Remember, an aging code base is a feature
The Macalope receives the InfoWorld Daily email and today’s Quote of the Day was:
Surprise, Microsoft Windows is no worse than most other popular platforms in terms of the number of vulnerabilities. Numbers alone never tell the whole story, but you can’t read the figures and come away feeling that the Mac OS X or Linux is somehow doing a better job.
Indeed, numbers alone don’t tell the whole story and, ironically, neither does InfoWorld’s security blogger Roger Grimes. He does admit the following about the source of the information:
Jeff Jones, of course, is a Microsoft employee. But he compiled his figures from the commonly respected, vender neutral, CVE list.
Hmm. OK. That’s fine. And, actually, Jones’ post is a fairly neutral, sober look at the numbers.
But let’s look at his conclusion:
Within the platform space, both Mac OS and the Linux kernel are experiencing a general multi-year trend of higher numbers of vulnerability disclosures, while both Windows and Unix systems have generally trended downward during that time period. However, in the most recent year, Windows and the Linux kernel contributed relatively less than last year, while Mac OS and Unix contributed relatively more.
Hmm. Hmm. Now why might that be? Hmm. Hmm.
Could the fact that Microsoft has not substantially updated Windows for five fricking years have anything to do with it?
It should be rather unsurprising that an operating system which has only been updated with patches and bug fixes for five years would be more secure than one that’s been updated with new features every year.
The Macalope does believe that Microsoft is taking security more seriously than Apple currently is. But that’s probably because Microsoft has such a huge security problem. And it remains to be seen whether Vista’s solution to security – throw up a dialog box every time the user tries to do something – is really workable. So, let’s look at those number in another year.
Grimes, meanwhile, rushes to a conclusion of his own which is wholly unsupportable:
If you want true security, use OpenBSD, otherwise what you use is going to have a fair amount of publicly announced exploits on a regular basis.
Uh, well, actually, Rog, there’s “a fair amount” and then there’s “next to none.” Here on the planet Earth, you can count the number of OS X exploits on one hand (currently, at least). Perhaps the 100-fingered creatures that inhabit Glaxxor 6 in the Arcturus Nebula can count the number of Windows exploits on one hand, but that’s not really a fair comparison, is it?
But the Macalope expects Grimes knows that.