out.

    Also kudos to MacNN for their sensationalist headline. Actual quoted article's headline reads: "Despite Vulnerabilities, Apple's Mac OS X Weathers The Security Storm." Losers.

  1. Lo_Ruhamah

    Joined: Dec 1969

    0

    OS Security

    Please, In my many years as a consultant I have yet to hear of any malware (viral, spyware et al) infections on a Mac OS X computer that could in anyway be confirmed. Nor have I heard of ay being compomised, and no local exploits DO NOT count, seeing as being local at a computer one could simply use a system disc to change the computers passwords. If local security is an issue for your installation, a locked room is still the best policy.

    Regardless, these people are obviously self serving, using fear and mis-information as a marketing tool.

  1. SubPop

    Joined: Dec 1969

    0

    marketing by fear

    Regardless, these people are obviously self serving, using fear and mis-information as a marketing tool.

    Well, you wouldn't expect a company like Symantec or MacAfee to ignore such a lucrative customer base like security-scared Mac users, would you?

  1. mr100percent

    Joined: Dec 1969

    0

    misleading statistics

    Those statistics are so misleading. Windows has thousands and thousands of vulnerabilities, yet "only" a 73% increase in new flaws. Apple has what, a hundred flaws? A 228% increase is nothing in terms of actual flaws and numbers. Sheesh

  1. shawnce

    Joined: Dec 1969

    0

    % is correct

    In this case using percentage is a correct way to outline changes in a trend but the increase is easily explained by the increased security scrutiny that Mac OS X has received in recent the year/months... it doesn't mean Mac OS X has been getting worse in terms of security only more closely looked at.

    lo_ruhamah... I have seen compromised Mac OS X systems because of remote and local exploits (local without physical access). It does take place... Mac OS X is not immune but as I said in general it is well secured.

    With that said I don't buy the premise that Apple is becoming lax about security... in reality the opposite is taking place... 10.5 will further show how serious Apple is about security.

  1. ronjamin

    Joined: Dec 1969

    0

    Slow news day

    Hmm, seems like a slow news day

  1. Peter Bonte

    Joined: Dec 1969

    0

    statistics

    Microsoft averaging is three weeks? How do they 'average' a hole that get never patched or is a feature? The average of endless is endless, not three weeks. :p

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented