Anyway, George Ou writes on zdnet.com an article comparing the amount of vulnerabilities for XP, Vista, and OSX. At first glance we look at this column comparison and say "holy crap, osx had a hell of alot more vulnerabilities than Vista or XP combined!"
True. Now, in my usual Microsoft punditry and OSX defender stance, let me point out the less obvious in these three operating systems.
1) OSX hasn't had to deal with a bunch of hackers before, now that it's being increasingly targeted, especially Quicktime, Apple is dealing with it.
2) XP and Vista are closed platforms. Apple, save for their internal binaries, is pretty much open. You can see how it all works.
3) and probably the most critical, OSX is built, and contains a TON of open source software. Cups, apache, pcre, mysql, the list goes on and on and on.
So not only does Apple have to patch their own stuff, but they have to wait for the open source community to patch, then get the communities patch, tie it into their products, test test test test and test, then release their own patch. Makes sense so far right? OSX Server even contains software owned by my company. Sourcefire. OSX Server contains ClamAV.
Are there more vulnerabilities in OSX then there are in Windows? Yes. But you are comparing apples (no pun intended, okay, well, slightly) and oranges. Windows has 94% marketshare! Just one vulnerability for Windows has the potential to cause alot more damage than 30 vulnerabilities for OSX.
Then you have to look at the security models of the two. OSX, most everything runs in "userland". Whereas in Windows, applications and services run at alot of different permissions, system, admin, user, etc...
One thing I don't like about Leopard is the same thing I didn't like about Tiger. The firewall. There is no "DENY ALL". There is a "Deny all, um.. except stuff that will break osx". Which is fine, as long as there aren't any vulnerabilities in things like mDNSResponder. (port 5353) But, there have been remote vulns in mDNSResponder! The other thing I don't like about the Leopard firewall? It's OFF by default. Granted, there is only one port open by default in OSX (5353), as opposed to Windows where there are at least 3.
So, yes, OSX has more vulnerabilities then Windows, but does it matter?
UPDATE: From the comments: iamnowonmai says "I would like to see a list of all the vulnerabilities in Xthe third-party software that people commonly use on XP. Since Acrobat is not a part of the OS, it doesn't count? Or Word? Outlook? And at least the third-party software gets updated on a Mac. How many fools are out there still using Acrobat version 4?"
Brings up a good point. Windows doesn't have to patch all the "other" software that is on it's system. Apple does. Apple includes alot of software to make their user experience better and more seamless. Windows relies on 3rd party developers for this. Say what you will, but these are things you need to take into thought when you read this article.