On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

December 18th, 2007

Mac versus Windows vulnerability stats for 2007

Posted by George Ou @ 7:14 am

Categories: Apple, Microsoft, Patch Watch, Vulnerability research, Windows Vista

Tags: Apple Macintosh, Vulnerability, Microsoft Windows Vista, Flaw, Microsoft Windows, Microsoft Windows Vista (Longhorn), Apple Mac OS X, Apple Mac OS, Microsoft Windows XP, Operating Systems

The year 2007 has been an interesting year that brought us improved security with Windows Vista and Mac OS X Leopard (10.5).   But to get some perspective of how many publicly known holes found in these two operating systems, I’ve compiled all the security flaws in Mac OS X and Windows XP and Vista and placed them side by side.  This is significant because it shows a trend that can give us a good estimate for how many flaws we can expect to find in the coming months.  The more monthly flaws there are in the historical trend, the more likely it is that someone will find a hole to exploit in the future.  For example back in April of this year, hackers took over a fully patched Macbook and won $10,000 plus the Macbook they hacked.

I used vulnerability statistics from an impartial third party vendor Secunia and I broke them down by Windows XP flaws, Vista flaws, and Mac OS X flaws.  Since Secunia doesn’t offer individual numbers for Mac OS X 10.5 and 10.4, I merged the XP and Vista vulnerabilities so that we can compare Vista + XP flaws to Mac OS X.  In case you’re wondering how 19 plus 12 could equal 23, this is because there are many overlapping flaws that is shared between XP and Vista so those don’t get counted twice just as I don’t count something that affects Mac OS X 10.4 and 10.5 twice.

Windows XP, Vista, and Mac OS X vulnerability stats for 2007
  XP Vista XP + Vista Mac OS X
Total extremely critical 3 1 4 0
Total highly critical 19 12 23 234
Total moderately critical 2 1 3 2
Total less critical 3 1 4 7
Total flaws 34 20 44 243
Average flaws per month 2.83 1.67 3.67 20.25

 X Extremely critical
 H Highly critical
 M Moderately critical
 L Less critical

So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious.  Clearly this goes against conventional wisdom because the numbers show just the opposite and it isn’t even close.

Also noteworthy is that while Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren’t present in Windows XP.  Sidebar accounted for three of those additional vulnerabilities and it’s something I am glad I don’t use.  The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.

Windows XP, Vista, and Mac OS X vulnerability details for 2007
Month Windows XP Windows Vista Mac OS X
DEC CVE-2007-0064 H
CVE-2007-3039 L
CVE-2007-3895 H
CVE-2007-3901 H
CVE-2007-5355 L		 CVE-2007-0064 H
CVE-2007-5350 L
CVE-2007-3895 H
CVE-2007-3901 H
CVE-2007-5351 M
CVE-2007-5355 L
 		 CVE-2006-0024 H
CVE-2007-1218 H
CVE-2007-1659 H
CVE-2007-1660 H
CVE-2007-1661 H
CVE-2007-1662 H
CVE-2007-3798 H
CVE-2007-3876 H
CVE-2007-4131 H
CVE-2007-4351 H
CVE-2007-4572 H
CVE-2007-4708 H
CVE-2007-4709 H
CVE-2007-4710 H
CVE-2007-4766 H
CVE-2007-4767 H
CVE-2007-4768 H
CVE-2007-4965 H
CVE-2007-5379 H
CVE-2007-5380 H
CVE-2007-5398 H
CVE-2007-5476 H
CVE-2007-5770 H
CVE-2007-5847 H
CVE-2007-5848 H
CVE-2007-5849 H
CVE-2007-5858 H
CVE-2007-5850 H
CVE-2007-5851 H
CVE-2007-5853 H
CVE-2007-5854 H
CVE-2007-5855 H
CVE-2007-5856 H
CVE-2007-5857 H
CVE-2007-5859 H
CVE-2007-5860 H
CVE-2007-5861 H
CVE-2007-5863 H
CVE-2007-6077 H
CVE-2007-6165 H
CVE-2006-4339 H
CVE-2006-6731 H
CVE-2006-6736 H
CVE-2006-6745 H
CVE-2007-0243 H
CVE-2007-2435 H
CVE-2007-2788 H
CVE-2007-2789 H
CVE-2007-3004 H
CVE-2007-3005 H
CVE-2007-3503 H
CVE-2007-3504 H
CVE-2007-3655 H
CVE-2007-3698 H
CVE-2007-3922 H
CVE-2007-4381 H
CVE-2007-5232 H
CVE-2007-5862 H
CVE-2007-6276 M
NOV     CVE-2007-6165 H
CVE-2007-4702 L
CVE-2007-4703 L
CVE-2007-4704 L
CVE-2005-0953 H
CVE-2005-1260 H
CVE-2007-0464 H
CVE-2007-0646 H
CVE-2007-2926 H
CVE-2007-3456 H
CVE-2007-3749 H
CVE-2007-3756 H
CVE-2007-3758 H
CVE-2007-3760 H
CVE-2007-3999 H
CVE-2007-4267 H
CVE-2007-4268 H
CVE-2007-4269 H
CVE-2007-4671 H
CVE-2007-4678 H
CVE-2007-4679 H
CVE-2007-4680 H
CVE-2007-4681 H
CVE-2007-4682 H
CVE-2007-4683 H
CVE-2007-4684 H
CVE-2007-4685 H
CVE-2007-4686 H
CVE-2007-4687 H
CVE-2007-4688 H
CVE-2007-4689 H
CVE-2007-4690 H
CVE-2007-4691 H
CVE-2007-4692 H
CVE-2007-4693 H
CVE-2007-4694 H
CVE-2007-4695 H
CVE-2007-4696 H
CVE-2007-4697 H
CVE-2007-4698 H
CVE-2007-4699 H
CVE-2007-4700 H
CVE-2007-4701 H
CVE-2007-4743 H
OCT CVE-2007-5587 L
CVE-2007-2217 H
CVE-2007-2228 L
CVE-2007-3897 H		 CVE-2007-2228 L
CVE-2007-3897 H		  
SEPT CVE-2007-4916 M CVE-2007-3036 L  
AUG CVE-2007-1749 H
CVE-2007-3034 H
CVE-2007-2224 H		 CVE-2007-3033 H
CVE-2007-3032 H
CVE-2007-3891 H
CVE-2007-1749 H		 CVE-2004-0996 H
CVE-2004-2541 H
CVE-2005-0758 H
CVE-2005-3128 H
CVE-2006-2842 H
CVE-2006-3174 H
CVE-2006-4019 H
CVE-2006-6142 H
CVE-2007-0450 H
CVE-2007-0478 H
CVE-2007-1001 H
CVE-2007-1262 H
CVE-2007-1358 H
CVE-2007-1460 H
CVE-2007-1461 H
CVE-2007-1484 H
CVE-2007-1521 H
CVE-2007-1583 H
CVE-2007-1711 H
CVE-2007-1717 H
CVE-2007-1860 H
CVE-2007-2403 H
CVE-2007-2404 H
CVE-2007-2405 H
CVE-2007-2406 H
CVE-2007-2407 H
CVE-2007-2408 H
CVE-2007-2409 H
CVE-2007-2410 H
CVE-2007-2442 H
CVE-2007-2443 H
CVE-2007-2446 H
CVE-2007-2447 H
CVE-2007-2589 H
CVE-2007-2798 H
CVE-2007-3742 H
CVE-2007-3744 H
CVE-2007-3745 H
CVE-2007-3746 H
CVE-2007-3747 H
CVE-2007-3748 H
CVE-2007-3944 H
 
JUL CVE-2007-3896 H
CVE-2007-4041 H
CVE-2007-5020 H		    
JUN CVE-2007-2219 H
CVE-2007-2218 H
CVE-2007-1658 H
CVE-2007-2225 H
CVE-2007-2227 H		 CVE-2007-1658 H
CVE-2007-2225 H
CVE-2007-2227 H
CVE-2007-2229 L		 CVE-2007-2399 H
CVE-2007-2401 H
CVE-2007-2242 M
MAY     CVE-2005-3011 H
CVE-2006-4095 H
CVE-2006-4096 H
CVE-2006-4573 H
CVE-2006-5467 H
CVE-2006-6303 H
CVE-2007-0493 H
CVE-2007-0494 H
CVE-2007-0740 H
CVE-2007-0750 H
CVE-2007-0751 H
CVE-2007-0752 H
CVE-2007-0753 H
CVE-2007-1536 H
CVE-2007-1558 H
CVE-2007-2386 H
CVE-2007-2390 H
APR CVE-2007-1205 H
CVE-2007-1206 L
CVE-2007-1973 L		 CVE-2007-1209 L CVE-2006-0300 H
CVE-2006-5867 H
CVE-2006-6143 H
CVE-2006-6652 H
CVE-2007-0022 H
CVE-2007-0465 H
CVE-2007-0646 H
CVE-2007-0724 H
CVE-2007-0725 H
CVE-2007-0729 H
CVE-2007-0732 H
CVE-2007-0735 H
CVE-2007-0736 H
CVE-2007-0737 H
CVE-2007-0738 H
CVE-2007-0739 H
CVE-2007-0741 H
CVE-2007-0742 H
CVE-2007-0743 H
CVE-2007-0744 H
CVE-2007-0745 H
CVE-2007-0746 H
CVE-2007-0747 H
CVE-2007-0957 H
CVE-2007-1216 H
MAR CVE-2007-0038 X CVE-2007-0038 X CVE-2005-2959 H
CVE-2006-0225 H
CVE-2006-0300 H
CVE-2006-1516 H
CVE-2006-1517 H
CVE-2006-2753 H
CVE-2006-3081 H
CVE-2006-3469 H
CVE-2006-4031 H
CVE-2006-4226 H
CVE-2006-4829 H
CVE-2006-4924 H
CVE-2006-5051 H
CVE-2006-5052 H
CVE-2006-5330 H
CVE-2006-5679 H
CVE-2006-5836 H
CVE-2006-6061 H
CVE-2006-6062 H
CVE-2006-6097 H
CVE-2006-6129 H
CVE-2006-6130 H
CVE-2006-6173 H
CVE-2007-0229 H
CVE-2007-0236 H
CVE-2007-0267 H
CVE-2007-0299 H
CVE-2007-0318 H
CVE-2007-0463 H
CVE-2007-0467 H
CVE-2007-0588 H
CVE-2007-0719 H
CVE-2007-0720 H
CVE-2007-0721 H
CVE-2007-0722 H
CVE-2007-0723 H
CVE-2007-0724 H
CVE-2007-0728 H
CVE-2007-0726 H
CVE-2007-0730 H
CVE-2007-0731 H
CVE-2007-0733 H
CVE-2007-1071 H
FEB CVE-2006-1311 L
CVE-2007-0025 L
CVE-2007-0026 M
CVE-2007-0210 L
CVE-2007-0211 L
CVE-2006-5559 H
CVE-2007-0214 H		 CVE-2006-5270 H CVE-2007-0021 H
CVE-2007-0023 H
CVE-2007-0197 H
CVE-2007-0614 H
CVE-2007-0710 H
JAN CVE-2007-0024 X   CVE-2007-0462 L
CVE-2007-0023 L
CVE-2007-0355 L
CVE-2007-0236 L
CVE-2007-0229 H

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 411 Talkback(s)
RE: Mac versus Windows vulnerability stats for 2007

I agree, this was a great post. There are somethings I do not agree with but overall very informative. But I personally think it waters down to personal opinion and perspective.... Correct me i... (Read the rest)
Posted by: Jay Smtih Posted on: 09/08/09 You are currently: a Guest | | Terms of Use
I'm sure...  rapson | 12/18/07
why does windows OS "have to" have more vulnorabilities than a mac?  saint9121@... | 12/18/07
this is FUD who cares about vulenrabilities what of exploits?  doctorSpoc | 12/18/07
Your suggestion is useful but flawed  notsofast | 12/19/07
They are comming  Baer | 12/20/07
really...  user00033 | 12/21/07
This is an attempt at Tu Quoque  frgough | 12/19/07
LOL! yes:  dwalk51@... | 12/19/07
Based on what?  notsofast | 12/19/07
you're right ....  user00033 | 12/21/07
Tu Quoque is a logical, argumental fallacy  Mikael_z | 12/19/07
Rubbish...  craig-wilson@... | 12/19/07
Wait a minute  MacKeyser | 12/19/07
Vulnerabilities do equal  xuniL_z | 12/20/07
And this all tells the world...  ego.sum.stig@... | 12/20/07
That was an attempt at Misdirection  confuzatron | 04/05/08
Percentage of users  KeithAu001 | 12/19/07
Win XP SP3  CrazyPenguin | 12/21/07
Frothing Zealot  confuzatron | 04/05/08
Some truth in that....  techboy_z | 12/18/07
Occam's Razor  confuzatron | 04/05/08
Why is it  genefitz1976 | 12/18/07
Why is it people can't read for comprehension?  ye | 12/18/07
Apple users do have a tangible counterargument...  Taz_z | 12/18/07
It is tangible. But then the argument shifts to why is it tangible.  ye | 12/18/07
What's with this personal attack stuff? I'm not doing it...  Taz_z | 12/18/07
I didn't say you were "doing it".  ye | 12/18/07
No, and good point too!  dwalk51@... | 12/19/07
doesn't matter...  bmerc | 12/19/07
Tangible differences between statements  JoeDaddy | 12/18/07
I didn't attribute any such statement to him.  ye | 12/18/07
THATS THE FACTS JACK WINDOWS THREATS IN THE REAL WORLD  johnpall@... | 12/19/07
True dat  dwalk51@... | 12/19/07
Rapson was being sarcastic  georgeou | 12/18/07
re: Rapson was being sarcastic  M.R. Kennedy | 12/18/07
The photo and name will come soon  georgeou | 12/18/07
It's YOU!  dwalk51@... | 12/19/07
I never "picked" on anything  georgeou | 12/23/07
So, you're not responsible for the title?  ego.sum.stig@... | 12/23/07
Thanks, George  rapson | 12/18/07
Look On The Bright Side!  Whyaylooh | 12/18/07
But  confuzatron | 04/05/08
What?!? Bullocks!  dwalk51@... | 12/19/07
Message has been deleted.  notme403@... | 12/18/07
Agreed  dwalk51@... | 12/19/07
Wrong!  endermc12 | 12/19/07
okay you're right.  dwalk51@... | 12/19/07
Of course  Chris55 | 12/21/07
If confronted by unpalatable information...  confuzatron | 04/05/08
Message has been deleted.  CowLauncher | 12/18/07
tooshay!  larry@... | 12/18/07
so why do you comment here?  LoungeFlyX | 12/18/07
What makes you say that?  Shelendrea | 12/18/07
Actually, what is shows is  Kid Icarus-21097050858087920245213802267493 | 12/18/07
If they were shown to be stealthily updating  Shelendrea | 12/18/07
More importantly...  rapson | 12/18/07
Strong point  dwalk51@... | 12/19/07
If Microsoft were the one doing the reporting then ...  ShadeTree | 12/18/07
Doesn't matter  vmaatta | 12/19/07
If a flaw is not discovered is it really a flaw?  ShadeTree | 12/20/07
True  vmaatta | 12/21/07
Actually  frogmanandy | 12/19/07
give it up KI  xuniL_z | 12/19/07
You give it up  Shelendrea | 12/19/07
What these blogs should be about  xuniL_z | 12/20/07
You got my point exactly right  georgeou | 12/19/07
We just wish you had gotten your research right  MarcB_z | 12/20/07
What do you mean by...  dwalk51@... | 12/19/07
Just what I said  Shelendrea | 12/19/07
He proved that one column exceeds another, and it wasn't close, but...  DannyO_0x98 | 12/19/07
You think he should have went into detail  xuniL_z | 12/20/07
Poor Comparison Because...  Stuka | 12/18/07
RE: Poor Comparison Because...  Motoma | 12/18/07
3rd Party...  Yensi717 | 12/18/07
Yes, but no  Stuka | 12/18/07
Back peddle much?  ShadeTree | 12/18/07
oh dude...  BFD | 12/18/07
Apple didn't 'port' to *nix code base  comp_indiana | 12/18/07
Apple "developed" BSD?  samoanbiscuit@... | 12/19/07
ar matey  Hogleg | 12/19/07
If you're planning to spew more pointless drivel  bmerc | 12/19/07
so, I noticed you attacked me without saying I was wrong  Hogleg | 12/19/07
Incorrect  Jkirk3279 | 12/19/07
Wrong again.  ShadeTree | 12/18/07
Who cares?  YinToYourYang-22527499 | 12/18/07
Only people that don't want to be hacked.  No_Ax_to_Grind | 12/18/07
Not everybody cares  YinToYourYang-22527499 | 12/18/07
You were on the right track with "who cares"  GuidingLight | 12/18/07
So THAT's the problem with OSX!?  toadlife | 12/18/07
Message has been deleted.  BFD | 12/18/07
Ou is simply not being entirely honest with us  mdfischer | 12/18/07
Looks honest to me...  No_Ax_to_Grind | 12/18/07
And when your computer is hacked in the real world...  Taz_z | 12/18/07
Indeed, glad you agree  No_Ax_to_Grind | 12/18/07
Exactly...  Taz_z | 12/18/07
But the surface in Windows is so much bigger.  YinToYourYang-22527499 | 12/18/07
re: But the surface in Windows is so much bigger.  M.R. Kennedy | 12/18/07
100k+ viruses is hard to beat  YinToYourYang-22527499 | 12/18/07
First thing Apple needs to do...  rtk | 12/18/07
Hey rtk...  ego.sum.stig@... | 12/18/07
Hey ego.sum  rtk | 12/18/07
I agree, it will take another 20 years for OS X to catch up  xuniL_z | 12/19/07
ego.sum ...that's why Apple had the first mass virus...uh....  xuniL_z | 12/19/07
Hey xunil_z  ego.sum.stig@... | 12/19/07
math  craig-wilson@... | 12/19/07
math.  xuniL_z | 12/19/07
I guess the question is...  vulpine@... | 12/18/07
But that lessens the FUD!!!  comp_indiana | 12/18/07
MRK doesn't understand "surface area"  SourceFly | 12/18/07
which OSes  xuniL_z | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  rawzd38 | 12/18/07
ZDNet virus?  rawzd38 | 12/18/07
The fact no one  No_Ax_to_Grind | 12/18/07
Which brings up a simple fact...  Taz_z | 12/18/07
If it could run my apops yes.  No_Ax_to_Grind | 12/18/07
That's all I wanted to hear (NT)  Taz_z | 12/18/07
gaming, fool...  craig-wilson@... | 12/19/07
Waiting for Fedex  rawzd38 | 12/18/07
Ok! You want to hear the words,  windozefreak | 12/20/07
what of the difference in rate of vulnerability to rate of exploit...  doctorSpoc | 12/18/07
Spot on  Stuka | 12/18/07
True, Macs are such a small part of the market  No_Ax_to_Grind | 12/18/07
As usual, reply does not address the original post...  Taz_z | 12/18/07
Not really true.  No_Ax_to_Grind | 12/18/07
and are much safer than PCs... vulnerabilities == red herring  doctorSpoc | 12/18/07
Disagree when the subject a security comparison  DevGuy_z | 12/18/07
You can't even compare #'s of vulnerabilities fairly  Taz_z | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  lgp | 12/18/07
in a way...  Badgered | 12/18/07
re: in a way...  M.R. Kennedy | 12/18/07
I beg to differ...  vulpine@... | 12/18/07
Bad Math  fde101 | 12/19/07
RE  tony@... | 12/19/07
I won't bother to refute your complex math...  vulpine@... | 12/20/07
Thanks! Now my head hurts (NT)  Badgered | 12/20/07
RE: Mac versus Windows vulnerability stats for 2007  ZDnet_is_FUD | 12/18/07
Thank you for the honesty in a dishonest publication.  YinToYourYang-22527499 | 12/18/07
get a room you two...  BFD | 12/18/07
Aw, I hurt BFDled's feelings  YinToYourYang-22527499 | 12/18/07
Apples vs Oranges  RestonTechAlec | 12/18/07
You missed the point  Chris55 | 12/21/07
RE: Mac versus Windows vulnerability stats for 2007  ptmmac | 12/18/07
Just flame bait.  CobraA1 | 12/18/07
And you think Apple publishes everything it finds internally?  georgeou | 12/18/07
Anything *nix they have too  Stuka | 12/18/07
since when is osx open source it's not the only thing in osx  SO.CAL Guy | 12/18/07
Read up...  Stuka | 12/18/07
Both do not publish everything...  fredfarkwater@... | 12/18/07
What does corporate disclosure have anything to do with it?  YinToYourYang-22527499 | 12/18/07
and we know apple does not publish every bug they find and  SO.CAL Guy | 12/18/07
Dumb way to do business, let alone live life.  YinToYourYang-22527499 | 12/18/07
can't bring a valid point so you insult typical fanboi response  SO.CAL Guy | 12/18/07
Partially right  tony@... | 12/19/07
Proof?  Jkirk3279 | 12/19/07
Article is an HEALTH HAZARD  help4mac@... | 12/18/07
234 2 = 243?  ninhead79 | 12/18/07
234 plus 2 = 243?  ninhead79 | 12/18/07
Bad transpose from Excel, there were 7 less critical  georgeou | 12/18/07
Bad Transpose!!!  ninhead79 | 12/18/07
LMAO....  ninhead79 | 12/18/07
Totals and the raw tables were always accurate  georgeou | 12/18/07
Your flawed  ninhead79 | 12/18/07
Yup, I made a typo. So what of it?  georgeou | 12/18/07
Are duplicates typos too ?  f.r | 12/19/07
You're flawed, not "Your flawed"  Badgered | 12/18/07
Spelling/Typing  ego.sum.stig@... | 12/18/07
Apple advisories have many times more flaws each  georgeou | 12/18/07
Here, have a bigger shovel George  ego.sum.stig@... | 12/18/07
No they are not accurate  MarcB_z | 12/20/07
Thanks for fixing your chart!!!  ninhead79 | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  tvalleau | 12/18/07
credibility  buddhistMonkey | 12/18/07
And you spent how many seconds verifying on Secunia?  georgeou | 12/18/07
I guess "nt" in your case means "no time."  buddhistMonkey | 12/19/07
Why don't you create a web site and list them  georgeou | 12/18/07
Nice trick...  YinToYourYang-22527499 | 12/18/07
"Critical" Thinking Involved...  MacDev | 12/18/07
They were discovered by third parties, but they're all patched by Apple  georgeou | 12/18/07
Home vs. Business  malevolentjelly | 12/19/07
This list is EXTREMELY flawed...  olePigeon | 12/18/07
OK...  brian.shapiro | 12/18/07
Yes, you're correct about Windows Mail...  olePigeon | 12/18/07
QuickTime isn't even listed in here  georgeou | 12/18/07
I'm not defending Apple's track record...  olePigeon | 12/18/07
Also, as noted in my other reply...  olePigeon | 12/18/07
Outlook, IE, Media Player, Movie maker is included  georgeou | 12/18/07
I am confused, then...  olePigeon | 12/18/07
Are you sure? My count is very different  nilotpal_c | 12/18/07
George, you are now just flat out lying.  Letophoro | 12/19/07
Stop letting the facts get in the way of Apple bashing!  doh123 | 12/18/07
FACT: 231 Advisories for Windows in 2007  MacDev | 12/18/07
Amen!!!  ninhead79 | 12/18/07
Your search queries are severely flawed  georgeou | 12/18/07
I think your criteria is flawed...  whooda | 12/18/07
So...  ego.sum.stig@... | 12/18/07
that idiot? He's been proven a charlaton and long dead in the..  xuniL_z | 12/19/07
I think I've hit a nerve  ego.sum.stig@... | 12/20/07
You know what's funny...  Badgered | 12/20/07
Mea culpa  ego.sum.stig@... | 12/20/07
In the end, with a small marketshare  Boot_Agnostic | 12/18/07
Now, do the same thing charting how many flaws...  BitTwiddler | 12/18/07
You don't need an exploit to spread malware  georgeou | 12/18/07
Look at All The Angry Mac Users  Herc@... | 12/18/07
and the winner is...  Linux Geek | 12/18/07
Are you sure?  georgeou | 12/18/07
Sure? Almost positive.  blakecmartin | 12/18/07
Open vs. Closed Source  malevolentjelly | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  Mr. Twister | 12/18/07
And Apple discloses everything too?  georgeou | 12/18/07
Only if you'll trust us with your bank account number first  YinToYourYang-22527499 | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  notailmouse | 12/18/07
Wrong  onecheapgeek@... | 12/18/07
Well...  ego.sum.stig@... | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  lakjsdgkajg | 12/18/07
Interestingly enough  Shelendrea | 12/18/07
Here are four CVE's for Windows that you didn't list.  Letophoro | 12/18/07
Apple bot herds  Chad_z | 12/18/07
Criticality?  brian.shapiro | 12/18/07
and in reality?  sos10@... | 12/18/07
haha  jjarman | 12/19/07
Secunia says don't do that  Randomly | 12/18/07
Secunia's stats shouldn't be used because they count advisories and not fla  georgeou | 12/18/07
Re:Secunia's stats shouldn't be used because they count advisories and not  compmodder26 | 12/18/07
Guilty!  ego.sum.stig@... | 12/18/07
You can count the number of vulnerabilities, however  nilotpal_c | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  Steve Jobs | 12/18/07
What about linux?  someoneinjapan@... | 12/18/07
Not too well.  georgeou | 12/18/07
No George, you are wrong  nilotpal_c | 12/18/07
outdated info  patibulo | 12/19/07
spinster  jjarman | 12/19/07
Zoon award  Mike Cox, Sr. | 12/18/07
He already came and it was you  xuniL_z | 12/19/07
Reported vulnerability versus patched vulnerability  startx.jeff | 12/18/07
RE: the List is padded  ITTechguy | 12/18/07
Typical denial  neverstoplearning | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  f.r | 12/18/07
George doesn't let facts  MarcB_z | 12/18/07
Good work  nilotpal_c | 12/18/07
exceptional  jjarman | 12/19/07
First of all, Larry is not the author  georgeou | 12/20/07
You can't change ideologues with facts  tonymcs@... | 12/18/07
Well, reach for a trout...  ego.sum.stig@... | 12/18/07
How many Mac vs Windows users?  HypnoToad72 | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  drylight | 12/18/07
Okay...  dalevi1 | 12/18/07
OS X Firewall  drylight | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  drylight | 12/18/07
George Ou quality research ... teehee  Golodh2 | 12/18/07
Now THIS is really funny!!  aureolin@... | 12/18/07
Oh aureolin...  CowLauncher | 12/18/07
And Apple Being Apple's own worst Enemy  dalevi1 | 12/18/07
The Keychain keeps your passwords and some system functions access them  YinToYourYang-22527499 | 12/18/07
Interesting  Len Rooney | 12/18/07
There is no increase in vulnerabilities  YinToYourYang-22527499 | 12/18/07
Why is Adobe Flash vuln "OS X"?  michael.teter@... | 12/18/07
From my limited experience...  ego.sum.stig@... | 12/18/07
RE: Mac versus Windows vulnerability stats for 2007  Kaiwai | 12/18/07
All but a few less critical issues have been patched on both sides  georgeou | 12/19/07
Hey Wintards!  comp_indiana | 12/18/07
Care to post your IP address?  georgeou | 12/18/07
Give it a rest  frgough | 12/19/07
Beyond Irresponsible, George  MacKeyser | 12/19/07
Actually  andrewjg | 12/20/07
For MacKeyser.  sfenton@... | 12/21/07
irresponsible to bait a user to post their IP on a public forum for attack  jjarman | 12/19/07
10.0.0.5  shis-ka-bob | 12/21/07
Ask my buddy where all his photos went...  Feldwebel Wolfenstool | 12/19/07
Seriously man. duh.  xuniL_z | 12/19/07
I question the methodology.  ten8ciousb | 12/18/07
I provided the links I used at Secunia  georgeou | 12/19/07
Lame excuse and complete lack of responsibility  metenlar | 12/19/07
And did not bother to check for Internet explorer 7 or Windows media player  nilotpal_c | 12/19/07
Ok let's add IE7, Media Player, and count QuickTime against Mac OS X  georgeou | 12/19/07
You can count QuickTime  Robert Crocker | 12/19/07
Still missing the point  nilotpal_c | 12/19/07
no -- you're missing the point  zupobaloop | 12/20/07
Did you actually read the linked pages ?  f.r | 12/19/07
This is typical Ou.  frgough | 12/19/07
yeah this doesn't count as security  zupobaloop | 12/20/07
"I provided the links ..."  ten8ciousb | 12/19/07
Try actually answering his criticism instead of blowing fluff, George (nt)  bmerc | 12/19/07
just read the first one  shis-ka-bob | 12/21/07
What if Windows was shipped "loaded for bear"?  SourceFly | 12/19/07
IIS 6.0 and MS SQL 2005 has zero critical vulnerabilities  georgeou | 12/23/07
Like I said, you can't put those on a non-server build  SourceFly | 12/26/07
This study is biased  efwqdfgfg | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  klm@... | 12/19/07
Why are you counting placeholders?  w1bmw | 12/19/07
If I use his method I get ALOT more issues...  ju1ce | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  Dave4u2 | 12/19/07
Misleading stats...  jeffmurphy | 12/19/07
Well...  ju1ce | 12/19/07
Apple put it in to Mac OS X so it's counted.  georgeou | 12/19/07
Since MS put IE into Windows, why aren't you counting all the IE flaws?  Letophoro | 12/19/07
I have to agree... (nt)  el1jones | 12/19/07
RE: Stats and details of the vulnerabilities are fine  vikingnyc@... | 12/19/07
Almost all of these have been patched during the months listed  georgeou | 12/19/07
Mac OS X vs. Windows  techJerk | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  disintegral | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  calvinsman-one@... | 12/19/07
Larry didn't write this blog - nt  georgeou | 12/19/07
43 are from 2006. many H are actually L  MikeMcCartney | 12/19/07
They're originally from 2006 but got bundled in an advisory/Patch in 2007  georgeou | 12/20/07
RE: Mac versus Windows vulnerability stats for 2007  trevorhjones@... | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  cablezd | 12/19/07
Tu Quoque is a logical fallacy  Mikael_z | 12/19/07
hey fanboy  Hogleg | 12/19/07
The bottom line....  arminw | 12/19/07
Wow...Missing the point  Exploit this | 12/19/07
It's obvious that Apple just reports better  el1jones | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  tomhoffman@... | 12/19/07
Patch Methodology  lawsonkc | 12/19/07
Mac Vs Microsoft security vulnerabilities  jim_d@... | 12/19/07
Who cares?  SteveMak | 12/19/07
totally wrong because you are starting with a flawed assumption...  jjarman | 12/19/07
Extra, extra: Reality Reverses Itself, Windows is Secure, Mac's are Not!  jjarman | 12/19/07
And yet, we never hear ANY OS X horror stories.  TheSchmett | 12/19/07
And Who Uses Mac?  melekali | 12/19/07
many software and web developers use mac  jjarman | 12/19/07
6%? many?  Chris55 | 12/21/07
Its a moonwalk  TheSchmett | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  creep144 | 12/19/07
3rd World Hackers Haven't Discovered Macs, Yet!  profelalo@... | 12/19/07
Actually, they have  ego.sum.stig@... | 12/19/07
And they don't use UNIX or Linux?  TheSchmett | 12/19/07
Oh wait, they did walk on the moon.  TheSchmett | 12/19/07
George's throroughly dishonest "stats" have been debunked  bmerc | 12/19/07
ABSOLUTELY TRUE!  howieldanc@... | 12/19/07
Suggestion  levinson | 12/19/07
I work in both worlds  Vexxarr | 12/19/07
Ross Perot Math  Eindhoven | 12/19/07
My goodness lookie here what I found?  bmerc | 12/19/07
irrelevant statistics  chadpengar | 12/19/07
Correction!  Eindhoven | 12/20/07
RE: Correction!  Badgered | 12/20/07
Well...  ego.sum.stig@... | 12/20/07
Quit B____'n  Runtime_Error | 12/19/07
WHY DO WE BOTHER?  Angel_O | 12/19/07
Trying to get some more hits on your blog  jorjitop | 12/19/07
nope!  zupobaloop | 12/20/07
Must be the new math....  jimboutilier@... | 12/19/07
Windows vs Mac OSX vulnerability  GFW_z | 12/19/07
I pose some questions  Shelendrea | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  ralphrides | 12/19/07
YOU CANT READ MR GEORGE OU  howieldanc@... | 12/19/07
HERE'S THE REAL DATA FROM SECURIA  howieldanc@... | 12/19/07
that's for 4 years  aesirloke@... | 12/23/07
RE: Mac versus Windows vulnerability stats for 2007  madmax_2069 | 12/19/07
RE: Mac versus Windows vulnerability stats for 2007  khorsia | 12/19/07
The press hasn't got it, do they?  gmureddu@... | 12/19/07
Incidence, Prevelance, Exploitation  w_c_mead | 12/19/07
Some people just cant see the woods for the trees  KeithAu001 | 12/19/07
The problem is..  msalzberg | 12/19/07
look again  zupobaloop | 12/20/07
I don't have time for this poorly done "expose"  filker0 | 12/19/07
Addendum  filker0 | 12/19/07
hahahaha expose?  zupobaloop | 12/20/07
Everyone should read..  msalzberg | 12/20/07
Can you help me understand your data  mike.b.c | 12/20/07
Poor Research and Journalism  theMusicMan12 | 12/20/07
Finally, a well-reseached response to a terrible news article  hinkel@... | 12/20/07
YOU CANT COUNT CANDIDATE CVE ENTRIES CHIEF!  rbird@... | 12/20/07
George doesn't care  MarcB_z | 12/20/07
Perhaps....  ego.sum.stig@... | 12/21/07
Incorrect data in test  intargc | 12/20/07
RE: Mac versus Windows vulnerability stats for 2007  bdammann | 12/20/07
Can the source of this article be trusted?  hinkel@... | 12/20/07
Just useless FUD  merlin747 | 12/20/07
Hackers didn't remotely "take over" a MacBook...it required user action  RealNonZealot | 12/20/07
Do you know what a remote code execution flaw is?  georgeou | 12/20/07
Larry, how did you compile this list?  shis-ka-bob | 12/20/07
Nice FUD George  Eric Nepean | 12/20/07
RE: Mac versus Windows vulnerability stats for 2007  Jeffrey0816 | 12/20/07
Owning a MAC is a fashion statement!  Jeffrey0816 | 12/21/07
Gotta see this  Chris55 | 12/21/07
How would you know about those flat keys if you don't own a Mac?  SFWooch@... | 12/21/07
STILL... My Leopard is 100% good.. My friends Vista SUCKS!  RichardDib | 12/21/07
Well...  ego.sum.stig@... | 12/21/07
Matches my experience  gregzdnet | 12/21/07
Still "Cherry Picking" I see  Rick_K | 12/21/07
Just read this and get the real picture.  sos10@... | 12/21/07
Don't bother  lortega@... | 12/22/07
Yeah, just look at the pictures and don't read the facts. NT  sos10@... | 12/22/07
Really  lortega@... | 12/22/07
Umm....What?  ryan.axiom | 12/22/07
a data  Xeltar | 12/22/07
Depends can we trust you can read?  JABBER_WOLF | 12/23/07
RE: Mac versus Windows vulnerability stats for 2007  Hakime | 12/23/07
Message has been deleted.  Hakime | 12/23/07
That's one news story talking about a bunch of patches  georgeou | 12/23/07
not surprised  aesirloke@... | 12/23/07
Lest we forget 01/01/00  crash1105 | 12/23/07
market share  crash1105 | 12/23/07
Total highly critical 19 12 23  kiwiblack | 12/24/07
RE: Mac versus Windows vulnerability stats for 2007  jpochat | 12/28/07
Read the UN EDITED statistics and judge for yourself  mintomatic | 12/31/07
I am deleting ZDNET account because of this article  morestupidthanyou@... | 01/11/08
See ya  rtk | 01/11/08
Why are you shills for Microsoft?  AGGA@... | 01/11/08
The Answer  confuzatron | 04/05/08
Article is pretty biased George  d0c_h0l1day | 02/08/08
RE: Mac versus Windows vulnerability stats for 2007  tatianahunt | 03/18/08
RE: Mac versus Windows vulnerability stats for 2007  derecho | 03/30/08
RE: Mac versus Windows vulnerability stats for 2007  chris.parker@... | 03/12/09
SYMANTEC WEBSITE REPORTS 3 MAC VULN's SINCE 2000  godchagk | 03/31/09
RE: Mac versus Windows vulnerability stats for 2007  jason12343 | 07/22/09
RE: Mac versus Windows vulnerability stats for 2007  lemojhon | 07/26/09
RE: Mac versus Windows vulnerability stats for 2007  Jack Magic | 08/14/09
RE: Mac versus Windows vulnerability stats for 2007  jessonerik | 08/27/09
RE: Mac versus Windows vulnerability stats for 2007  Jay Smtih | 09/08/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More