Mac OS among least prone to attack: report

Apple Computer Inc.’s Macintosh was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses in 2002, while Microsoft Corp.’s Windows and the Linux operating systems were the most vulnerable, according to a report by technology risk management company mi2g Ltd.

The report, which will be released Friday, presents data on the discovery of software vulnerabilities and incidents of digital attack for 2002, according to a summary of the report released Thursday.

Data from the report is taken from mi2g’s SIPS (Security Intelligence Products & Systems) database, which stores information on more than 6,000 hacker groups reaching back to 1995.

According to the company, 1,162 new software vulnerabilities were discovered during the first 10 months of 2002, including vulnerabilities discovered in operating systems, server software, and third-party applications. Of that number, fewer than 25 were attributable to the Macintosh operating system (OS).

Two different versions of Unix shared top honours with Macintosh with fewer than 25 vulnerabilities: Compaq Computer Corp.’s Tru64 and The SCO Group Inc.’s SCO Unix.

In contrast, Microsoft’s Windows operating system accounted for the lion’s share of new vulnerabilities, with more than 500 vulnerabilities discovered affecting Windows operating systems. More than 200 vulnerabilities were discovered that affected the Linux operating system, according to the information released by mi2g, based in London.

The number of vulnerabilities reported by software vendors and users so far this year is lower than the 1,506 vulnerabilities discovered in all of last year. However, mi2g notes that the pace of discoveries is picking up, with 301 new vulnerabilities discovered in the month of October.

The report also found that 2002 was the worst year on record for digital attacks, with almost 58,000 attacks taking place during the first 10 months of the year, a 54 per cent increase from the 31,322 attacks recorded in 2001.

The number of vulnerabilities discovered in an operating system, as opposed to market share, correlated with the likelihood of an operating system being attacked, mi2g found.

Macintosh, which is used on between 3 per cent and 5 per cent of the world’s computers, was the target of only 31, or .05 per cent, of all overt digital attacks through October 2002. Microsoft Windows, which is on more than 90 per cent of all computers, was the target of 31,431, or 54 per cent, of those attacks.

The cumulative economic damage of such attacks, worldwide, was estimated to be US$7.3 billion according to mi2g. When taken together with so-called “covert” attacks such as worms and viruses, however, that figure grows to between US$33 billion and US$40 billion.

Mi2g estimates economic damage by collecting information from a variety of sources and estimating the cost of lost productivity as well as losses stemming from property rights violations, liabilities and share price declines, according to the company.

Mi2g recommends creating new, trusted computing platforms and secure operating systems from scratch, rather than relying on patches to fix vulnerabilities.