A report published by GFI Software, a security software developer, revealed which operating systems have the most vulnerabilities. Shockingly, Apple’s OS X and iOS topped the list of the least secure operating systems with Windows handily beating them. But are OS X and iOS really more vulnerable than Windows?
Let’s dive into the data.
What the report says
The study is based on data from the National Vulnerability Database (NVD), which is a government run repository for security compliance and vulnerability data. GFI used data from the NVD reports and compiled some interesting data. Here’s what we learned from GFI’s report:
– There is a steady increase in the number of vulnerabilities spotted year over year. Between 2013 and 2014, the number of vulnerabilities increased by 2,244, a 47% increase in just one year.
– Third party apps account for over 80% of the reported vulnerabilities. This is significant as the study doesn’t point to the inherent security risks inside an operating system. Only 13% of vulnerabilities were attributed to the OS.
– OS X and iOS both topped the charts with the most vulnerabilities and the most vulnerabilities labeled as high risk.
– Linux is more vulnerable than Windows. GFI cites recent security issues like Heartbleed for this outcome.
– Microsoft’s Internet Explorer is the lease secure browser, followed by Chrome and Firefox.
An incomplete picture
While these figures are shocking, it paints an incomplete picture of the current security landscape. “Basically it’s like staring at a bunch of garden walls to see how many footballs come flying over the top – it doesn’t say much about the height or quality of a given wall, but maybe something about how many people are on the other side and what kind of games they’re playing,” Virus Bulletin Chief of Operations John Hawes.
Image credit: Christopher Park
It’s tempting to simply agree with GFI’s findings as Apple just had a record breaking quarter selling 74.5 million iPhones, making the iPhone a prime target for attackers. Studies show that iPhone users are also more likely to pay for apps than Android users, making iOS users a more lucrative target for hackers.
The story is much the same for Mac users. They are more likely to spend money on applications and are usually wealthier individuals who don’t mind paying a premium for Apple’s design and easy to use software. Exploiting Mac users could also mean more lucrative returns for hackers. Still, OS X only makes up 7% of the desktop OS market share as of January 2015 according to Net Applications.
“Basically it’s like staring at a bunch of garden walls to see how many footballs come flying over the top.”
“Nowadays Macs are booming,” says Hawes. “The same of course goes for iPhones and iPads, which have built up a reputation for being well-secured as well as a huge and largely well-off user base, again making them a top target for attack by both bad actors and those who see the act of penetrating the impenetrable as a great challenge.”
Hawes also notes that the data provided by the NVD only accounts for vulnerabilities that have been disclosed. Hackers or even the federal government often don’t disclose discovered vulnerabilities in order to use them later or to assist companies in patching them before making the vulnerability public.
The data provided by GFI is also strangely presented. While Windows is broken down into sections for different versions, OS X and iOS are bundled as one homogeneous operating system. Android is also strangely absent from the list, which historically has been a major source of vulnerabilities.
There also seems to be a little contradiction in the data. Windows beats OS X in the number of vulnerabilities but Microsoft’s Internet Explorer is far and beyond the most insecure browser according to the study. Since Internet Explorer only runs on Windows, doesn’t that make Windows more vulnerable by default? Interestingly, Safari isn’t even listed in GFI’s data.
What we can take away from GFI’s report is that we need more data. It’s easy to just point fingers and laugh at OS X and iOS users but doing so would be flippant.
I’d like to see more data about user behavior and how quickly vulnerabilities are patched. For example, Mac users may be so used to not running any security software that their behaviors are riskier than Windows users.
The terminology of the study also poses some issues. While I don’t doubt the number of vulnerabilities reported by NVD, it doesn’t tell me if these vulnerabilities have been exploited. It’s one thing to find a supposed vulnerability but another thing to actually exploit it.
With so many high profile security attacks in the last year, it’s no surprise people are interested in security data to see which platform will help protect them the best. Truth of the matter is that no operating system can fully protect you. While companies have to step up their security efforts, you’ll also need to step up yours. Know what to look for in a phishing email and download software only from trusted sources. Never reuse the same passwords and just exercise common sense when browsing the web.
For more security tips, check out our stories below.
Source: GFI Software
Follow me on Twitter @lewisleong