Apple Beats MS for Vulnerabilities.
This article is both good and bad. The good is that what it says is true. Sheer numbers don't tell the whole story. But, it makes several critical errors and does dismiss the merit behind those numbers.
Ok, so not all of those errors are serious security threats. How many of them are? And how many relative to the other platforms? Oh wait! You're willing to defend Apple against the numbers but not to do the actual research on your own defense?
Personally, I doubt this is serious by any means. Apple, like Microsoft is in control of OS updates. As vulnerabilities are fixed they can be released to users at Apple's leisure.
Now, back to those numbers and the article. The article wanted to dismiss vulnerabilities that required local admin access. But... Microsoft was hammered time after time for exactly that sort of bug. And many IE and Windows bugs fall in that category. And those bugs actually are quite severe. The reason being, most platforms have vulnerabilities that allow a process to gain that level access and are then daisy chained together. Most of the threatening and useful hacks exploit a combination of vulnerabilities.
But, that isn't what is important here. Truth be told, the numbers still are important for 2 reasons. It KILLS the argument that Apple products are inherently safer than PCs (which they drilled into our heads for decades before they became popular) and it shows that Apple products are now a common attack vector.
Discovered vulnerabilities doesn't accurately encapsulate all vulnerabilities. They are just the ones which we are aware of. Apple has the largest numbers for 2 primary reasons (most likely) which is that they are (relatively) new to being a primary target of hackers and following from that, the code probably is still to some level less secure than longer term players like Microsoft.
I'm not trying to spread any FUD. As I said, realistically, this shouldn't concern the average person. And, as I also said, Apple is fully capable of both fixing and deploying patches. What I am saying is that while I agree that the numbers don't paint the whole picture you also shouldn't assume them to be without merit. Many of the defenses made FOR Apple also apply to EVERYONE ELSE on that list. Without metadata to slice and dice the data the best assumption actually is that Apple is less secure than those who fared better in terms of sheer numbers since we can only assume that the same deficiencies in the lack of data also apply equally to everyone else.
It isn't a good assumption. But, it is the best that can be made. I'm not wasting my time with the data to draw better conclusions and I am willing to admit that fully which is why I'm also willing side with the conclusion the data infers. I've added some caveats about Apple's abilities to protect its users and until someone does more research I think that is perfectly fair.
Ok, so not all of those errors are serious security threats. How many of them are? And how many relative to the other platforms? Oh wait! You're willing to defend Apple against the numbers but not to do the actual research on your own defense?
Personally, I doubt this is serious by any means. Apple, like Microsoft is in control of OS updates. As vulnerabilities are fixed they can be released to users at Apple's leisure.
Now, back to those numbers and the article. The article wanted to dismiss vulnerabilities that required local admin access. But... Microsoft was hammered time after time for exactly that sort of bug. And many IE and Windows bugs fall in that category. And those bugs actually are quite severe. The reason being, most platforms have vulnerabilities that allow a process to gain that level access and are then daisy chained together. Most of the threatening and useful hacks exploit a combination of vulnerabilities.
But, that isn't what is important here. Truth be told, the numbers still are important for 2 reasons. It KILLS the argument that Apple products are inherently safer than PCs (which they drilled into our heads for decades before they became popular) and it shows that Apple products are now a common attack vector.
Discovered vulnerabilities doesn't accurately encapsulate all vulnerabilities. They are just the ones which we are aware of. Apple has the largest numbers for 2 primary reasons (most likely) which is that they are (relatively) new to being a primary target of hackers and following from that, the code probably is still to some level less secure than longer term players like Microsoft.
I'm not trying to spread any FUD. As I said, realistically, this shouldn't concern the average person. And, as I also said, Apple is fully capable of both fixing and deploying patches. What I am saying is that while I agree that the numbers don't paint the whole picture you also shouldn't assume them to be without merit. Many of the defenses made FOR Apple also apply to EVERYONE ELSE on that list. Without metadata to slice and dice the data the best assumption actually is that Apple is less secure than those who fared better in terms of sheer numbers since we can only assume that the same deficiencies in the lack of data also apply equally to everyone else.
It isn't a good assumption. But, it is the best that can be made. I'm not wasting my time with the data to draw better conclusions and I am willing to admit that fully which is why I'm also willing side with the conclusion the data infers. I've added some caveats about Apple's abilities to protect its users and until someone does more research I think that is perfectly fair.
Comments
Post a Comment