
Apple the new world leader in software insecurity - transburgh
http://arstechnica.com/security/news/2010/07/apple-the-new-world-leader-in-software-insecurity.ars
======
DuoSRX
The actual report
(<http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf>) is only about
Windows computers. So it's about iTunes, Safari ... for Windows, not Mac OSX.

" _In the first part of the report we look at the global picture covering all
vulnerabilities in all products, followed by the analysis of vulnerabilities
affecting the products and the operating system found on typical end-users
PCs._ "

~~~
Groxx
In a similar vein:

> _Vendors like Adobe (with Flash and Adobe Reader) and Oracle (with Java) are
> similarly responsible for many of the flaws being reported._

------
chaostheory
_"Though this does not necessarily mean that Apple's software is the most
insecure in practice—the report takes no consideration of the severity of the
flaws"_

Then what's the point?

~~~
KirinDave
Everyone loves attention.

------
kaiuhl
Their report only analyzes the criticality of Windows-based exploits, and
leaves Oracle and Apple bugs' severity undefined.

I can't find anywhere on Secunia's website that they make a big deal out of
this though, so I'm going to chock it up to Arstechnica being sensationalist.

~~~
brianpan
I also noticed Ars becoming much more anti-Apple as well as sensationalist.
Articles like Siracusa coverage on the antenna press conference as well as his
twitter feed seemed oddly vindictive to me.

[http://arstechnica.com/staff/fatbits/2010/07/unanswered-
ques...](http://arstechnica.com/staff/fatbits/2010/07/unanswered-questions-
unearned-trust.ars)

I found it unsettling considering Ars has been a top source of tech news for
me in the past that I thought was very even and thorough.

~~~
gbhn
Have you considered that an even and thorough approach to tech news may go
through periods where it levels more criticism than usual at Apple?

~~~
brianpan
Of course, one great reason to be more critical is if they deserve it. I don't
think that it's merited in these cases (original article or my link). I'm
trying to figure out if this is a temporary/isolated thing, a systemic change,
or a figment of my imagination/biases.

~~~
brianpan
Ok, it's not just my imagination, this is link-bait if I ever saw it:
[http://arstechnica.com/apple/news/2010/07/international-
laun...](http://arstechnica.com/apple/news/2010/07/international-launch-
causes-rehash-of-iphone-4-antenna-issue.ars)

Title is: iPhone 4 antenna woes "significantly worse" than competition

1st paragraph explains: one consulting firm says it's worse, another review
says it's better.

I'm pretty sure I didn't see this type of thing from Ars in the past.

------
harshpotatoes
So it sounds like the real problem is that we need to create some sort of
unified updating system for third party apps, so you don't have to deal with
ten different programs complaining they need to be updated. Something so
simple, it only needs a single command to run. Like apt-get upgrade. Maybe
they should have that for windows/mac.

~~~
progr
On Mac every OS-bundled program do update through a central utility found on
the Apple dropdown menu. 90% of other programs use the Sparkle framework
(~100% if the program is Mac-only) which provide an unobtrusive way of
updating.

------
NathanKP
It is fortunate that Apple still has a small enough market share that they
aren't being attacked as vigorously as Windows is. For now I still feel like
my Mac is safer from viruses than the average Windows machine, but that
security is definitely shaky if Apple gets a larger market share and starts
attracting real attention from viruses and hackers.

~~~
b_emery
I hear this enough to wonder if it's a myth. Mac OS is built on Unix, so how
does the total Unix+Linux+Mac market share look? Probably big enough to
justify attacking. I suspect but can't prove that Unix is inherently more
secure than Windows (or more easily secured).

I've actually had a Mac compromised before after being lazy about the password
setup. I suspect it difficult for the botnets to get traction, but they're
certainly trying.

~~~
Tamerlin
It's not actually a myth. There aren't very many UNIX-based operating systems
in the hands of the average user, who is the prime target, since the users are
the biggest vulnerability in any system.

UNIX isn't inherently secure to begin with, in fact initially security for
UNIX was an afterthought. It wasn't until it started gaining widespread use
that the UNIX developers started taking security seriously. I went through the
transition from having encrypted passwords in the /etc/passwords file, which
everyone could read (or no one could log in) to /etc/shadow as security
started becoming important.

That said, there was a virus around 8 years ago that specifically targeted a
bunch of NCSA UNIX machines, and they ended up getting caught with their pants
down -- there WAS a fix already available that would have blocked the virus,
but the NCSA admins hadn't been diligent about installing it.

------
antidaily
_Many of Apple's flaws are not in its operating system, Mac OS X, but rather
in software like Safari, QuickTime, and iTunes._

~~~
pixelbath
"...a growing trend in the world of security flaws: the role of third-party
software. Many of Apple's flaws are not in its operating system, Mac OS X, but
rather in software like Safari, QuickTime, and iTunes."

How are any of those third-party? They are all sold by Apple. Just because
they also happen to run in Windows doesn't make them third-party.

~~~
evilduck
Nitpicking out of context? Sensationalist headline? I assume you and everyone
who voted you up didn't actually read the study.

What Secunia did study was described as "In the first part of the report we
look at the global picture covering all vulnerabilities in all products,
followed by the analysis of vulnerabilities affecting the products and the
operating system found on typical end-users PCs." And all their graphs are
limited to XP, Vista and 7. So...probably limited to Windows. And they also
define 3rd-party software for you as non-Microsoft vendors in the sidebar of
page 9.

So yeah, everything by Apple is 3rd party software in the context of the study
cited.

