AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > OS, Software, Firmware, and BIOS


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 23rd March, 2007, 03:30 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

Symantec says...XP most secure OS on market!

Well, I thought so, but good to hear it confirmed...but it's VIsta..not XP!!!

Quote:
March 21, 2007
Surprise, Microsoft Listed as Most Secure OS
By Andy Patrizio


UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec (Quote), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.

The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.

The report found that Microsoft (Quote) Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.

During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.

Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days.

The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.

Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple (Quote) has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.

Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.

Bringing up the rear were HP-UX from Hewlett Packard (Quote) and Solaris from Sun (Quote). HP-UX had 98 vulnerabilities in the second half of 06 and took 101 days to fix them. Sun, though, really dragged its feet, taking on average 122 days to fix 63 vulnerabilities. It wasn't doing much better in the first half of 06, either. It took 89 days to fix 16 vulnerabilities.

Alfred Huger, vice president of engineering for Symantec Security Center, said the real problem is with Web applications, where two-thirds of all vulnerabilities are found. Operating systems are fairly minor, and despite the long time periods, the vendors are doing "an ok job, just not stellar."

The response from vendor's mentioned in the report was mixed. A Microsoft spokesperson issued a statement to internetnews.com that said in part "As a part of this industry, Microsoft continues to adapt to address these threats and continues to work with others in the industry to protect customers as a whole."

Anuj Nayar, manager of Apple's Mac OS X and developer relations, would only say "Apple takes security very seriously and has a great track record of addressing vulnerabilities before they affect you."

Sun specifically disputed Symantec's data and conclusions in a statement emailed to internetnews.com:

"Symantec's data on security vulnerabilities simply does not match Sun's. We can't verify Symantec's sources and consider their report on Sun inaccurate. From 7/1/06-12/31/06 we published 54 Security Sun Alerts, of which 36 were for Solaris - substantially less the 63 Solaris vulnerabilities claimed in the Symantec report. Past analysis of our vulnerability response shows we responded within five days for the vast majority of vulnerabilities, but averages are skewed by a small minority of 3rd party applications (or code) that are included/bundled with Solaris. Sun responds to all reports of security vulnerabilities, and we stand by our reputation and established track record of responding to security vulnerabilities with Sun Alerts and a quick turnaround time for patches.

Analyst Charles King with Pund-IT said Microsoft has had to be aggressive about dealing with security issues because it's such a big target. In that regard, the company has met the challenge.

"I think in a way that a culture of having been under attack for a decade or more has led to the company taking a very proactive approach to fixing those problems," he told internetnews.com. "In the last 24 months, they've taken a very aggressive stance toward the security of their system. In review after review of Vista, despite its faults, the security of the system has been considerably better than XP."

By contrast, King said there have been complaints in the past about Apple's lack of response to security issues. But as the Mac and Linux gain marketshare, they will have to respond much quicker.

"Are the old models of response to security issues going to be able to fly or will those companies start to take some serious publicity hits from these increasing vulnerabilities and a relatively lackadaisical response to fixing those vulnerabilities?" he asked.

This article was Updated to include comments by Sun Microsystems that were received after the original story was filed.

http://www.internetnews.com/security...le.php/3667201
__________________

Last edited by cadaveca; 23rd March, 2007 at 03:31 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 23rd March, 2007, 04:04 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

If you have time to read all 104 pages of the report (it's very comprehensive - covering a whole bunch of stuff), then you can find the report right here. If you want to know about the responsiveness of vendors to patching holes in the OS, then this is the graph to read.

http://www.aoaforums.com/forum/attac...g?d=1174661619

However, this isn't the whole picture at all! Looking more closely vulnerabilities at web browsers, and you might discover something a little unusual. That's right - at some points, more flaws have been discovered in Mozilla than in Internet Explorer.

http://www.aoaforums.com/forum/attac...g?d=1174662297

That, however, is where the downside for Mozilla ends. In 2H of 2006, Mozilla had an average exposure of just two days for their vulnerabilities. The worst case was 33 days for a patch to be produced. In the same period, IE had an average exposure of 10 days, and the worst case was 78 days for a patch to be produced. Opera had an average exposure of 23 days, and the worst case was 46 days to develop a patch. Safari had an average exposure of 62 days, but this is based on a single vulnerability.
Attached Thumbnails
Symantec says...XP most secure OS on market!-patchresponse.jpg   Symantec says...XP most secure OS on market!-webflaws.jpg  
__________________

Last edited by Áedán; 23rd March, 2007 at 05:20 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 23rd March, 2007, 04:17 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

lol thanks Aedan! Now where do we got the full report?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 23rd March, 2007, 04:35 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

It's in the first line of text, where it says "right here". It's a big report though.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 23rd March, 2007, 04:54 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

hehehehe
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 23rd March, 2007, 04:58 PM
Gizmo's Avatar
Chief BBS Administrator
BassTeroids Champion, Global Player Champion, Aim & Fire Champion, Puzzle Maniax Champion, Othello Champion, Canyon Glider Champion, Unicycle Challenge Champion, YetiSports 9: Final Spit Champion, Zed Champion
 
Join Date: May 2003
Location: Webb City, Mo
Posts: 16,178
Send a message via ICQ to Gizmo Send a message via AIM to Gizmo Send a message via MSN to Gizmo Send a message via Yahoo to Gizmo Send a message via Skype™ to Gizmo

Wait, I'm confused.

The reports says that Microsoft had 39 vulnerabilities, yet your graph shows 54 for IE alone! And MS have insisted over and over again that IE is part of the OS. If they are going to tell us that IE is part of the OS, then shouldn't the OS vulnerabilities include the IE count?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 23rd March, 2007, 05:04 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

For XP, sure. but what about Vista?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 23rd March, 2007, 05:21 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

The OS vulnerabilities don't include IE, because MS has only managed to fool themselves into believing that IE is a core part of the OS. Symantec don't yet beleive that delusion apparently.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 23rd March, 2007, 08:15 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

Real world, how much should anyone prefer any of these OS' over another on the basis of security? Assuming they are all patched and up to date?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Symantec starts YouTube security channel danrok Data Security 2 1st February, 2007 07:02 PM
Symantec sees an Achilles' heel in Vista Gizmo Data Security 3 18th July, 2006 09:28 PM
Symantec Sues Microsoft Gizmo Random Nonsense! 9 20th May, 2006 06:26 PM
D@mn Symantec/Norton:mad: Lionfish OS, Software, Firmware, and BIOS 2 26th July, 2002 08:54 PM
SSL (secure socket layer/secure server) Question Nix Random Nonsense! 2 18th November, 2001 05:58 AM


All times are GMT +1. The time now is 03:24 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0