Bill Gates has been taking some flak lately in the Apple circles for some comments he made on the state of security in Mac OS. He was being interviewed for Newsweek:
In many of the Vista reviews, even the positive ones, people note that some Vista features are already in the Mac operating system.
Bill Gates: You can go through and look at who showed any of these things first, if you care about the facts. If you just want to say, "Steve Jobs invented the world, and then the rest of us came along," that's fine. If you're interested, [Vista development chief] Jim Allchin will be glad to educate you feature by feature what the truth is. I mean, it's fascinating, maybe we shouldn't have showed so publicly the stuff we were doing, because we knew how long the new security base was going to take us to get done. Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine. So, yes, it took us longer, and they had what we were doing, user interface-wise. Let's be realistic, who came up with [the] file, edit, view, help [menu bar]? Do you want to go back to the original Mac and think about where those interface concepts came from?
OK so Bill Gates is basically saying because Microsoft invested so much in security for Windows Vista, Apple was able to copy interface features that Microsoft already developed and release them first, and as a result of that more vulnerabilities are being discovered on Mac OS than Windows.
At first I didn't buy the every single day thing and assumed he was exaggerating by quite a large degree. But after doing a bit of research I stumbled into this. They list a new vulnerability discovered on Mac OS every day, in many cases with code ready to exploit it. So Bill Gates wasn't far off the mark at all in his comments. Let's just quote a few examples:
1st of January:
A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution.
3rd of January:
A vulnerability in the handling of the HREFTrack field allows to perform cross-zone scripting, leading to potential remote arbitrary code execution.
5th of January:
A vulnerability in the handling of BOM files by DiskManagement/diskutil allows to set rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges.
The list just goes on and on, a new one for every day of the month. Microsoft has made the investment in security, and it shows with fewer and fewer exploits being discovered. The media which you can imagine would love to throw out something about security on the Vista launch had to resort to using speech recognition, apparently the fact it responds to voice commands is a "hole" because it can be used to delete documents by issuing a delete command. Right, that's the best you've got?
I'm confident in saying that Windows Vista in its first year will have fewer security vulnerabilities than any other client release of Windows of the past and doing even better than their best server release, Windows Server 2003 wouldn't surprise me at all.