Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

McAfee Mac OS X Whitepaper

Yesterday’s edition of the “Security Watch” newsletter (also available online) contained a brief blurb about a whitepaper recently released by McAfee that contained a statistic regarding Mac OS X malware. Intrigued by the mention of this whitepaper, I hunted it down and read it myself.

The whitepaper (available from McAfee’s web site) does indeed lead the user into thinking that security vulnerabilities from Mac OS X far outstrip those of Windows:

The National Vulnerability Database shows an increase of 228 percent in the annual vulnerability rate for Apple’s products from 2003 (45 vulnerabilities) to 2005 (143 vulnerabilities). In contrast, the annual discovery rate of vulnerabilities in Microsoft’s products only grew 73 percent over the same period.

What is failed to make completely clear is the number of vulnerabilities for each vendor. In 2003, Microsoft had 92 vulnerabilities and in 2005, Microsoft had 159 vulnerabilities. While this is explained via a footnote (does anyone ever really read the footnotes?), McAfee fails to properly contrast the numbers and the percentages, instead allowing this statistic to lead readers into believing that the state of Mac OS X security is in far worse shape than Microsoft’s.

I won’t belabor the point, as Russ Cooper (the author of the Security Watch column mentioned above) does an excellent job of pointing out why raw statistics like the number or percentage of vulnerabilities are very poor indicators of overall security quality.

All of this is not to say that Mac OS X is without security flaws and problems. This article over at Linux-Watch.com says it perfectly: “Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure. Deal with it.” Anyone who says otherwise is just plain wrong, and time will prove that to be the case.

So, while Mac OS X may not be “immune” to viruses and “free” of security flaws, at least you don’t hear stories like this one about it.

Metadata and Navigation

Be social and share this post!