The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5). But to get some perspective of how many publicly known holes found in these two operating systems, I’ve compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side. This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months. The more monthly flaws there are in the historical trend, the more likely it is that someone will find a hole to exploit in the future. For example back in April of this year, hackers took over a fully patched Macbook and won $10,000 plus the Macbook they hacked.
I used vulnerability statistics from an impartial third party vendor Secunia and I broke them down by Windows XP flaws, Vista flaws, and Mac OS X flaws. Since Secunia doesn’t offer individual numbers for Mac OS X 10.5 and 10.4, I merged the XP and Vista vulnerabilities so that we can compare Vista + XP flaws to Mac OS X. In case you’re wondering how 19 plus 12 could equal 23, this is because there are many overlapping flaws that is shared between XP and Vista so those don’t get counted twice just as I don’t count something that affects Mac OS X 10.4 and 10.5 twice.
|Windows XP, Vista, and Mac OS X vulnerability stats for 2007|
|XP||Vista||XP + Vista||Mac OS X|
|Total extremely critical||3||1||4||0|
|Total highly critical||19||12||23||234|
|Total moderately critical||2||1||3||2|
|Total less critical||3||1||4||7|
|Average flaws per month||2.83||1.67||3.67||20.25|
X Extremely critical
H Highly critical
M Moderately critical
L Less critical
So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious. Clearly this goes against conventional wisdom because the numbers show just the opposite and it isn’t even close.
Also noteworthy is that while Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren’t present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and it’s something I am glad I don’t use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.