 |
Unrepentant Mac Apologism time! It seems that there are some "statistics" flying around that can be interpreted to mean that Mac OS X is, practically speaking, no more secure than Windows, and we certainly can't let that sort of stuff go unchecked, now, can we? Whether it's true or not, we mean. So we feel it's our sworn duty to cast all sorts of aspersions on the reliability of said stats and on the character and competence of those who compiled them. Of course, you'll have to keep in mind that absolutely nothing we say on the subject carries any weight whatsoever, since, far from being experts on computer security, our real expertise is in the field of making vegetables out of Play-Doh. (Corn on the cob is our specialty. We can get it all bumpy and everything.) However, while we're not security experts, we've seen one on TV; surely that counts for something.
Anyway, it's like this: faithful viewer C. J. Corbett tipped us off to a Techworld article last week with the ominous title of "Mac OS X security myth exposed" which leads off with this oh-so-fair-and-balanced sentence: "Windows is more secure than you think, and Mac OS X is worse than you ever imagined." See, security firm Secunia claims to have compiled some honest-to-goodness statistics proving once and for all that choosing Mac OS X over Windows is your surest path to having some scary 'net dude invade your system, swipe your financial data, and start leering at digital photos of your family members in an... unsavory manner.
How is this possible? Well, numbers don't lie, and while Windows XP Professional clocked "46 advisories in 2003-2004, with 48 percent of vulnerabilities allowing remote attacks and 46 percent enabling system access," Mac OS X racked up 36 such advisories, with 61 percent remotely exploitable and 32 percent allowing the takeover of the system. See? Worse than you ever imagined. It's like a wedge of Swiss cheese with a shotgun blast through the middle or something. Meanwhile, Windows users will no doubt be thrilled to hear that their virus-ridden, spyware-loaded, worm-propagating systems are more secure than they think. Good for them.
There are just a few problems with this argument, however. The first is the claim that Mac OS X isn't much better than Windows XP Professional because it had 36 security advisories compared to Windows's 46. Maybe we're fresh off the turnip truck or something, but 22% fewer advisories sounds quite a bit better to us. Also, if you actually look at the data to which Techworld refers, it's not 36 advisories for Mac OS X at all; it's 33. (Apparently Techworld decided to go back to 2002 to fetch its reported number.) Granted, the Windows number is also 45 instead of 46-- yeesh, Techworld; fact-check much?-- but even so, now we're talking about nearly 27% fewer security advisories for Mac OS X than for Windows XP Professional.
Now take a look at the advisories themselves, and notice how no fewer than eleven of those 33 advisories (that's a third, for the mathematically inept) are titled "Mac OS X Security Update Fixes Multiple Vulnerabilities" or something similar. Yes, in its advisory count, Secunia is including those advisories it generated just to report that Apple had fixed something. Does anyone else find it a little odd that Secunia penalizes Apple for fixing problems, including ones that were fixed so quickly that Secunia had never found out about them in the first place? (While they may describe a flaw and immediately note the presence of a patch, none of the Windows advisories appears to exist simply to announce that Redmond had fixed a bunch of holes.)
Notice also that Secunia yaps on about how, for Mac OS X, "of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system"-- but never mentions how many could be exploited across the Internet to enable attackers to take over the system. Personally, we aren't much concerned about exploits that require local access to a Mac, because if anyone's climbing in through a window downstairs, we've got more important things to worry about than whether or not he can mess with our Finder preferences. We picked one of those advisories at random, noted that it's tagged with an impact of "System access" and a location of "From remote," and then scoped out the description of the flaws to find that the only ones listed that appear to allow "escalation of privileges" can only be exploited by "malicious, local users." So as long as we keep the doors locked at night and don't tick off our housemates to the point of digital vandalism, we're apparently all right.
And finally, how is it reasonable to conclude that Mac OS X is barely as secure as Windows based strictly on these (apparently shaky) advisory counts anyway, since that methodology completely ignores the fact that while Windows users get stomped on by worms and viruses on a seemingly hourly basis, the first truly serious Mac OS X flaw found since the product shipped over three years ago apparently resulted in a grand total of zero malicious exploits? Something is rotten in Denmark.
And maybe in the UK, too; faithful viewer jfletch pointed out another Techworld article from almost two months ago that also quoted Secunia and claimed that Mac OS X's security problem at the time "makes Microsoft's current Sasser problems look no more than a nasty nip." (Of course, two months later Sasser still turns up in articles on Google News posted just hours ago, but who's counting?) Now, far be it from us to claim that there's some sort of Techworld-Secunia conspiracy intended to undermine Apple's attempt to gain an entry into the enterprise market, because we would never-- oh, who are we kidding? There's some sort of Techworld-Secunia conspiracy intended to undermine Apple's attempt to gain an entry into the enterprise market. We've been jawing about this incessantly for about four days straight, now, so determining motive is left as an exercise for the viewer. Follow the money!
| |
