Virus statistics based on OS

[Zstream]

Anyone know where I can get a hold of virus statistics based on the OS?

Trying to find the difference between 98/2k/xp/vista/OSx etc...

 

[mechBgon]

Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

 

[KeypoX]

Originally posted by: mechBgon
Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

Second link says that vista is basically the most secure and updated OS around. While Mac leopard is the worse...

 

[TheStu]

Originally posted by: KeypoX

Originally posted by: mechBgon
Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

Second link says that vista is basically the most secure and updated OS around. While Mac leopard is the worse...

I read it as saying that Vista was the most updated OS around. Not necessarily the most secure.

Also, he is asking about viruses, not necessarily security.

I have, I think, gotten 1 virus on the dozen or so systems that I have owned in the past well... 15 years. That virus was on a Windows XP machine that was connected to a poorly run school network. I have never gotten, nor known anyone that has gotten, nor known anyone that has known anyone that has gotten (and many repetitions after that) a virus on a machine running OS X. Or Linux for that matter. I do know people personally that have gotten viruses while on Windows.

From that perspective... OS X and Linux are virus-free, Windows.. not so much.

 

[AnonymouseUser]

Originally posted by: KeypoX

Originally posted by: mechBgon
Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

Second link says that vista is basically the most secure and updated OS around. While Mac leopard is the worse...

The guy that printed that report works for - get this - Microsoft! (Jeffery R. Jones - Security Guy (and Microsoft Director))

The way Microsoft and Ubuntu calculate vulnerabilities varies greatly, so while a Firefox vulnerability (that affects Firefox on all OSes) will count as a vulnerability for Ubuntu, it won't count against Vista.

Apples / Oranges

 

[imported_snikt]

Originally posted by: TheStu[/b}


Also, he is asking about viruses, not necessarily security.

I have, I think, gotten 1 virus on the dozen or so systems that I have owned in the past well... 15 years. That virus was on a Windows XP machine that was connected to a poorly run school network. I have never gotten, nor known anyone that has gotten, nor known anyone that has known anyone that has gotten (and many repetitions after that) a virus on a machine running OS X. Or Linux for that matter. I do know people personally that have gotten viruses while on Windows.

From that perspective... OS X and Linux are virus-free, Windows.. not so much.

Just because you say you or anybody you know has never gotten a virus on either OS X or Linux doesn't mean anybody else hasn't gotten a virus on those OSs or that viruses don't exist for those OSs.

Linux

Linux

OS X

OS X

 

[TheStu]

Originally posted by: snikt

Originally posted by: TheStu


Also, he is asking about viruses, not necessarily security.

I have, I think, gotten 1 virus on the dozen or so systems that I have owned in the past well... 15 years. That virus was on a Windows XP machine that was connected to a poorly run school network. I have never gotten, nor known anyone that has gotten, nor known anyone that has known anyone that has gotten (and many repetitions after that) a virus on a machine running OS X. Or Linux for that matter. I do know people personally that have gotten viruses while on Windows.

From that perspective... OS X and Linux are virus-free, Windows.. not so much.

Just because you say you or anybody you know has never gotten a virus on either OS X or Linux doesn't mean anybody else hasn't gotten a virus on those OSs or that viruses don't exist for those OSs.

Linux

Linux

OS X

OS X

I never said that there were none. I am aware of both of those viruses for OS X (I don't much care about Linux to be honest) as well as the additional ones, that all require the user to be a flaming idiot to catch.

Plus, that first warning came from an AntiVirus company. Now, I am of the opinion that until such time as there are about 114,000 viruses out there infecting OS X (maybe not actually that many, that number comes from Apple as the number of viruses for Windows in 2007 alone) then I will not listen to the AntiVirus company because they have an unproven piece of software.

The second link was a low risk, proof of concept, that A: Wasn't in the wild, and B: got fixed with a point release.

And as I said, I never said that there were none, simply that I have never 'met' anyone, on any forum, or in any medium that has gotten a virus in OS X. Not even my mother.

 

[mechBgon]

Originally posted by: AnonymouseUser

Originally posted by: KeypoX

Originally posted by: mechBgon
Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

Second link says that vista is basically the most secure and updated OS around. While Mac leopard is the worse...

The guy that printed that report works for - get this - Microsoft! (Jeffery R. Jones - Security Guy (and Microsoft Director))

The way Microsoft and Ubuntu calculate vulnerabilities varies greatly, so while a Firefox vulnerability (that affects Firefox on all OSes) will count as a vulnerability for Ubuntu, it won't count against Vista.

Apples / Oranges

He's pretty transparent about how he calculates stuff. If you have a better-devised report to share, by all means post a link to it. As for your example of a FireFox vuln, is that installed by default on Ubuntu? Then it deserves to count as a vulnerability. If it's not installed by default, Jeff didn't count it.

I am aware of both of those viruses for OS X (I don't much care about Linux to be honest) as well as the additional ones, that all require the user to be a flaming idiot to catch.

Like the DNSChanger trojans for Mac, and the "scareware" apps, yeah. Unfortunately, Windows does not have an exclusive on "flaming idiot" users who believe whatever the screen says.

 

[TheStu]

Originally posted by: mechBgon

Originally posted by: AnonymouseUser

Originally posted by: KeypoX

Originally posted by: mechBgon
Microsoft's Security Intelligence Report has good stats, although not as far back as Win98. If you can't handle the full SIR in one sitting, the Key Findings Summary is a good start

If you're researching the OS vulnerability scene, this may help too: http://blogs.technet.com/secur...sktop-vuln-report.aspx

Second link says that vista is basically the most secure and updated OS around. While Mac leopard is the worse...

The guy that printed that report works for - get this - Microsoft! (Jeffery R. Jones - Security Guy (and Microsoft Director))

The way Microsoft and Ubuntu calculate vulnerabilities varies greatly, so while a Firefox vulnerability (that affects Firefox on all OSes) will count as a vulnerability for Ubuntu, it won't count against Vista.

Apples / Oranges

He's pretty transparent about how he calculates stuff. If you have a better-devised report to share, by all means post a link to it. As for your example of a FireFox vuln, is that installed by default on Ubuntu? Then it deserves to count as a vulnerability. If it's not installed by default, Jeff didn't count it.

I am aware of both of those viruses for OS X (I don't much care about Linux to be honest) as well as the additional ones, that all require the user to be a flaming idiot to catch.

Like the DNSChanger trojans for Mac, and the "scareware" apps, yeah. Unfortunately, Windows does not have an exclusive on "flaming idiot" users who believe whatever the screen says.

Oh, I never said that Windows has a monopoly on idiot users. Windows just has more of them, simply by virtue of the fact that Windows has like 90%+ market share.

 

[Nothinman]

He's pretty transparent about how he calculates stuff. If you have a better-devised report to share, by all means post a link to it. As for your example of a FireFox vuln, is that installed by default on Ubuntu? Then it deserves to count as a vulnerability. If it's not installed by default, Jeff didn't count it.

I believe FF is installed by default, but I'm not sure. But most of those reports tend to count vulnerability reports so every time Ubuntu, Debian, RedHat, etc release a security notice that counts as 1 whether it's included by default or not. And because every Linux distro includes many magnitudes more software than Windows the numbers are going to automatically inflated. Right now on my Debian machine apt-cache tells me that it's tracking 24894 normal packages and while some of those fall into groups so the possible number of packages is slightly smaller it's still leaps and bounds above what MS and Apple maintain and release security notices about.

 

[mechBgon]

Originally posted by: Nothinman

He's pretty transparent about how he calculates stuff. If you have a better-devised report to share, by all means post a link to it. As for your example of a FireFox vuln, is that installed by default on Ubuntu? Then it deserves to count as a vulnerability. If it's not installed by default, Jeff didn't count it.

I believe FF is installed by default, but I'm not sure. But most of those reports tend to count vulnerability reports so every time Ubuntu, Debian, RedHat, etc release a security notice that counts as 1 whether it's included by default or not. And because every Linux distro includes many magnitudes more software than Windows the numbers are going to automatically inflated. Right now on my Debian machine apt-cache tells me that it's tracking 24894 normal packages and while some of those fall into groups so the possible number of packages is slightly smaller it's still leaps and bounds above what MS and Apple maintain and release security notices about.

He did state in the actual report that he excluded stuff that wouldn't be part of a typical Linux desktop installation, in an effort to make a reasonable comparison. No one can help but suspect a pro-Microsoft bias when he's a Microsoft employee, of course.

However, a common objection to comparisons that take the most conservative security viewpoint is that Linux distributions include many optional components not installed by default that would not be commonly installed on the average user?s desktop. I don?t disagree, and I am interested in a view that presents a view of more comparable configurations.

With that in mind, I created reduced configurations for the two Linux desktop operating systems and excluded any vulnerabilities from (a) optional components that were not installed by default and (b) OpenOffice and a couple of graphics components8. The chart showing this reduced view is shown in Figure 7.

You could swing the argument 180° by noting that by Jeff's methodology, all Windows installations will always be dinged for Internet Explorer vulnerability counts, even if the user doesn't use IE. Ditto for Windows Media Player, .NET on Vista, Outlook Express or Windows Mail, WordPad, and so on.

Anyone with a comparison they feel is better, certainly go ahead and post them.

 

[Nothinman]

He did state in the actual report that he excluded stuff that wouldn't be part of a typical Linux desktop installation, in an effort to make a reasonable comparison. No one can help but suspect a pro-Microsoft bias when he's a Microsoft employee, of course.

Sadly the comparison will never be reasonable.

You could swing the argument 180° by noting that by Jeff's methodology, all Windows installations will always be dinged for Internet Explorer vulnerability counts, even if the user doesn't use IE. Ditto for Windows Media Player, .NET on Vista, Outlook Express or Windows Mail, WordPad, and so on.

There's nothing to swing there, that's all software that you have absolutely no option to remove.