George Ou has an interesting analysis of Microsoft OS vs Apple OS vulnerability counts. Anything comparing the security of these two companies becomes controversial. I think that any analysis of vulnerability counts should include a paragraph on risk vs. vulnerabilities to diffuse the Mac fanboys. I might be able to leave my backdoor safely unlocked (a vulnerability) in the suburbs of Boston in Concord, MA. I wouldn’t do the same thing in Brooklyn, NY. Same vulnerability, different threat environment. Everyone readily admits that Macs have less risk on average due to their population and user base. This does not mean they are more secure. Move them into a high risk environment such as the hacker challenge at CanSecWest and they fall down. Just because there are no crackheads roaming around my neighborhood doesn’t mean my house is secure if I leave the backdoor open.

Written by: Chris Wysopal