Your ENTIRE article tries to make excuses for about 1/3 of the holes. That still leaves OSX with about 10 times the security breaches!!!

Its kinda sad then mactards cant face the truth!
But it only shows how pathetic they can be when faced with facts…. excuses excuses.

Thats the difference, Windows users arent fans, we dont make excuses, we just want a fix, not an excuse.

Someone said why OSX doesnt get many viruses. Just based on the market share they wont spread a virus as fast, nor will it actually make it to many of its users.

Simple math mactards lack, exponential versus linear spread. Macs are more linear contact by numbers, MS users more exponential.

“There are three kinds of lies: lies, damned lies and statistics.”

source: http://www.twainquotes.com/Statistics.html

http://it.slashdot.org/comments.pl?sid=396432&cid=21780042

Is Secunia presenting slanted information with the expectation it will be misused?

Here’s one even better: We use GeSHi [qbnz.com] (Generic Syntax Highlighter) in WikkaWiki [wikkawiki.org]. We often scour the so-called “security vulnerability” databases because we’ve found many inaccuracies. In this specific case, Secunia issued this statement:

> we noticed the following entry in the changelog for GeSHi 1.0.7.18 and
> are about to issue an advisory based on this information.
>
> “Committed security fix for htmlspecialchars vulnerability. Also makes
> supporting multiple languages a lot easier”
> http://sourceforge.net/project/shownotes.php?release_id=489035 [sourceforge.net]
>
> To serve our mutual customers best we would appreciate to receive your
> comments on this issue before we publish our advisory.

WTF? This was a vulnerability in PHP’s htmlspecialchars() function, NOT GeSHi. Yet, Secunia was planning on milking this vulnerability in order to boost its “vulnerability count” at the expense of a project that had absolutely NOTHING to do with the vulnerability.

You see, these so-called “vulnerability experts” try to wring out as many vulnerabilities as possible, because we all know that the most effective “vulnerability expert” will be the one with the most posted vulnerabilities. So they go on fishing expeditions to uncover vulnerabilities that really don’t exist.

Or an even worse practice: “bottom-fishing” changelogs and bug trackers in order to discover vulnerabilities that have already been addressed. Here’s another instance where Secunia was caught trying to boost its street cred through disingenuous reporting: They apparently scoured our bug tracking database and discovered an issue (already fixed!) and falsely implied in their report that the content of wiki pages marked private might be accessible via RSS. This was clearly false, as the original bug report indicated that the page name (not content) could be accessed. Secunia later corrected [secunia.com] the false report.

We’ve caught Secunia doing this on several occasions. My advice to anyone who is involved in an OSS project is to regularly scour the vulnerability databases and challenge each and every advisory that you believe is not accurate. You might be surprised at the amount of so-called “vulnerability intelligence” out there that is blatantly false, outdated, or inaccurate.

Other assertions are that Microsoft just does not report their patched vulnerabilities [my understanding is that they were the patched ones that were reported] the same way or patches fewer. Or that hackers are not reporting them to MS, but may just be using them to turn Windows computers into spambots. I can go on and on, but no of it is valid. And we have not even gone on to show that the bundles Mac OS tally includes at least 3 versions. Could Vista have fewer vulnerabilities than Leopard? Sure, butu a balanced method of discovery, collection and reporting with absolute rules must be accomplished with a panel of experts. Otherwaise it’s all BS. It’s hard for me to believe that Rasmussen or anyone else, would make that statement. They are either idiots or have another agenda. I bet that it is the latter.