According to a recently published report from GFI Network and Security Solutions, based on data gathered from the US National Vulnerability Database (NVD), Windows is not the most vulnerable operating system. Which is? Read on to find out.
GFI reports an increase of just over 60% in overall vulnerabilities between 2010 and 2014 – the total for 2014 amounting to 19 vulnerabilities identified per day every day:
I don’t think anyone will be overly surprised with confirmation that overall numbers of vulnerabilities are on the increase, however, I’m not sure if that means software developers/vendors are distributing less secure software these days or maybe getting better at identifying these flaws.
This next graph, showing vulnerabilities by product type, might raise a few eyebrows:
So, it seems the third party software we all love to install accounts for the lions share of vulnerabilities, far outstripping those found in operating systems. Food for thought there.
Here is the biggest surprise of all, showing numbers of vulnerabilities broken down per operating system:
Shock, horror!! Apple topping the list as the most vulnerable operating system, with Linux right up there too, who’d have thunk!
Before anyone gets in a tiz; it’s obvious that the Windows statistics have been separated per version while both Apple and Linux have each been treated as a single entity. Why that might be is anyone’s guess, perhaps the Windows vulnerabilities are specific to each edition and not shared across versions. Then again, maybe whoever collated the data might have ultimately been looking for a headline… hmm, maybe.
The numbers do, however, help show that security by obscurity certainly plays a part in the exploitation stakes and when it comes down to the nitty gritty, all operating systems are inherently vulnerable.
The final graph shows vulnerabilities by application which, as mentioned earlier, account for 83% of all vulnerabilities:
No surprise then to see browsers topping the list, in fact the top half dozen applications are all internet related. Then again, perhaps these types of applications, which are most susceptible, should also be the most secure?
No surprise either to see our old friend Adobe well represented, but the Apple TV app included in the list at number 9 is a bit of a shock. What’s going on there Judy? 🙂
<source>
It’s pretty much a crap shoot, I think it all really depends what you do while running around on the internet and what kind of software you use ( purchased, freeware or warez).
I’ll tell you one thing though, it gives me deep pleasure seeing Mac and Apple at the top of the list, only because we don’t have to listen to those holier than thou Mac owners boast how “secure” their systems are, especially since I have been saying for years after I hacked my own Mac OS 8 just to prove it could be done that Macs were indeed vulnerable but no one listened …… at least until Macs gained a larger market share, now they have a target on them ;0)
Just think of all the tablets, notepads and smartphones added to the list. I think they are worse off than all the desktop/laptop systems combined. What say you?
Trying to start another OS war here. The culprit is what you noted “Browser’s” and the way browsers are utilized. In the mean time I will still use Linux as my main online tool. Daniel.
You do that, just let me know how that turns out for you when they start targeting Linux systems. Nothing is safe and EVERYTHING is vulnerable my friend. It only depends on how popular something is and how bad someone or something wants in.
Been using this same basic setup since XP was launched. I just keep my Linux Distro upgraded. Which is what I just did to Linux Mate 17.1.
One really needs to read the original article. The original author (Cristian Florian) was taken to task for the way he split out each Windows version and and did not do likewise for the other OSes. In fact, those that were Linux based, he conceded, in an update to his article, that the same vulnerability could have been multi-counted since a number of Linux variants share, not only the same kernel, but a lot of the same applications and other support programs. Android and Google Chrome are Linux-based. OSX and iOS are FreeBSD-based as I understand – all are “Unix clones” – to speak.
From personal experience, if there were as many severe vulnerabilities in iOS, then Apple must be ignoring them until they put out the next version. We have an iPad (I should say my wife – plays games on it) and I have seen only one update in 2 years that was not a version update. I also use Linux (different distros and have seen only an occasional security update, even then, they are typically for applications that run on Linux not the kernel – and that Bash bug was for the scripting program, not the kernel – which is equivalent to say Windows has a severe security vulnerability because it was found in Flash Player! I also have Windows 7 (and have had earlier versions of Windows going back to original MS-DOS days). I see more Window security patches in one or two weeks from Microsoft than I see in a year for my Linux distros (and when there is a patch, I see the same fix in the distros I use).
The original writer should have done a better job rather than having to explain himself (and still rather poorly). Also, too many bloggers were too eager to run with that article, taking it on “face value”, rather than doing their homework and verifying something contrary to what others have found.
This article points out that Windows statistics have been separated per version while both Apple and Linux have each been treated as a single entity and says that why is anyone’s guess. Well, it seems pretty obvious to me that whoever collated the data was deliberately trying to disguise the fact that if you added the vulnerabilities across ALL the Windows versions, the figure would be 248, which would show that Windows is nearly twice as vulnerable as Apple Mac OS X, Apple iOS and Linux!
The browser chart shows that Microsoft’s Internet Explorer is ALSO nearly twice as vulnerable as their nearest competitors Chrome and Firefox!
However, I think that Microsoft products are probably targeted more than other OS’s and browsers because Microsoft products are more widely used than the others. Even so, Microsoft certainly needs to do more to make their products less vulnerable.
I tend to agree Sheri. However, I think “deliberately” may be a tad harsh, perhaps “misguidedly”.
No, what it shows is that the vulnerabilities in Windows are mostly common to all versions and should NOT be added together since 95% of them are the same. Windows was only broken down that way because it is by far the most used OS. Nobody really cares enough about Linux to see the numbers specific to each version. Apple’s OS’s don’t allow many older iterations to exist at all.
Also anyone who uses Chrome sees that there are far more patches done in a month or more than are needed for Internet Explorer in that same time frame. Those browser numbers really don’t make sense and are not supported by other reports.
The total number of Windows vulnerabilities if all versions were combined would most likely be something like 40-45. Probably less since most are common to all versions and should not be counted more than once. Look at the Windows numbers as representing the Windows core in the same way the Linux numbers represent the core or kernel which is common to all of them.