1. surur's Avatar
    You should see how many updates I have! It's annoying installing updates monthly. It should have had it's holes plugged LONG ago! It's like they need to just rewrite the code entirely to make it more secure!
    Maybe its because Windows to patching seriously, unlike OSX?

    March 21, 2007
    Report Says Windows Gets The Fastest Repairs
    By Andy Patrizio

    UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec (Quote), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.

    The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.

    The report found that Microsoft (Quote) Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.

    During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.

    Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days.

    The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.

    Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple (Quote) has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.

    Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.

    Bringing up the rear were HP-UX from Hewlett Packard (Quote) and Solaris from Sun (Quote). HP-UX had 98 vulnerabilities in the second half of 06 and took 101 days to fix them. Sun, though, really dragged its feet, taking on average 122 days to fix 63 vulnerabilities. It wasn't doing much better in the first half of 06, either. It took 89 days to fix 16 vulnerabilities.

    Alfred Huger, vice president of engineering for Symantec Security Center, said the real problem is with Web applications, where two-thirds of all vulnerabilities are found. Operating systems are fairly minor, and despite the long time periods, the vendors are doing "an ok job, just not stellar."

    The response from vendor's mentioned in the report was mixed. A Microsoft spokesperson issued a statement to internetnews.com that said in part "As a part of this industry, Microsoft continues to adapt to address these threats and continues to work with others in the industry to protect customers as a whole."

    Anuj Nayar, manager of Apple's Mac OS X and developer relations, would only say "Apple takes security very seriously and has a great track record of addressing vulnerabilities before they affect you."

    Sun specifically disputed Symantec's data and conclusions in a statement emailed to internetnews.com:

    "Symantec's data on security vulnerabilities simply does not match Sun's. We can't verify Symantec's sources and consider their report on Sun inaccurate. From 7/1/06-12/31/06 we published 54 Security Sun Alerts, of which 36 were for Solaris - substantially less the 63 Solaris vulnerabilities claimed in the Symantec report. Past analysis of our vulnerability response shows we responded within five days for the vast majority of vulnerabilities, but averages are skewed by a small minority of 3rd party applications (or code) that are included/bundled with Solaris. Sun responds to all reports of security vulnerabilities, and we stand by our reputation and established track record of responding to security vulnerabilities with Sun Alerts and a quick turnaround time for patches.

    Analyst Charles King with Pund-IT said Microsoft has had to be aggressive about dealing with security issues because it's such a big target. In that regard, the company has met the challenge.

    "I think in a way that a culture of having been under attack for a decade or more has led to the company taking a very proactive approach to fixing those problems," he told internetnews.com. "In the last 24 months, they've taken a very aggressive stance toward the security of their system. In review after review of Vista, despite its faults, the security of the system has been considerably better than XP."

    By contrast, King said there have been complaints in the past about Apple's lack of response to security issues. But as the Mac and Linux gain marketshare, they will have to respond much quicker.

    "Are the old models of response to security issues going to be able to fly or will those companies start to take some serious publicity hits from these increasing vulnerabilities and a relatively lackadaisical response to fixing those vulnerabilities?" he asked.

    This article was Updated to include comments by Sun Microsystems that were received after the original story was filed.

    06-16-2007 09:05 AM
  2. mikec#IM's Avatar
    Security is all relative.

    The only virus that ever hurt me was on an Mac SE way back in the day, when of course there were no virus's on Macs because they were so secure ;-).

    Ever since then, I've never had an issue on Windows, mainly because I didn't blindly open attachments and ran anti-virus (and of course, using Opera).

    Did get hit by a few nasty malware things, but that was my own fault trying to get cracks/warez and pr0n using IE. In both cases, cleanup was just a google away.

    Actually, Safari for Windows does a decent job stopping nasty things.

    And by the way, Vista is actually pretty damn good (with 2GB RAM, of course :-))
    06-16-2007 10:11 AM
  3. braj's Avatar
    Vista sucks for me, 64 bit though so possibly that is part of the problem. I really wish I had gotten a slower, more expensive Mac. After you factor in all of the other costs of ownership Macs really aren't that bad of a deal. Too bad I have proprietary software I have to run on Windows.
    06-16-2007 02:26 PM
  4. Pearl_Diva's Avatar
    That's my problem. There's not enough cross-platform software. It's either Windows or nothing. I'd have moved to Mac several years ago if it weren't for that!
    06-16-2007 02:54 PM
  5. mikec#IM's Avatar
    I would agree x64 is a huge issue. Actually, 99 percent of people shouldn't run it...first, there is no reason to (unless you are doing servers or databases), and second, the lack of drivers sucks.
    Maybe in a year they will improve that.

    As for the Mac, I like them, but after you add in all the apps I use, the Mac is MUCH more expensive than a PC. Lots of stuff free on Windows, much less on Mac).
    06-16-2007 02:55 PM
55 123