What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.
“Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005,” Frei said. “Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple.” ^
Apple’s vaunted security originates in two pillars: the UNIX kernel of its operating system, which others coded and tested for 30 years before Apple touched it, and the relatively scarcity of Macs. As that second pillar changes, so will the perception of Apple security, especially as we the consumers find that Apple has been relying on this perception to avoid fixing many of the bugs in not only its operating system but its software fundamentals.
In many ways, Apple has had the benefit of being smaller and having less public scrutiny allow it an advantage when competing with Microsoft. Now that these shields are stripped away, the criticism is mounting. This is the same dilemma that faced open source software developers who steadfastly refused to update some parts of their popular software. They were OK until they hit a tipping point, then suddenly, they faced a howling dervish of complaint.
Miller, best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. ^
In a security contest, the Mac gets pwnt before the PC. However, this had to happen through a browser exploit. What this means is that the basics of both systems are fairly solid. It’s only since 1999 that most Americans have been using always-on connections, which caused the security crisis of botnets and trojan horses to become a serious game, and it’s only since 2004 or so that Microsoft has really faced that howling dervish. They’re starting to get it right.
As with many techno-memes, what people chatter about online is often wrong or gives a skewed view of the reality. People who attempt radical brand loyalty, especially to an underdog company, are damaging to the market because they deny basic facts and so allow them to go unfixed. Whether that company is Apple, Microsoft, or pizza-munching volunteer developers, remains irrelevant.