Luminous Landscape Forum
Equipment & Techniques => Computers & Peripherals => Topic started by: plugsnpixels on December 03, 2017, 04:14:58 pm
-
Here's an interesting site I discovered yesterday, listing past and current security vulnerabilities for various operating systems. You can do searches. Here's the list for macOS (http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/year-2017/Apple-Mac-Os-X.html).
Search for Windows 10 and various flavors of Linux and see who comes out ahead!
-
Your link doesn't work for one.
I don't need the link to know which OS has the MOST flavors of vulnerabilities.
-
Thanks Andrew, link fixed. I had to battle the URL as it appeared in the forum box for a bit to make it stick.
-
PS: Andrew, I was surprised to see macOS leads the list of vulnerabilities, just a bit past Windows 10! Linux has basically none.
I'm mainly a Mac user but I also use Windows 10 and Deepen Linux on occasion.
-
PS: Andrew, I was surprised to see macOS leads the list of vulnerabilities, just a bit past Windows 10! Linux has basically none.
Depending on how you define vulnerabilities yeah, I'm not the least bit concerned about the Mac (I've been running one since 1988). Don't ask me about my one Windows Laptop.
-
I'm with Andrew.
Most of the vulnerabilities listed for Mac are:
- "macOS before 10.13.1 is affected"
- vulnerability "via a crafted app"
The latter could translate to "if you're stupid enough to load an app on your machine that you shouldn't have"
I started with the initial Windows/286 in 1988 when it was a GUI tacked on to DOS. In 2011 I finally gave up on Windows and went all the way with Mac. I don't regret a thing about the move.
Please don't take this to mean that I want to initiate yet another Mac vs Windows war. I don't. If Windows works for you that's fine.
-
Thanks all, I'm actually primarily a Mac user (I support 400 of them in higher ed IT) but was surprised at the lists of items on those pages for not only macOS but Windows. I also tinker with Linux and was also surprised at the supposed lack of vulnerabilities there.
-
Here's an interesting site I discovered yesterday, listing past and current security vulnerabilities for various operating systems.
I would like a list that excludes vulnerabilities that rely on "user error", meaning downloading and running dodgy software from sources other than a curated app store—particularly if the attack also requires running that malware in an account with admin privileges.
Also, the paucity of Linux vulnerabilities sounds like a consequence of relatively low interest in attacking Linux, due to its far lower number of user who are both "unsavvy" and have admin privileges. (By the way, does the Linux vulnerabiilty list include the most commonly used version of Linux, namely Android?)
-
There are also different kinds of vulnerabilities - Apple's recent problem with an open root account is only accessible if you have physical access to the machine, for example. It's extremely serious if exploited (if you get in as root, you can do literally anything), but in many environments, it's impossible to exploit. A Mac in a home-based photo studio isn't vulnerable at all, because nobody would be in there. On the other hand, it's a disastrous vulnerability in a university computer lab where hundreds of people have physical access.
The opposite extreme is represented by the recent spate of web pages that run cryptocurrency mining operations in the background. The consequences aren't all that severe - your computer uses a little extra electricity until you quit your browser, but it's a really easy vulnerability to exploit - any web ad can do it.
-
Most of the time regardless of OS your best defense is common sense. Or your worst enemy is a lack of it. :)