Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart, below.
The chart shows that Apple products consistently have more vulnerabilities than do Microsoft ones.
Keep in mind, by the way, that simply listing the total number of potential vulnerabilities isn't the best way to gauge the relative security or insecurity of a computer, because some vulnerabilities may be more prevalent than others. So Secunia is not saying that Apple products are less secure than other products. However, the report should lay to rest the myth that Apple products are innately secure.
Generally, Secunia concludes, a bigger market share means more vulnerabilities, which should be no surprise. The report says:
This analysis also supports the general perception that a high market share correlates with a high number of vulnerabilities. Apple (iTunes, Quicktime), Microsoft (Windows, Internet Explorer), and Sun Microsystems (Java, now part of Oracle) consistently occupy the top ranks during the last five years, with Adobe (Acrobat Reader, Flash) joining the group in 2008.However, there will certainly be one surprise for those who believe that Microsoft products are particularly vulnerable --- Secunia reports that they're not. The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs, it says:
A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.The report then concludes:
Users and businesses must change their perception that Microsoft products pose the largest threat in order to allocate security resources effectively. General awareness on the risk of 3rd party programs must be established.