Mac OS and Linux more insecure than Windows in 2014.

opethdisciple · 22 Feb 2015 at 21:28

Thought this was interesting.

Supposedly Mac OS, IOS and Linux where more insecure than Windows was in 2014!

stopper · 22 Feb 2015 at 22:27

Supposedly yeah. But then that site would report such numbers, especially when a couple of new OS' are about to be released.
Did it take into consideration how many of the vunerabilities were fixed? and how fast they were fixed? Or is that just how many were "found" through the year.

Caged · 22 Feb 2015 at 22:39

Numbers by themselves are mostly irrelevant without any indication of the severity of the vulnerabilities and how easy they are to exploit. Microsoft have had some very high profile escalation of privilege vulnerabilities come to light in the past two months alone, along with the domain MITM issue from a couple of weeks ago.

Exploitable OS bugs are one thing, but you don't need to bother with them if someone like Lenovo are going to install root CAs from crapware and MITM all your SSL requests, or it's possible to get an adware infested bag of crap by using what at first glance appears to be a legitimate download site. I'd say those are more pressing issues for Microsoft to resolve, whether that means moving to an application whitelist model a little bit like Apple's Gatekeeper I don't know.

memyselfandi · 23 Feb 2015 at 07:36

Fundamental flaw in the linked table in that Linux is just treated as one "Linux Kernel" bucket and Windows is split into separate lines dependent on version ... kinda makes Windows look a lot better ...

Also if the Linux Kernel had 119 flaws in the last year that doesn't mean it had to be patched that number of times for end users (RHEL 6 for instance has 11 kernel releases in 2014 not all of which would have been purely for security issues).

Of course there are the usual questions on who is paying GFI to produce the report and should we expect any result other than this to be reported on a Windows centric site ...

stopper · 23 Feb 2015 at 10:19

Caged said:
Exploitable OS bugs are one thing, but you don't need to bother with them if someone like Lenovo are going to install root CAs from crapware and MITM all your SSL requests, or it's possible to get an adware infested bag of crap by using what at first glance appears to be a legitimate download site.

That's a very good point. How accessible are the vunerabilities, is what matters.
Since Windows is a free run for any installer, that would make it much more unsecure, especially when applications can run automatically through adverts on websites.

KIA · 24 Feb 2015 at 19:06

Nice of them to split the Windows products.

OSX: 147
iOS: 127
Linux kernel: 119
Windows: 248

Many of the Windows products share the same amount of vulnerabilities. I wonder why.