OS X and iOS are the Most Vulnerable Operating Systems (Said No One Ever)

Call it bullshit reporting or a publicity stunt, but according to security firm GFI, Apple’s Mac OS X is the most vulnerable operating system of 2014, with the iOS platform coming in second. And it doesn’t stop here. The report goes on to claim that Microsoft’s operating systems, especially the now defunct Windows RT platform, are the most secure of them all. Wow, seriously?

2015 02 2512 06 01

As pointed out by iMore’s Rene Ritchie, the shoddy report has so many problems that “it’s hard to figure out where to begin”. For instance, the report lists OS X and iOS as single line items on the chart yet Windows is broken down by version. “Why wouldn’t all operating systems be listed the same way?”, notes Rene. Here are some other blunders made by GFI in its report:

  • The National Vulnerability Database (NVD) lists everything reported to it by vendors, including Apple, Microsoft, and others. That doesn’t make it an accurate measure of vulnerabilities. It makes it an accurate measure of reporting. Why isn’t that distinction properly reflected?
  • Different vendors, including Apple and Microsoft, have different policies and procedures when it comes to reporting vulnerabilities to the NVD. Apple reports every fix in their advisories. (You can find them via the Apple Security Updates page.) If there’s no uniform reporting standard, how can uniform conclusions be drawn?
  • Microsoft has no “low vulnerabilities” listed. Does that mean there aren’t any or they don’t report them the way other platforms do?
  • OS X and iOS both have significant UNIX and open source software (OSS) components shared by BSD and other operating systems. That makes for a much different, and much wider possible reporting pool than, for example, Windows. How was that accounted for?

How this dumb report got approved for publishing in the first place beats me, but what’s more astonishing is, why mainstream outlets even bothered picking it up?