Slashdot Mirror
Microsoft or Apple - Who Is the Faster Patcher?
Amy Bennett writes "And the answer is... Microsoft. Researchers from the Swiss Federal Institute of Technology analyzed 658 high-risk and medium-risk vulnerabilities affecting Microsoft products and 738 affecting Apple. They measured how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0-day patch rate. What they found: 'Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005,' said Stefan Frei, one of the researchers involved in the study. 'Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple.'"
From the summary:
> 658 [...] affecting Microsoft products and 738 affecting Apple
"Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
Apple tells you what's fixed with every security update. Here's the document for the most recent: http://support.apple.com/kb/HT1249.
It's specific enough for me, listing every application / library, impact, and description.
Developers: We can use your help.
Go ahead... say it:
Orange
Well, back to rejecting software patent applications.
Personally as a certified Free software I'm rubbing my hands & looking forward to the Linux types who've switched for, basically, teh shiny. It's Freedom that counts folks, not features or functions or shiney... Freedom.
Sigs are too short to say anything truly profound so read the above post instead.
So this is an article that doesn't give any answers to the question it poses and references a study presented at blackhat, but which has not yet been published and in fact whose presentation is not even online yet.
Can't we at least wait until we have some sort of data to discuss before embarking on half-assed arguments about how relevant the data is and if the methodology is credible?
That link is to a browser view of the PDF at pdfmenot.com which caches the actual PDF, so the poor researcher's personal web site doesn't get hit too hard. You could download the original PDF from there if you really want to.
Dude that SP1 patch was not an official release for the public. More like a leak.
The official release has worked great for everyone I know.
Troll somewhere else please.
The greatest revenge in life is massive success.
This study is intentionally biased to make MS look good and Apple look bad. Which would you rather have, the blackhat broke into your network through an undisclosed MS hole that allows remote privilege escalation across the network (typical for MS products), or an open source library that you never use and is not exposed to any network facing service has a publicly announced vulnerability (which doesn't affect you personally) and is patched 6 months later by Apple?
It's such a non-issue in the first place because OS X is UNIX and UNIX is fundamentally more secure than any Windows architecture based machine. But MS can keep buying all the studies in the world to try to prove to the PHB crowd that the sky isn't blue, it's green, and that water really isn't wet. It works in politics... tell a lie often enough and people start to believe it (there are WMDs in Iraq) so it must work for technology too (Windows is more secure than OS X)...
"When the president does it, that means it's not illegal." - Richard M. Nixon
You mean that Apple was "below 20" and then got WORSE. Having more than 20 unpatched vulnerabilities is a bad thing compared to less than 20, not a good thing.
I call bullshit. digikam is a much better _GUI_ program than iPhoto. Better designed, less irritating, more powerful.
I know the truth hurts, but in terms of easy-to-use power, MacOS was overtaken by KDE 3 years ago...