View Single Post
Unread 08-27-2010, 03:15 AM   #140 (permalink)
If You Know What I Mean
Jiro's Avatar
Join Date: Apr 2007
Location: The Soprano State
Posts: 66,942
here highlander.... an update information to that old link (same company) - July 28, 2010

The Myth of the Secure Apple OS
Talk to an Apple fanboy or girl, and chances are they'll tell you the company's Mac software is "better" than Microsoft's -- or anyone else's for that matter. So there will be a few of them slinking around holding their heads in shame right now thanks to some research published recently by security company Secunia.

It turns out that of all the software vendors Secunia studied -- and it looked at all the big boys including Microsoft, Oracle, Adobe, Mozilla, Google, IBM and so on -- the vendor with the most vulnerabilities in all its products was ... you guessed it: Apple (NASDAQ: AAPL).

It's ironic, really, when earlier this year Apple's Steve Jobs refused to allow Adobe's Flash on the iPhone or iPad, justifying the decision by calling Adobe lazy and saying: "Apple does not support Flash because it is so buggy." The words "pot," "kettle" and "black" spring to mind.

Of course it's true to say that bugs and vulnerabilities are not the same thing, and also that the raw number of vulnerabilities doesn't give a precise indication of the relative overall security of a given vendor's offerings. What we can say is that no one is perfect. Apple may be the least perfect of them all -- at least when it comes to writing vulnerability-free code.
Apple's interest these days is in selling closed systems: Devices like the iPhone and iPad that don't provide root access to their owners and that can run only software that Apple specifically approves (and, rather handily, takes a juicy financial cut of) via the AppStore and iTunes.

Apple's control over the software these devices can run means it can outlaw applications or vendors it believes present security risks. What's more, its control over software distribution means users can be notified of security patches for all their applications very easily, and they can download these updates from a single source. On the face of it, that's good for security, and it compares favorably with traditional enterprise OSes. For example, if you look at machines running Windows OSes like Windows Server 2008, Secunia says about 35 percent of vulnerability patches can be downloaded from Microsoft (NASDAQ: MSFT), but the remaining 65 percent must be downloaded using about 13 or more other update mechanisms from various third parties.
- Don't forget to buy Jiro's Special Edition Sunglasses for $19.95
Jiro is offline   Reply With Quote