[SOLVED] Secunia: Apple makes the most vulnerable software in the market today

From: The Window Club July 17, 2010

According to the Secunia Half Year Report 2010 report released recently, Apple makes the most vulnerable software available on the market today. Moreover, Secunia also made it clear that Apple software has constantly accounted for more security vulnerabilities than Microsoft’s.
The report shows an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored.
This trend is supported by the fact that users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming.
Key highlights of the Secunia Half Year Report 2010:

• Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.
• A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.
• In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user
• PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010 to 760.During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.
• A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The study also indicates that popular vendors are also subject to more scrutiny by the security community / researchers than less popular vendors; Oracle (including Sun Microsystems and BEA Logic) ranked #1 in four out of five years overtaken by Apple in the first half of 2010, with Apple consistently ranking higher than Microsoft.
Here are a few more findings of the report!




You can download and read the full Secunia Half Year Report 2010 PDF here.

The Secunia Personal Software Inspector is a free security tool designed to detect vulnerable and out-dated software and plug-ins which expose your otherwise updated & secure Windows computer to malicious attacks. You may want to check it out!

And yet, Apple computers still rarely get attacked. One would think that with the rising number of sales of Apple computers that hackers would be itching to have a shot at an attack. I find that curious.

Could it be that there are a number Apple OS owners that HAVE been hacked or whatever but they just don't speak up at all? (possibly because of the embaresement that hey brag to everyone that they CANT get hacked/whatever and now they are)

Dunno, I am on two Apple forums and discussions come up over virus checkers and such. There was one reported instance of a malware appearing but it came in on data in a file (if I remember correctly) and could not activate on the Mac.
Opinions vary and some are of the opinion that it will happen one day but hasn't yet.

My thoughts for what they are worth is that the Mac fans are pretty supportive of each other in their O/S environment and I would think that if a virus issue occurred they'd be warning everyone pretty quickly.

They have been known recently to have been hit with Remote Code Execution, or at least there has been a rise in the attacks. It is one of the worst kinds of attacks that can occur to a computer user. Once the attack is successfully launched, the attacker can do pretty much what they wish with your computer. The outcome of an attempted attack depends fairly much upon the attacker's skill and the user's security posture at the time of the attack.

ALL BRANDS of OS's, Windows, Mac & Linux can be struck with remote code execution, if not properly secured, and even if the user was, a click onto the wrong link can nail you. If you have Firefox, the No Script add on can help a lot, only allow scripting on a temporary basis when necessary. I don't know what to suggest for IE, Opera, Chrome & Safari.

Seems like Safari users have been targeted as of late, there was a recent report on this forum about it. I was trying their latest browser out recently, and was hit with an attack like I've never had before. I do admit, I was on a couple of porn sites, but I was looking for their "Safe Search" to cover my back. It was so bad, that I couldn't even get MSE, Malwarebytes or the Malicious Software Tool that we're downloaded every month to work. I attempted to get to the Windows Live Safety Scanner through IE, it locked IE down.

So I booted into XP Pro, and did a full scan with MSE, it really went to cleaning. After two scans, and one with Malwarebytes, I thought I could boot back into 7 and be OK. I did, and as soon as I did, there was a message about a "security update" that I needed to apply urgently. Like a fool, I did, and the whole deal started all over again. Since I had backups of my other OS's, I decided to nuke the drive with DBAN, the first time I used seven rounds of cleaning, then I followed that with three more DOD (three rounds) of cleaning.

I thought after all of that cleaning, everything would be OK, but all of the nuking made it run very hot, left me with drive problems, and above all, taught me that "Safe Search" was not to be relied upon, then when I found out that Safe Search was done by Google, that really pissed me. Several members on this forum had told me previously that I was paranoid, that Google wasn't out to get me. Well, they didn't do it alone, but had a hand in things.

Needless to say, stay as far away from Safari as you can, and Safe Search in particular. Hopefully, you'll won't get burned, as I did.

Cat

All I'll say is overkill by a factor of 9. The additional wipes were not necessary.

I never use such methods to clean a drive. Such methods are not needed for the general public. People who has the tech to read a drive after it has been cleaned with one pass would not be wasting their time on anyone unless there is lots to gain.

Probably not, but I was still having problems, and figured my drive needed more sanitizing. I didn't realize that the more that I was wiping, that I was causing further problems. All that "nuking" or "wiping" is simply overwriting your drive with random data. We all overwrite files on our computers on a daily basis, simply by using them, the difference is that I was overwriting the entire disc, which it should be able to handle.

It's not quite like taking an emory cloth or sandpaper and polishing your discs, it's only a software overwriter. But what I didn't realize was that the age of the disc probably came into play, as well as the intense heat generated by running it for so long on a six year old notebook.

Unfortunately, as a result of this, I'm having drive problems on it, as I'm typing this post. It frequently goes into CHKDSK upon startup, and sometimes I have to run the chkdsk /r command to get it going right again (at least three times weekly). It's a matter of time, and it's gone. A lesson learned, take it easy on a older computer.

Take it easy on your new computer as well or you will have an older computer before you know it. Electrical parts will last a long time as long as you can control the heat factor. Mechanical parts will wear down the more you use them. Hard drives(excluding SSD's) are mechanical and magnetical, the more you work them the closer they become to failing.

I do watch for heat on my desktop very closely. The only app that really made it hot at all was the beta high performance folding program. I ran it for a day, when I saw that I had no chance to meet the deadline, I stopped it then, a work unit with no points gained is no good anyway.

Anyway, it has huge grooves (top and bottom) for ventilation, and it also makes it easy for me to keep the dust out. I have a special vaccum attachment for delicate areas, such as those grooves & my keyboard, it has a tiny hole, so while it cleans, it doesn't apply too much suction. I also have a can of compressed air, but I can see down in there good with my flashlight, and don't see the need to use it yet. I would prefer to simply remove the cover if I saw the need for serious cleaning, sticking a tube through the grooves and blowing away blindly would not be a good idea.

You are right, heat is the #1 killer of all electronics, even the battery in a car. Many thinks that it's the cold that kills a battery, when actually it's the sweltering heat of the summer. The problem merely shows up in the cold of the winter when the battery can't hold a charge any longer, and most drivers don't attempt to insulate it from the heat, as well as the cold.