04/02/2007, 2:10pm, EDT
Monday, April 2nd
Apple lax in keeping Mac OS secure?
Apple is falling behind in keeping Mac OS X as secure as it should be, according to InformationWeek. The author's latest article cites several sources as evidence, such as a recent Internet Security Threat Report by Symantec, which notes that it now takes an average of 66 days for Apple to patch a vulnerability; conversely, Microsoft is averaging three weeks. This is also substantially slower than what was noted in the last Threat Report issued six months ago, which gave Apple an average of 37 days.
This is compounded by McAfee figures released in 2006, which noted that Mac OS vulnerabilities grew from 45 in 2003 to 143 in 2005, a growth of 228 percent. Windows problems rose a compartively small 73 percent.
Macs are, however, still considered more secure than PCs, experts tell InformationWeek. "Vulnerabilities just don't equal attacks," says McAfee researcher Craigh Schmugar. "Some people are saying the Mac is less secure than Windows because there have been more vulnerabilities in it than in Windows, but there are far fewer attacks reported on Mac OS X than Windows." This is supported by data from another McAfee researcher, Marius van Oers, who observes that of the over 236,000 malware apps for computers, only seven target Mac OS X. The vast majority are aimed at Windows, with about 700 being written for Linux and Unix.
"It is clear that OS X malware is not taking off yet," van Oers writes. "With an estimated OS X market share of about 5% on the desktop systems, one would expect to see more malware for OS X." Schmugar suggests this figure may rise if Apple marketshare increases dramatically, but until then, attackers will focus on the operating system with the largest userbase. "They haven't had to turn to the Mac for extra victims," he notes.
Filed under: Apple
,
, 16
,
,
,
,
,

subscribe to comments
for this article
With their ad campaigns touting Mac OS X security, Apple is becoming the holy grail of hacker targets. While "security by obscurity" is probably still a reality to some extent with the Mac OS, I don't see it providing the haven that it used to.
If Apple keeps up this track record with regard to addressing security holes, and a serious one does surface (which I don't think we've really seen yet) we could be in for a pretty embarrassing wake-up call.
In other words you cannot claim it hasn't and doesn't happen.
I love the security protection racket these guys have. Tony Soprano eat your heart out.
Also kudos to MacNN for their sensationalist headline. Actual quoted article's headline reads: "Despite Vulnerabilities, Apple's Mac OS X Weathers The Security Storm." Losers.
Regardless, these people are obviously self serving, using fear and mis-information as a marketing tool.
Well, you wouldn't expect a company like Symantec or MacAfee to ignore such a lucrative customer base like security-scared Mac users, would you?
lo_ruhamah... I have seen compromised Mac OS X systems because of remote and local exploits (local without physical access). It does take place... Mac OS X is not immune but as I said in general it is well secured.
With that said I don't buy the premise that Apple is becoming lax about security... in reality the opposite is taking place... 10.5 will further show how serious Apple is about security.