Study: Mac OS, SCO Unix Platforms Least Subject To Attack


For the first 10 months of 2002, the Apple Macintosh, SCO Unix and Compaq Tru64 operating systems were the least vulnerable to hacker attacks and damage from viruses and worms, according to an analysis released Friday by mi2g, a London-based digital risk management and IT security firm.

The number of new vulnerabilities announced by software vendors or discovered by users so far this year totaled 1,162, of which a record 309 were found last month, mi2g reported. Of the vulnerabilities identified this year, 44 percent affected Microsoft Windows, compared with 19 percent for Linux, 9 percent for BSD and 7 percent for Sun Solaris. The Mac OS and Compaq Tru64 platforms each were affected by 1.9 percent of the vulnerabilities, and SCO Unix was affected by 0.5 percent of them.

Last year, software vendors and users found 1,506 vulnerabilities, compared with 990 in 2000, 861 in 1999 and 245 in 1998, according to the study. Vulnerabilities can involve the OS, server software and third-party applications and have a cumulative impact on digital attacks, since blends of new and old vulnerabilities can be exploited simultaneously, according to mi2g.

Mi2g said 57,977 overt digital attacks have occurred so far in 2002, making it the worst year on record for such attacks. Of those attacks, 54 percent were directed at Windows, 30 percent at Linux, 6 percent at BSD, 5 percent at Solaris, 0.2 percent at SCO Unix, 0.05 percent at the Mac OS and 0.02 percent at Tru64. OS market share was a key factor in the number of attacks, the study said, noting that the Mac OS, for example, has only about 3 percent of the global desktop market share, reflecting its lower number of attacks.

Hacker attacks can be covert or overt, according to mi2g. Covert attacks aren't reported, validated or witnessed by a reliable third-party source, whereas overt attacks are public knowledge or known to an entity other than the attacker and the victims. Mi2g defines an overt digital attack as an incident in which a hacker has gained unauthorized access to an online system, modified any of its publicly visible components, and executed data attacks or command-and-control attacks.

For all of 2002, mi2g projected a total of 70,000 overt digital attacks, more than doubling the 31,322 such attacks last year. The security firm estimated that, by the end of 2002, the global economic damage inflicted by overt digital attacks will total $7.3 billion, compared with $7.7 billion in 2001.

In its study, mi2g used data collected via its Security Intelligence Products and Systems (SIPS) database. SIPS has information on more than 6,100 hacker groups and 101,000 overt digital attacks dating back to 1995, according to the company.