Apple's increasing market share and the company's recent decision to build its systems around Intel Corp. chips have drawn increased hacker attention to its system, Skodis said. Similarly, Apple's recent introduction of Boot Camp, which allows Intel-based Macs to run Windows XP, has also raised its risk profile, Skodis said. Though Windows XP runs in a separate partition on the Mac hard drive, it's only a matter of time before malicious code becomes available that is capable of jumping over the two partitions on the hard drive, Skodis said. "It wouldn't be hard to do," he said.

At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services such as Internet Information Server, mail services and NetBIOS, Sarwate said. But that decline has been offset by a sharp increase in client-side flaws, including the Windows Metafile flaw (WMF) and Internet Explorer (IE) vulnerabilities, Sarwate said.

In fact, the emergence of several zero-days flaws in IE -- including one that is currently unpatched -- poses a major security risk for Windows users, said Rohit Dhamankar, manager of security research at the TippingPoint division of 3Com Corp.

Increasingly, zero-day flaws on Microsoft Corp. client systems are being used to install adware, spyware and other kinds of malicious code on end-user systems, he said. As a result, he said it may be time to rename IE "to 'Internet Exploiter,' because the chances of you being exploited using IE are much higher" these days, said Dhamanker, who is also the editor of the SANS Top 20 report.

The SANS study also showed that while Firefox continues to be a somewhat safer Web browser than IE, it is no panacea. According to SANS, users of Firefox and Mozilla have had to patch 11 vulnerabilities that can be exploited by a malicious Web page to run code over the past six months, in addition to several other critical vulnerabilities.