PDA

View Full Version : Number of Security Patches?



Mark T
8th February 2005, 09:36 AM
In today’s Australian Financial Review (p 35), there is a review of the Mac mini and when discussing OS security, they mention that Apple sends out as many security patches as Microsoft.

I realize that the number of security patches released has no bearing on the inherent security of an OS, but it still surprised me when my gut feeling would have said that Apple would release about 1 or 2 per month (say 18 pa) and Microsoft about 1 or 2 per fortnight (say 39 pa).

Does anyone know how many each company has released in, say, 2004?

Mark T

feeze
8th February 2005, 10:04 AM
Well I can't tell you the total number of updates for 2004, but I can tell you that in 2004 Secunia (http://www.secunia.com) issued 15 (http://secunia.com/product/96/?period=2004#statistics) advisories for Mac OS X. Whereas 29 (http://secunia.com/product/22/?period=2004#statistics) advisories were posted for XP Pro.

For Mac OS X, all the 2004 advisories were patched.

For XP Pro, there are 7 advisories for 2004 left unpatched and 1 partially fixed.

Go Figure :rolleyes:

edit: I can further expand that there are a total of 44 advisories for Mac OS X, 2 of which are unpatched.

For XP Pros there are a total of 81 advisories, 21 of which are unpatched. :blink:

purana
8th February 2005, 10:18 AM
Feeze, email your findings to the journo who wrote the article... man those journos have no clue sometimes ;) talk about misleading the public..

iSlayer
8th February 2005, 10:28 AM
i think its also very important to mention how many of the flaws have been explotied.
one OS X none have(there are none in the wild) while on windows alot have

feeze
8th February 2005, 10:30 AM
The problem is that this information has the potential to be spun to make Apple look less secure (it already has been)

for example,

http://secunia.com/graph/?type=cri&period=2004∏=96

http://secunia.com/graph/?type=cri&period=2004∏=22

Just looking at thoses pie graphs, which one looks the less secure.

That's the problems with percentages and graphs, they never show the actual numbers.

edit:
Sorry I couldn't post the images in the post, wouldn't let me do it.

edit2: Arrrgh, links don&#39;t work, the graphs I was trying to point to were the "Criticality" graphs. <_<

Mark T
8th February 2005, 10:54 AM
Thanks, feeze

That&#39;s exactly the sort of information I was looking for&#33;

I&#39;m glad that my initial gut feeling wasn&#39;t far off the mark.

feeze
8th February 2005, 11:00 AM
Originally posted by Mark T@Feb 8 2005, 10:54 AM
Thanks, feeze

That&#39;s exactly the sort of information I was looking for&#33;

I&#39;m glad that my initial gut feeling wasn&#39;t far off the mark.
No problem. Anyway even if Apple did release more security patches than Microsoft, that doesn&#39;t mean it&#39;s a bad thing. It just means that Apple is taking a more proactive approach to security.

I&#39;ve never understood the reason why people get iffy when Apple releases patches. Software will always have bugs and security holes, it&#39;s how the holes are exploited and how the developer responds to the security holes that matter.

internet
8th February 2005, 11:20 AM
microsoft released 13 patches just a few days ago... i&#39;ve never seen more than 4-5 patches released by apple at any one time..


http://www.k-otik.com/news/20050203.MSFevrier.php

(sorry it&#39;s in french)

internet
8th February 2005, 11:28 AM
english
http://securityfocus.org/bid/12440/info/

Currawong
8th February 2005, 06:02 PM
Secunia is sensationalist. They put out their advisories as advertisements in a sense to encourage clients.

Gothikon
8th February 2005, 06:49 PM
Also most of apples security updates are for open source technologies, XML parses, apache etc etc. Only a fraction are for their own software. So most of the security flaws affect linux too.