Windows trumps Mac OS X security-wise claims Symantec report
Microsoft's OS has had fewer vulnerabilities, and the software giant was quicker to patch them, claims a report from security expert Symantec.
Apple's Mac OS X would appear to be less secure than Microsoft's Windows, as findings show that in the last six months of 2006 the Redmond giant patched its operating system fewer times than any rival, and turned around those patches far quicker.
The information appears in Symantec's newly-published Internet Security Threat Report, which covers the period 1 July to 31 December 2006.
Windows Vista was not released to retail until January 2007, so is not included in the report, although as it points out "In December 2006, Symantec reported a vulnerability in previous versions of Windows that also affects the version of Windows Vista that was released to consumers in January. This indicates that Microsoft's Security Development Lifecycle, while thorough, does not necessarily identify all potential vulnerabilities."
Praise for Microsoft's patch development was based on evidence that it took an average of 21 days to develop each patch, based a sample set of 39 vulnerabilities. While better than Sun, HP, Red Hat or Apple, it still represented a slow-down over the first six months of the year, in which it was patching vulnerabilities in an average of 13 days from notification.
Apple took an average of 66 days to patch vulnerabilities. This metric was based on a sample set of 43 vulnerabilities, of which only one was considered to be of 'high severity'. Of Microsoft's sample, five were tagged 'high severity'. Again, Apple's turn-around slowed in the second half of the year, as it had been patching vulnerabilities in an average of 37 days between January and June 2006.
However, Internet Explorer's ubiquity helped it achieve the unattractive distinction of being the most targeted web browser, as it was the subject of 77 per cent of all malicious online attacks. Symantec documented 54 vulnerabilities in IE, compared to just 40 in Safari, although while Microsoft patched exploited vulnerabilities in its browser in around 10 days, it took Apple 62 days to do the same with its own default browser. Symantec explains this as being "skewed by a smaller sample set of patched vulnerabilities and exploits."
Elsewhere, the report noted that the government sector accounted for 25 per cent of all identity theft-related data breaches, which was more than in any other sector.
However, Denial of Service (DoS) attacks were down, dropping from 6,110 a day in the first six months of the year to 5,213 a day in the second six. While the US was the most common target of such attacks (52 per cent of all attacks detected) it was also the originator of more data-related malicious activity than any other country, accounting for a full 31 per cent of all activity on record.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download