Apple is patching more than Microsoft, or is it the other way around? That must mean one has a better OS than the other, right? This whole argument is flawed.

How many patches are for things that can actually be exploited.

Web Servers for example, IIS on Windows, and Apache on OS X, aren’t enabled by default. Patching them doesn’t make them any safer; they’re not even running.

It amazes me how no one ever seems to count the things that count. “They” just count everything and argue over who’s doing more good.

The question should not be “how many things could need a patch?” but rather, “how many things DO need a patch?”

For example, lets say we have our own OS #1 and that it’s always installed with the exact same settings. Let’s also say 1% of our users enable the built in Web Server, but 2% install a web server themselves.

When an exploit of the web server is found, that only puts 3% of our users at risk. When we release a patch, which would only protect 1% of our users, it leaves 2% to protect themselves.

Then there’s our other software like our Word Processing program. 50% of our users have that installed. And when they receive an attachment in email, that program is opened automatically. When an exploit for it is found, that affects the whole 50%. But when we release a patch, it protects the whole 50% of our users.

However, 75% of our users have installed someone else’s software for opening audio files. They don’t even know patches are available unless they open the program. That audio program also automatically opens when they receive an email with the audio attachment. Most of the time they don’t bother updating that program because it only tells them about the update when they want to be using the program.

So what really counts? Sure patches make a difference. But that difference is very misrepresented.

Things that could make a real difference include protected memory, and sandboxing. If that media player software can only read and write it’s own media files, then it’s not a threat to your corporate secrets and overall stability of your system. It’s still a threat (you could loose data in your home videos, or purchased music videos, or feature length movies), but it hardly compares to a program being able to install a root kit to take over your whole system and send all your personal data to some internet locations around the world, then completely format your drive to remove any trace of itself (and all your data with it).

As an IT Consultant, I recommend Windows, Unix, and OS X where they make sense. Increasingly OS X is the best choice for ease of use, performance, and real “Under the hood” security that actually works. Initial cost usually is a small portion of TCO, and with costs being so similar, Macs just make more sense (and cents).

Sadly, it’s a hard argument to make for the simple fact that those who hire me don’t understand the technology, and they always want to make the least amount of change possible.

Wm