OS X and iOS are the Most Vulnerable Operating Systems (Said No One Ever)

Call it bullshit reporting or a publicity stunt, but according to security firm GFI, Apple’s Mac OS X is the most vulnerable operating system of 2014, with the iOS platform coming in second. And it doesn’t stop here. The report goes on to claim that Microsoft’s operating systems, especially the now defunct Windows RT platform, are the most secure of them all. Wow, seriously?

2015 02 2512 06 01

As pointed out by iMore’s Rene Ritchie, the shoddy report has so many problems that “it’s hard to figure out where to begin”. For instance, the report lists OS X and iOS as single line items on the chart yet Windows is broken down by version. “Why wouldn’t all operating systems be listed the same way?”, notes Rene. Here are some other blunders made by GFI in its report:

  • The National Vulnerability Database (NVD) lists everything reported to it by vendors, including Apple, Microsoft, and others. That doesn’t make it an accurate measure of vulnerabilities. It makes it an accurate measure of reporting. Why isn’t that distinction properly reflected?
  • Different vendors, including Apple and Microsoft, have different policies and procedures when it comes to reporting vulnerabilities to the NVD. Apple reports every fix in their advisories. (You can find them via the Apple Security Updates page.) If there’s no uniform reporting standard, how can uniform conclusions be drawn?
  • Microsoft has no “low vulnerabilities” listed. Does that mean there aren’t any or they don’t report them the way other platforms do?
  • OS X and iOS both have significant UNIX and open source software (OSS) components shared by BSD and other operating systems. That makes for a much different, and much wider possible reporting pool than, for example, Windows. How was that accounted for?

How this dumb report got approved for publishing in the first place beats me, but what’s more astonishing is, why mainstream outlets even bothered picking it up?

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • The day GFI lost it’s customer respect, and now Fox News is looking at buying them.

  • djepsilon

    Looks like they got the operating system column in backwards order there.

  • talkiewalkie

    Well, I consider it reckless when Apple doesn’t patch all their operating systems with critical security patches (ex: bash bug) or lets not forget the SSL vulnerability that put millions of ios devices at risk, and still does for users still on iOS 6 or 7 that don’t want to update to an iOS that has been so problematic.
    I am an Apple user, but, i think avoiding at all costs being critical of apple is not the appropriate approach.

  • Chris

    Interesting to note that GFI don’t make security products for Apple systems. I wonder why they would discourage people from using them?