Now I've heard the opposite about Apple, that repairs often go unfixed for some time? I suppose if you measure by fixing something before it's used as an attack vector, then the amount of time that's passed between finding it and fixing it is pointless if the attack never came.
Generally speaking if you visit secunia, os x has been having a hard time according their reports, but vista has done well. That doesn't sound right if secunia is trying to sell you something...they would be grinding down on the larger market to sell more. Unless they aren't trying to sell anything. All things being equal, if vulnerabilities are measured the same between OS's then it really doesn't matter how they rate each problem, because the rating will be the same on the other OS. http://blogs.csoonline.com/windows_vista_6_month_vulnerability_report This is much the same report you can find almost everywhere if you are looking. The more interesting part is the comments from readers. Also of note this week, the cansecwest conference is coming up. The guy who took down OS X last year, Charlie Miller, is predicting os x/safari will get taken down again as quickly as last year. Course this is a neat trick but hardly something you hear about out in the real world. There is an interesting corealation between reports that OSX has more vulnerabilities from secunia and in these conferences gets taken down first. This isn't a coincedance. I'm not saying this really matters out in the real world for mac users since you hardly hear of major security issues on the mac side, but it does show os x security is more from obscurity. On Fri, Mar 6, 2009 at 12:15 PM, b_s-wilk <[email protected]> wrote: > >> >"A report by Secunia finds the vulnerabilities in Mozilla Firefox > greatly > >> >outnumbered those in Internet Explorer, Apple Safari and other browsers > in > >> >2008" > > Computer security companies exist because there are vulnerabilities in > software. It's in their interest--not yours--to blow the vulnerabilities out > of proportion to validate their existence. Companies like Mozilla and Apple > that repair potential vulnerabilities before they become dangerous are a > threat to the companies that sell security software. > > Consider the source. Consider the motives. > > > > ************************************************************************* > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > ************************************************************************* > ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
