Apple’s most recent wake-up call came last week, as a Southern California researcher reported seven new vulnerabilities. Tom Ferris said malicious Web sites can exploit the holes without a user’s knowledge, potentially allowing a criminal to execute code remotely and gain access to passwords and other sensitive information.

Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world’s largest software company was criticized for being slow to respond to weaknesses in its products.

Apple officials point to the company’s virtually unvarnished security track record and disputed claims that Mac OS X is more susceptible to attack now than in the past.

Apple plans to patch the holes reported by Ferris in the next automatic update of Mac OS X, and there have been no reports of them being exploited, spokeswoman Natalie Kerris said. She disagreed that the vulnerabilities make it possible for a criminal to run code on a targeted machine.

The SANS Institute, a computer-security organization in Bethesda, Md., added Mac OS X to its 2005 list of the top-20 Internet vulnerabilities. It was the first time the Mac has been included since the experts started compiling the list in 2000.

This week, SANS updated the list to warn against flaws in Safari, the Mac Web browser, which the group said criminals were able to attack before Apple could fix it.

The number of discovered Mac vulnerabilities has soared in recent years, with 81 found last year, up from 46 in 2004 and 27 in 2003, according to the Open Source Vulnerability Database, which is maintained by a nonprofit group that tracks security vulnerabilities on many different hardware and software platforms.

Less than a week after Daines was attacked in mid-February, a 25-year-old computer security researcher released three benign Mac-based worms to prove a serious vulnerability in Mac OS X could be exploited. Apple asked the man, Kevin Finisterre, to hold off publishing the code until it could patch the flaw.

MSNBC (http://www.msnbc.msn.com/id/12537279/page/2/)

It's tough to tell if this is of substance or not given the mangled style of writing. Even though they acnowledge MSNBC is part of the happy Microsoft family in the story, I find it hard to believe, given the tone of the thing, it had nothing to do with this story being produced by them.

In any case, I am certainly no expert and I only post it because I know this issue got a lot of attention here when this thread (http://www.zgeek.com/forum/showthread.php?t=24596) was posted on the front page some time ago.

I have always said that the only reason why Mac's are perceived as "more secure" than Windows systems is due to market share alone.

If you're writing malicious code, you want it to run on as many systems as possible. You want to be able to find holes in a large number of systems at any given time in order to maximise the effect of your payload.

Why bother writing malware for MacOS, which is lucky to have 5% of the share of the market, when you can write it for Windows and affect just about everyone? The same applied for Linux.

It's only now that the market share for Windows is going down that the amount fo vuilnerabilitries that are being exposed in other operating systems is starting to increase.

At the end of last year, CERT reported a total of 5,198 vulnerabilities in varios systems. the breakdown went along the lines of (my paraphrasing of their report, found at
http://www.us-cert.gov/cas/bulletins/SB2005.html) "812 vulnerabilities were for the Windows, 2,328 for Unix and Linux, and 2,058 more affected more than one operating system". To back this up, my monthly patch downloads for a Linux server averages around 60MB. Compare that to the 30MB worth of updates for a Windows server.

Which OS is looks more secure now?

But that's not the point. My argument is that neither is more secure - each has it's own quirks. It's like saying, who is sexier - Drew Barrymore or Liv Tyler. They are both complete hotties for totally different reasons. it's not like you can get a ruler out and measure how secure an OS is. There is no definative measurement.

Ultimately, we're talking perceptions here, and whoever you speak to on the subject is going to add their own "spin". One thing for certain though is that the Mac zealots who say "Sucked in - I don't have to install a virus scanner on my Mac" are wrong, and have always been wrong.

but apple's market share is actually shrinking. it hit 2.2 last year. wouldn't that mean they remain butt ugly by haxxor standards according to your theory?

http://www.mercurynews.com/mld/mercurynews/business/14191452.htm

(this isn't to argue your core point about the vulnerability of macs versus pcs.)

The point that is was trying to make though was having such a minute market share doesn't mean that any given software is "more secure". In general, security vulnerabilities are not detected as often because the sample size is much smaller. That's not to say that the vulnerabilities don't exist - it's just that they aren't detected.

They do still remain "butt ugly by haxxor standards" hence why you rarely do see viruses that target Macs. But you still get vulnerabilities and exploits do surface from time to time. Having a small market share then works in their favour because it doesn't spread so quickly, or doesn't affect 97.8% of users (You have a very high "care factor = zero" response group)

One of the principles of any kind of hacking activity is that the hacker needs to outsmart the owner of the system and get around the precautions that they've taken. In the case of many Windows PC's, there are many users who don't know shit, and even a script kiddie could outwit them in much the same way that they could outwit a Paramecium.

The number of these Windows systems that are openly accessible on the Internet far exceeds the amount of Macs, hence why they are more of a target.