The operating system update lottery

+1

Lauren- your first paragraph is apt as regards apps in the Apple operating service . New data from a business security communications company put out for the business community in regards to apps on all systems puts Apple OS as the worse system for vulnerabilities at= 384 (mac Os X + its smaller derivative ) Flash Player dropped to third = 314 . I have the full list if anybody is interested.

There are several issues with that list of Common Vulnerabilities and Exposures (CVEs). The first is that the survey makes no distinction between severity of vulnerabilities in the list. A low-risk vulnerability (for example, something that can only be exploited by an authenticated local user with administrative privilege) is not the same as a remote code execution bug that’s easily exploited.

Second – and this applies to all platforms – many security bugs are cross-platform. A good example is libpng, which is everywhere from browsers to smart-watches. It may have had only had four advisories in 2015, but that will have drawn patches from a lot of other vendors.

Third: CVE Details seems arbitrary in its assignment of CVE to project. Hence, for example, a bunch of LibreOffice/OpenOffice bugs are counted as Debian CVEs, as are some Oracle MySQL bugs.

Fourth: CVEs only count reported vulnerabilities. They don’t count anything that’s being hoarded, whether by security agencies or by black-hats, for example. And there’s nothing good to come out of turning CVEs into some kind of marketing scorecard.

As everyone’s favourite infosec account put it:

As this chart (rather than the list favoured by most outlets) shows, Microsoft and Adobe both out-CVEd Apple for vulnerabilities “by vendor” across CVE Details’ Top 50.

Even that’s a problematic count. For example, by restricting the summary to CVEs in the Top 50 list, the summary is very kind to Cisco. Its IOS only racked up 84 vulnerabilities, but across all products, The Borg had a very busy 2015, recording 488 CVEs.

In short, as the Register put it “This Meaningless league table sparks silly schadenfreude”

With thanks to the Register.

Thank you for your explanation, Lauren, but when you say “With regards to the processor speed, I raised your question with Jess who explained that we re-ran the industry standard speed tests to see what impact the update had my concern was with the wording used in the article, which was clearly incorrect. I appreciate that the Independent Laboratory which ran the tests did not check processor speed. Had they done so, they would have noted it remained constant. What they checked was something very different: it was how the update affected the overall speed of the device to perform what the laboratory describes as “industry standard” tasks.

This may not seem important to many, but I believe words and their meanings are extremely important. There ought to have been no mention whatsoever about “processor speed”, since it’s almost impossible to check without dismantling the device and extracting the CPU. What they (and you) checked was how quickly the device performed on the same tasks prior to and immediately after an update. And it would have been much simpler (and far more honest) to say that.

And herein lies another problem. Since neither you nor they can be sure exactly what the update changed you cannot be sure any change was due to the installation of extra bits – such as the Apple Watch. You might think ‘common sense’ says it must be the update, yet ‘common sense’ suggests the sun moves round the Earth.

On the new features aspect, that, again, is no simple thing. And there are good reasons why it isn’t. Making software and computers is a highly competitive business, although only Apple does both. However, all software companies have to design their products to stay ahead of the game and, on the internet side of things in particular, changes are needed to deal with the varying design standards used by the browsers. That alone can slow your device down, but as processor speeds continue to increase browsers and software authors continue to design more features into their work. It’s a never-ending game of catchup. Consumers should not be led into believing that anything else is possible.

I do agree that cosmetic updates should be optional, but here’s another question: what, exactly, qualifies as ‘cosmetic’? Software’s appearance through its GUI is now largely indistinguishable from its function. How then is the consumer able to differentiate?

But the language and terminology must be more accurate. Which? used to enjoy an enviable reputation for accuracy and impartiality but dubious reviewing of this nature can only do a lot of harm to a hard earned standing.

I dont know why I got Ian,s above post emailed to me as it is 6 days old nevertheless I am always up for a challenge . As regards the processor speeds being difficult to access or should I say the basic C PU speed ,yes Apple make it very difficult to find out the type of processor fitted . But Apple /Windows/Android all use the ARM processor , the latest info (and that is about 2 years old ) is that they are dual core -some 4 core with a basic speed of 1.8 G ,for those wanting info about their processor a Japanese tech engineer has provided a download of -CPU identifier especially for mobile phones ,you install the app and it checks out your CPU . Knowing the basic speed and cores etc does help in generating a scale of performance of a mobile phone . Its a pity they are not like Intel and AMD in computers I have a full list of speeds of all their CPU,s and that is used to judge performance in every PC tech site I visit . Having said that yes , Windows for example due to “updates ” can slow the fastest gaming PC down to a crawl if they are faulty or if MS dont like your installed apps or ANY other reason that stops their ability to extract every bit of you use on your computer . Without any updates logging onto Windows 7 is fast for me ( but I rarely use it only LInux which is up in 12 secs and that includes hitting the = click on boot from LInux window . With updates installed Windows is much slower ,as it phones home all your info on power up and doesnt like me having apps it doesnt approve of.

+1

If a new program is produced that is radically different, then obviously you pay. If, however, the company is simply ensuring it works with the new OS, then no; it’s free.

There’s plenty of freeware for Macs but the Hardware is Apple designed, Apple built and therefore Apple compatible in every aspect. It might be perceived as pricier, but considering what you get with every Mac it’s almost a bargain.

I’m sure that we can all agree on the need for updates to maintain online security, but I doubt it would be practical to have these alone because they could be addressing a problem with the operating system.

I was vaguely aware of the Apple Watch app and see that I have put it in a folder with unused stuff like Game Centre. It would be good to be able to choose what does get downloaded or even to delete what we don’t want.

Most proper PCs give you a choice of which updates you download and use. I think the issue lies more with so-called smartphones where life is made easy for dumb users by defaulting to the installation of all available updates.

I think you’re right. With Apple computers you can select and delete stuff that’s unnecessary.

Very good point wavechange -addressing a problem with the operating system =Windows in spades – the very act of allowing “back-doors ” so they have total control over their closed operating system allows hackers et al to get in . Your logic is right you should be able to choose what to download or delete ,try that in Win 10 Home ,no chance . I could run through all those systems pointing out security flaws but it would take a web-page to do it . Do you know most anti-virus apps in all systems are insecure they actually help hackers take control of your computer etc because they have such a high level of overall control . You would be surprised at the well known names that can be hacked . The best anti virus for LInux –?? NO anti-virus and dont install Wine .

I agree: Wine is for drinking, especially at Christmas time 🙂

Thanks for that Derek I get too serious at times and your comment makes me realise it.

Tish-Your device is either corrupted by the “update ” download or you have a virus of some sort . Thats how CPU,s work be it in a computer or a mobile device they slow down ,wont open apps ,block access to programs ,stop the basic process for actuating the opening of an app etc . You have 2 choices # 1 – re-install the operating system or # 2- taking up Apple,s offer of a refurbished replacement which in Law is all they need to go to. A restore doesnt always mean a complete re-installation so it depends on what lengths your Apple store went to (probably the easy way ) meaning data held in your device is kept . I take it Apple told you there were no viruses ? but the latest ones cant be scanned in many systems .

Tish, sorry to hear about the issues with the iPad Mini. The iPad ought not to have behaved the way you describe, and the only crumb of comfort I can offer is that it won’t have been a virus. But I have encountered something similar before.

Apple’s offer of a refurbished iPad mini for your two year-old mini is excellent: the refurbs are often brand new, having been items returned to Apple immediately after purchase for a variety of reasons, so I would take that offer. The problem with your mini could be several things but a newer model would definitely be the way to go.

David -you have put the business communication industries points over very well , but that still doesnt let them off the hook by saying a system is ” Free ” when in actual fact MS has admitted (after a lot of criticism ) that Windows 10 has a life cycle which is limited by your ability in the future to pay for “upgrades ” , that to me ,fighting for less”gobble-g**k ” language and more open down to earth business practices is not kosher . Saying =the public should be wise — is being patronising to those not able (for various reasons ) to see through lies.

Greg -your last sentence -try doing that in Win 10 and even worse going to MS,s website holding out your begging bowl and asking -Please ! revert me back to the old system ,even this version is now being stopped /hindered although you have short time to revert back you lose stored data/facilities . Samsung is the most popular mobile in the US (2015 figures ) would you buy a -no our screens never crack -Sony ?

Wavechange if her MacBook has a -1.1 core duo processor or better you can install it ,Snow Leopard was made obsolete in July 2011 , is her model a 2006 version Mac or later ? Help has been withdrawn for Snow Leopard or are you asking about the actual installation ? Could you give me the model number of the MacBook or do you know its spec?

Snow Leopard was never made ‘obsolete’, Duncan; it was merely superseded.
Wavechange: you can download OSX upgrades to bring it up to El Capitan comparatively easily – I had to do it on one of my machines relatively recently. I will track down the relative links for you but it’s not a huge task. The usual issue with this sort of thing is, as Duncan suggests, the type of processor used on the Mac. All unibody models (from early 2008) use Intel processors, so there shouldn’t be an issue.

If she has an Apple ID and has ever bought from the App stopre then she will have all the available upgrades in the store. They will be under ‘purchased’.

Thanks both. The identifier is Macbook5.1 and it has an Inter Core 2 Duo processor and 2 GM RAM. I forgot to mention the key information that I don’t have the Apple ID. It took long enough for the owner to discover the password needed to log into the machine. The problem is that the chap has recently become almost blind and is unable to help his wife sort out her computer.

It’s the first one you mention, Duncan and the owner said it dated from 2008/9. I might ask the owner to register it so we have an Apple ID. It turns out that they have a friend who used to run the Apple authorised repair workshop, so I’m not sure why I’m involved.

If he’s an Apple-authorised technician then he’s worth his weight in gold. The 2008 – onwards laptops are easily upgradable, but they obviously won’t run as quickly as the newer models.

The guy is director of a small company with a few employees. Although they still do Mac repairs he told me that it was too expensive to continue as an authorised repairer. His company is based on a trading estate and another company opened a smart store in the city centre, charging a lot more for servicing and upgrades from the quotes I have seen.

I have downloaded a later version of OS X from the App Store and will get the owner to register for her own Apple ID. The MacBook seems to have only been used for email and web surfing. What a waste.

“The MacBook seems to have only been used for email and web surfing. What a waste.”

I think that is what very many users now need home computers for.

I guess Google realise this too – hence they sell Chromebooks.

And possibly why tablets have enjoyed good sales.