What measures are there of Windows security vs Apple and maybe Linux?

Hi all,
this afternoon someone was telling me that the "Apple gets hacked less and is vastly more secure than Windows" thing is just a successful marketing myth of Apple. What are your comments - and how is this stuff measured anyway? Surely there's something statistical?

 

Here you go:

Mac OS X has 2750 vulns: https://www.cvedetails.com/product/156/Apple-Mac-Os-X.html?vendor_id=49
In comparison, Windows 10 only has 2216, or 20% fewer: https://www.cvedetails.com/product/32238/Microsoft-Windows-10.html?vendor_id=26

I suppose you can say that Mac OS X has been out longer, so more vulnerabilities have been found, but you can counter balance that with the fact that Windows is much more installed and therefore more researched and attacked.

 

It's not a myth per say, it has always stemmed from the fact that MacOS has it's UNIX underpinnings and so people think that means it's more secure. It also depends what you mean, MacOS is probably was/is more secure in the following ways:

You need a password to install software, it's usually harder to get a pay load onto it, its used by far less people, Apple control both Hardware and Software making for an easier time locking it down. A lot of the same things Linux has going for it.

Windows has come a long way though, if setup correctly you have all the same protections on a piece of Software used by many more people on all sorts of configurations, I think MS don't get enough credit for what product they have.

 

https://defcon.org/
https://www.youtube.com/user/DEFCONConference/featured
Pick a OS and search how easy it is to compromise if you are the target.

 

The weakest point in any security is still the meatbag behind the keyboard

 

Security is about process and education, not products. Anyone telling you any different is trying to sell you something.

 

This is only vulnerabilities found, it's not really any measure of how secure an operating system is per se.

When you consider that most Windows accounts are set up as administrator, with UAC never really intended to be 100% a privilege escalation tool, there's a number of ways you can exploit a Windows system (double extension exploit anyone? How that hasn't been patched yet is beyond my comprehension).

Considering Malware alone, it's vastly easier to remove from a MacOS based system than a Windows based system, usually with no damage to important operating system files in the case of MacOS.