If you run Windows, then you should read this:

After Microsoft released an out-of-band update for a critical Windows vulnerability that allows hackers to execute a malicious Internet worm on users’ computers, security experts are strongly recommending that users apply patches immediately. Specifically, the remote execution vulnerability allows hackers to write worm code—malicious self-propagating code that doesn’t require any user interaction—by crafting a special RPC request. A successful attack would enable the hacker to take complete control of a victim’s computer, and ultimately steal sensitive financial information from their victims. In addition, once a user’s system is affected, the malicious code has the ability to rapidly self-propagate and infect every other unpatched computer in the network. …

Security experts maintain that the exploit code has actively been used in the wild, with exploits stemming from hackers who have already reverse-engineered the patch. …

Henry said that researchers detected malicious code designed to grab user credentials before encrypting them and sending them to a New Jersey-based server. Henry said that the malware has so far affected at least 3,600 users, but said that the number would likely increase significantly over the weekend.

Needless to say, there has never been a worm–not even in proof-of-concept form–that could affect Mac OS X. In the annals of OS X malware, three trojans is all I have counted, and only one of those in the wild with any real chance of having any effect at all on a Mac–and I haven’t heard of actual, real-world infections even from that one. And trojans are more about fooling the user than beating the computer’s security system.

In this case, we have not only a worm which is spreading widely, but one which can still bypass most anti-virus software; one can only be fully safe by downloading and installing a patch, something that many if not most Windows users don’t do.

According to the article:

The flaw, which affects almost every Windows operating system, is rated “critical” for many of the earlier versions of Windows, including Windows 2000, XP and Server 2003. However, the bug was given the less severe rating of “important” for Windows Vista and Server 2008.

I presume that this means that Vista users are vulnerable if, like most Vista users, they have disabled security in order to escape the unending, intrusive warnings and requests for confirmation that Vista subjects its users to. Maybe SP1 cured that (though I suspect not) and I’m wrong here–but an “important” rating means that Vista is still vulnerable.

Now, has the Mac had warnings of vulnerabilities before? Yes, but never has it suffered an onslaught as damaging and as serious as this. And this current attack is nothing new. When new vulnerabilities on the Mac have been found, users have so far not been affected by any of them–and the software update on Macs tends to allow protection to be applied quickly, just in case. See if you can find a vulnerability which allowed more than 3600 Macs to fall prey to a worm that can take over their computers. You can’t, because nothing like that has happened before, ever.

And yet, we are supposed to believe that Vista is “more secure” than Macs. Why? Because there are ways to count and parse “vulnerabilities” so that you can bean-count Vista into being “more secure.”

How about counting actual real-world, in-the-wild exploits that affect actual users’ computers?

Naw, can’t do that–it would make Windows seem less secure.