OS vulnerabilitys

[gore]

Mac OS among least prone to attack
Thu Oct 31, 7:26 PM ET
by Paul Roberts, IDG News Service Boston Bureau

Apple Computer Inc.'s Macintosh (news - web sites) was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses in 2002, while Microsoft Corp.'s Windows and the Linux operating systems were the most vulnerable, according to a report by technology risk management company mi2g Ltd.




The report, which will be released Friday, presents data on the discovery of software vulnerabilities and incidents of digital attack for 2002, according to a summary of the report released Thursday.


Data from the report is taken from mi2g's SIPS (Security Intelligence Products & Systems) database, which stores information on more than 6,000 hacker groups reaching back to 1995.


According to the company, 1,162 new software vulnerabilities were discovered during the first 10 months of 2002, including vulnerabilities discovered in operating systems, server software, and third-party applications. Of that number, fewer than 25 were attributable to the Macintosh operating system (OS).


Two different versions of Unix (news - web sites) shared top honors with Macintosh with fewer than 25 vulnerabilities: Compaq Computer Corp.'s Tru64 and The SCO Group Inc.'s SCO Unix.


In contrast, Microsoft's Windows operating system accounted for the lion's share of new vulnerabilities, with more than 500 vulnerabilities discovered affecting Windows operating systems. More than 200 vulnerabilities were discovered that affected the Linux operating system, according to the information released by mi2g, based in London.


The number of vulnerabilities reported by software vendors and users so far this year is lower than the 1,506 vulnerabilities discovered in all of last year. However, mi2g notes that the pace of discoveries is picking up, with 301 new vulnerabilities discovered in the month of October.


The report also found that 2002 was the worst year on record for digital attacks, with almost 58,000 attacks taking place during the first 10 months of the year, a 54 percent increase from the 31,322 attacks recorded in 2001.


The number of vulnerabilities discovered in an operating system, as opposed to market share, correlated with the likelihood of an operating system being attacked, mi2g found.


Macintosh, which is used on between 3 percent and 5 percent of the world's computers, was the target of only 31, or .05 percent, of all overt digital attacks through October 2002. Microsoft Windows, which is on more than 90 percent of all computers, was the target of 31,431, or 54 percent, of those attacks.

The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.

Mi2g estimates economic damage by collecting information from a variety of sources and estimating the cost of lost productivity as well as losses stemming from property rights violations, liabilities and share price declines, according to the company.

Mi2g recommends creating new, trusted computing platforms and secure operating systems from scratch, rather than relying on patches to fix vulnerabilities.
-----------------------------------------------------------------------------------------------------------
wow, thats really cool i think, its still awesome that the new MAC OS X is based on FREE BSD but some of that stuff was just neat, lol.

[gore]

Mac OS among least prone to attack
Thu Oct 31, 7:26 PM ET
by Paul Roberts, IDG News Service Boston Bureau

Apple Computer Inc.'s Macintosh (news - web sites) was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses in 2002, while Microsoft Corp.'s Windows and the Linux operating systems were the most vulnerable, according to a report by technology risk management company mi2g Ltd.




The report, which will be released Friday, presents data on the discovery of software vulnerabilities and incidents of digital attack for 2002, according to a summary of the report released Thursday.


Data from the report is taken from mi2g's SIPS (Security Intelligence Products & Systems) database, which stores information on more than 6,000 hacker groups reaching back to 1995.


According to the company, 1,162 new software vulnerabilities were discovered during the first 10 months of 2002, including vulnerabilities discovered in operating systems, server software, and third-party applications. Of that number, fewer than 25 were attributable to the Macintosh operating system (OS).


Two different versions of Unix (news - web sites) shared top honors with Macintosh with fewer than 25 vulnerabilities: Compaq Computer Corp.'s Tru64 and The SCO Group Inc.'s SCO Unix.


In contrast, Microsoft's Windows operating system accounted for the lion's share of new vulnerabilities, with more than 500 vulnerabilities discovered affecting Windows operating systems. More than 200 vulnerabilities were discovered that affected the Linux operating system, according to the information released by mi2g, based in London.


The number of vulnerabilities reported by software vendors and users so far this year is lower than the 1,506 vulnerabilities discovered in all of last year. However, mi2g notes that the pace of discoveries is picking up, with 301 new vulnerabilities discovered in the month of October.


The report also found that 2002 was the worst year on record for digital attacks, with almost 58,000 attacks taking place during the first 10 months of the year, a 54 percent increase from the 31,322 attacks recorded in 2001.


The number of vulnerabilities discovered in an operating system, as opposed to market share, correlated with the likelihood of an operating system being attacked, mi2g found.


Macintosh, which is used on between 3 percent and 5 percent of the world's computers, was the target of only 31, or .05 percent, of all overt digital attacks through October 2002. Microsoft Windows, which is on more than 90 percent of all computers, was the target of 31,431, or 54 percent, of those attacks.

The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.

Mi2g estimates economic damage by collecting information from a variety of sources and estimating the cost of lost productivity as well as losses stemming from property rights violations, liabilities and share price declines, according to the company.

Mi2g recommends creating new, trusted computing platforms and secure operating systems from scratch, rather than relying on patches to fix vulnerabilities.
-----------------------------------------------------------------------------------------------------------
wow, thats really cool i think, its still awesome that the new MAC OS X is based on FREE BSD but some of that stuff was just neat, lol.

[Wickdgin]

From the looks of it the study is done simply on general statistics, the number of vulnerabilities, the number of attacks, cost, etc. However based on such stats: running Mac OS doesn't mean your more secure, it simply means your less of a target.


Off topic: I do like what I've heard about Mac OS X, though I have heard most of the unix like stuff isn't there (which would disapoint me being a hardcore Linux user).

[Wickdgin]

From the looks of it the study is done simply on general statistics, the number of vulnerabilities, the number of attacks, cost, etc. However based on such stats: running Mac OS doesn't mean your more secure, it simply means your less of a target.


Off topic: I do like what I've heard about Mac OS X, though I have heard most of the unix like stuff isn't there (which would disapoint me being a hardcore Linux user).

[R0n1n]

how does anyone figure out how much these attacks cost?

'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?

Just seems that these kinds of figures are touted around allot but no one ever seems to be able to explain how they were derived. In fact, given thats lots of companies do not report security problems the number may be even higher....

Or it could all be BS.

[R0n1n]

how does anyone figure out how much these attacks cost?

'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?

Just seems that these kinds of figures are touted around allot but no one ever seems to be able to explain how they were derived. In fact, given thats lots of companies do not report security problems the number may be even higher....

Or it could all be BS.

[slarty]

Remember that the number of vulnerabilities that are discovered is not necessarily related to the number of vulnerabilities that exist.

The OS that tops the charts (unsurprisingly) is the most used one.

The ones that come in at the bottom (some weird proprietry versions of UNIX) were the ones with the least deployments.

This does not surprise me, neither security companies nor hackers are going to bother looking for problems in OSs that hardly anybody runs.

[slarty]

Remember that the number of vulnerabilities that are discovered is not necessarily related to the number of vulnerabilities that exist.

The OS that tops the charts (unsurprisingly) is the most used one.

The ones that come in at the bottom (some weird proprietry versions of UNIX) were the ones with the least deployments.

This does not surprise me, neither security companies nor hackers are going to bother looking for problems in OSs that hardly anybody runs.

[ivi]

how does anyone figure out how much these attacks cost?

'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?
<snap>

I have actually read an article about it couple years ago, don't remember where though. Thats hilerious how they do it, they calculate everything from OS reinstalls, Possible profits, that could be maid to extra pay to administrator and employee training.

[LoggOff]

ok i know that trashing mac and M$ is quickly going out but i have to say that in comparison programing virii and 'hacking programs' is harder..... in fact ive never even seen an ad for any kind of programing language FOR mac (unless you count java and the like, eg. enterpeted languages) i guess that mac can the whole idea of 'security thru obsturity' right.... mabee M$ sould take some tips from apple...... oh wait........ thats the whole MacOS vs. winblows argument..... whoops! mabee its just that M$ cant get anything right when it comes to security...... tho there still a hell of sales group