Security, as we take great pains to repeatedly point out, is something that deeply affects people. It affects their stress and trust levels when dealing with technology. When it's misreported it turns what should be an empowering experience into one of fear, uncertainty, and doubt. And it's far too frequently done just to get the worst kind of attention. The latest case in point is a — I don't want to call it a report — from GFI which claims OS X and iOS were the "most vulnerable operating systems of 2014. And, frankly, it's bullshit.
There are so many problems with GFI's not-a-report that it's hard to figure out where to begin.
OS X and iOS are listed as single line items on the chart yet Windows is broken down by version. Why wouldn't all operating systems be listed the same way? Can we just add all the Windows numbers up and see how big that number is in comparison?
The National Vulnerability Database (NVD) lists everything reported to it by vendors, including Apple, Microsoft, and others. That doesn't make it an accurate measure of vulnerabilities. It makes it an accurate measure of reporting. Why isn't that distinction properly reflected?
Different vendors, including Apple and Microsoft, have different policies and procedures when it comes to reporting vulnerabilities to the NVD. Apple reports every fix in their advisories. (You can find them via the Apple Security Updates page.) If there's no uniform reporting standard, how uniform conclusions be drawn?
Microsoft has no "low vulnerabilities" listed. Does that mean there aren't any or they don't report them the way other platforms do?
OS X and iOS both have significant UNIX and open source software (OSS) components shared by BSD and other operating systems. That makes for a much different, and much wider possible reporting pool than, for example, Windows. How was that accounted for?
The relative security of a platform has nothing to do with how well a company reports the vulnerabilities they fix — though seeing good reporting is certainly comforting. The relative security of a platform certainly has nothing to do with grossly distorted and disingenuous attention-bait.
I'm not sure how this not-a-report got approved for publication, and I'm flabbergasted that it got picked up by mainstream outlets, seemingly without even a cursory look to see if it made any sense whatsoever.
This GFI report has more holes than Swiss cheese./ Mac OS X is the most vulnerable OS, claims security firm | ZDNet http://t.co/FYD5nM2GKt— Patrick Moorhead (@PatrickMoorhead) February 25, 2015
In an era where some vendors have intentionally gone from defending to attacking their own customers, proper security reporting couldn't be any more important.
This type of misrepresentation happens regularly enough, however, that I'm beginning to suspect it's not done for the benefit of consumers at all. And that feels more like a security threat than anything contained in this not-a-report.
We may earn a commission for purchases using our links. Learn more.
European consumer group demands compensation from Apple over batterygate
A consumer association is demanding compensation from Apple over claims it slowed down user's iPhones.
iPhone 12's 'high-end' camera production 4-6 weeks behind schedule
Estimates suggest production is currently 4-6 weeks behind.
Analyst claims Apple has a 10-year lead in wearables, and that's being kind
Apple analyst Neil Cybart has a new, lengthy post up touting Apple's wearables market amongst other things.
If you have run an Airbnb, you might need one of these smart locks
These smart locks provide both convenience and security for you and your guests at your Airbnb rental. Make managing things easier by assigning codes and app access with the best smart locks around.