Skip to main content

Was Mac OS X really the most vulnerable in 2015?

Image
By

Much has been said in the security world about the recent release of data on vulnerabilities discovered in 2015. Due to the way this data has been presented, many news outlets have been reporting that Mac OS X was the “most vulnerable” OS in 2015. But was it really?
It turns out, there are some issues with the way the data is presented and the conclusions that are being drawn from that presentation. The table shows Mac OS X at the top, with 384 vulnerabilities, and iOS in a close second with 374. Well below that are different versions of Windows, with the worst being Windows Server 2012, in 10th place with 155 vulnerabilities, a mere 40 percent of the vulnerabilities of OS X.
Therein lies the first issue with this data, however. All versions of OS X are clumped together in one group, while different versions of Windows are broken down and shown separately. This means that comparing the numbers in that table does not amount to comparing apples to apples, so to speak.
If we look into the data a little more closely, it is possible to group vulnerabilities by vendor. Doing that, we see that Apple had a total of 654 vulnerabilities in 2015, while Microsoft had 571. Throwing Adobe into the mix, it achieves third place at 460 vulnerabilities.
This is a slightly more useful number, as it includes all versions of each company’s systems as well as their web browsers (Safari and Internet Explorer). However, this includes the vulnerabilities for iOS, while it’s unclear to me whether any Windows mobile systems are included in the Windows vulnerability counts.
Still, even those numbers are not particularly meaningful as-is. Comparing them is like comparing the number of hits made by two different baseball teams in a season without considering how many of those hits were foul balls, grounders, home runs, etc. One team may have a higher number of hits than another, but if they hit a lot more foul balls, while the team with fewer hits had a higher proportion of home runs and RBIs (runs batted in), the higher number of hits is revealed as a misleading statistic.
Similarly, vulnerabilities come in all kinds. There are relatively minor vulnerabilities that can’t really do much harm, and then there are the ones that allow a remote attacker to fully compromise your machine. Fortunately, each vulnerability in the data set is given a severity rating between 0.0 and 10.0. With some filtering, it’s possible to see all the vulnerabilities for each platform that were very severe (higher than 9).
Doing so turns up some interesting results. Apple, it turns out, had 91 vulnerabilities of this severity in 2015, a mere 14 percent of their total vulnerabilities. Microsoft, however, had 332 very severe vulnerabilities, at 58 percent of their total. Adobe leads both with a whopping 389 very severe vulnerabilities, almost 85 percent of their total.
This tells us more clearly about the severity of the vulnerabilities in the data, which is a more important metric than just how many total vulnerabilities there are.
Now, don’t get me wrong… I’m not trying to say that Apple’s systems are the most secure systems on the planet. Although the number of highly dangerous vulnerabilities is interesting, there’s still a lot left out.apple-iphone-smartphone-desk
For example, how many of the vulnerabilities were actually exploited by malware in the wild? There’s no way to know, barring another source of information or a lot of research. It doesn’t matter that Apple’s counts of dangerous vulnerabilities are lower if they got exploited more frequently than the competition.
There’s also no information about existing vulnerabilities. As an example, there are no new vulnerabilities listed for Windows XP. However, there are existing, unfixed vulnerabilities in Windows XP, and many people still use that, despite the fact that Microsoft has discontinued support for it. These won’t show up, but it would still be fair to count them if we’re trying to put some kind of number on how vulnerable Windows users as a whole are.
The same is probably true of Mac OS X 10.6 (aka Snow Leopard), which is no longer supported by Apple but has known vulnerabilities. That should also count against Apple, and although I don’t know for sure (due to the way the Mac OS X data was categorized), I’m guessing there are probably no Snow Leopard vulnerabilities in the 2015 data.
Plus, there could very well be minor vulnerabilities in the systems that were listed that were found in 2014 but haven’t been fixed yet. Such things do happen, and that would be particularly interesting to examine, since it would give insight into the delay between discovery of a vulnerability and patching it for each vendor.
So, bottom line, I’d advise you to ignore any click-bait headlines about how Mac OS X is the “most vulnerable system” based on this data. As I’ve shown, if you look at the data in a different way, you could come to a very different – but still probably inaccurate – conclusion. Ultimately, based solely on vulnerability counts, there’s no valid way to say whether Apple or Microsoft win the “most vulnerable” award, and any attempt to do so is extremely misleading.

Comments

Post a Comment

Popular posts from this blog

Google is using machine learning to teach robots how to grasp random objects

By
Using your hand to grasp a pen that’s lying on your desk doesn’t exactly feel like a chore, but for robots, that’s still a really hard thing to do. So to teach robots how to better grasp random objects, Google’s research team  dedicated 14 robots to the task . The standard way to solve this problem would be for the robot to survey the environment, create a plan for how to grasp the object, then execute on it. In the real world, though, lots of things can change between formulating that plan and executing on it. Google is now using these robots to train a deep  convolutional neural network  (a technique that’s all the rage in machine learning right now) to help its robots predict the outcome of their grasps based on the camera input and motor commands. It’s basically hand-eye coordination for robots. The team says that it took about 3,000 hours of practice (and 800,000 grasp attempts) before it saw “the beginnings of intelligent reacti...
Post a Comment
Read more

How to Run Older Applications in Windows 10

By
You cannot expect all the vendors to upgrade their programs to make them compatible with Windows and neither would you want to purchase all the applications every time a new version of Windows is out. Nonetheless, the fact still remains the same that not all applications are compatible with the latest operating systems and there are times when many applications do not initialize when you upgrade your PC to a newer version of Windows. To make things easy for you, Windows 10 allows you to run the programs in compatibility mode. Running a program in compatibility mode makes the application think that it is installed on an older, compatible version of Windows, thus the software runs without any flaws. There are two ways you can run a program in compatibility mode: Program Compatibility Troubleshooter – This is a step-by-step wizard that allows you to pick a program that you prefer to use and configures it to run in compatibility mode. Compatibility Tab – This tab can...
Post a Comment
Read more

eGym raises $45M Series C for cloud-connected gym equipment and fitness software

By
eGym , the Munich-based startup that offers cloud-connected gym equipment and supporting cloud software and app for the fitness training floor, has closed $45 million in Series C funding. The round was led by new investor HPE Growth Capital, while existing investors, including Highland Europe, also participated. The problem that eGym is looking to solve is that, whilst gyms have moved from a bodybuilder market to a mass market in the last 20 years, the technology in gyms lags behind. That’s despite the fact that better use of technology can help to reduce customer churn, the biggest pain-point of both gym operator and gym users. Comprising of an app for both gym user and trainer, combined with the company’s connected strength machines, the eGym Cloud makes it possible for gym members to receive better fitness instruction and an evolving and personalised fitness plan based on data collected as they workout. And by providing a better workout feedback loop, gym goers can get an i...
2 comments
Read more

5 Best Free Antivirus for Android Phones and Tablets

By
Android mobiles are trending today. World is running behind android and its versions. I am sure you also having one high end android mobile with you.  So, here in this article I’ve listed the best 5 antivirus for Android phones and tablets. 1-  AVG Antivirus App For Android When you download AVG Anti-virus and install it on your mobile or tablet then it shows screen alert. By touching the screen you can perform the scan. It is a free anti virus software, which helps you to protect your mobiles from virus, malware and spyware It provides some other features like ANTI THEFT, SMS SCANNER, TASK KILLER etc. It protects your mobile when you use internet Download AVG anti-virus from ANDROID MARKET. 2-  Look Out Mobile  Antivirus Look out anti virus for mobile is one of the best android anti virus software. It keeps your tablets and phones safe and secure You can run the app any time and scan for virus It protects your mobile when you use interne...
2 comments
Read more

Here Are The First Connected Home Devices For Apple’s HomeKit

By
Apple’s HomeKit is finally starting to roll out to actual consumers, via the first crop of HomeKit-enabled accessories from third-party manufacturers. This means you’ll soon be able to get your hands on a range of products for the connected home that work with Siri on your iOS device, and that you’ll be able to do so as soon as today, since some of the new HomeKit accessories start shipping now. The accessories in question range from sensors, to lights, to thermostats, to smart outlets, and come from a group of accessory-makers with a trusted reputation in the connected home industry. HomeKit may have taken a while to arrive, but it’s doing so in grand fashion, with a practical lineup to get your home connected to your iOS ecosystem in an essential way. Elgato Eve The  Elgato Eve  is a set of connected wireless sensors that monitor key factors like indoor air quality, temperature, humidity as well as conditions outside, like temperature, humidity and air pre...
Post a Comment
Read more