This will probably bore a lot of you however this makes for interesting reading, not because OS X desktop and server leads the report for insecurity but for the general overview of the Malware situation:
X-Force Trend reports
- Warning PDF file.
Before I start this is the actual quote from the report:
"Vulnerability – any computer-related vulnerability, exposure, or configuration
setting that may result in a weakening or breakdown of the confidentiality,
integrity, or accessibility of the computing system."
The X-Force is part of IBM so their can be no claim of partisanship here. Over the last few years their has been a steady and growing awareness that OS X varients and Linux are generally insecure. This is proves the old adage that any OS system operated by a user is insecure by nature. It also proves that Microsoft's steady progress in locking down the OS is proving to be worthwhile. Of course the big issue with M$ and it's user model is that much of the software on Windows was (and still is) can't be run on anything less than Administrator mode. A recent report showed that removing the Admin rights would stop 92% of attacks dead. Source:
Secure Computing.
Remember this report is based upon publically declared security flaws, so M$ should be heavily penalised but it's not even with XP leading the pack for security flags. Another aspect to consider is Apple's own history of being secretive about security and what they do (and how long it can take for them to patch) to resolve the flaw which could be if taken in this context that OS X situation could be far worse. This said the two top spots in for OS X could involve a certain amount of duplication as like M$ they often share the same codebase for their server products (or vice versa).
Also note that web flaws are now accounting for a large amount of red flags and so is Phishing scams which is OS agnostic in nature. In regards to disclosures a number of Web 2 companies have started to appear alongside the traditional companies, in the top 10 you have Drupal, Joomla! and Typo3 appearing in the list. To put this in context though the OS systems account for nearly 75% of all disclosures in 2008.
Overall the take away from this report is that no one should be bandying around saying they have a secure OS. If Apple was in a more dominant position (or even Linux) then they will be getting their shirts stolen off their back.
Overall this is a very informative and readable report with good visual diagrams and descriptions of the various vectors.
