Macs are More Secure

 
 
By David Morgenstern  |  Posted 2007-06-01
 
 
 

Why Is the Mac OS More Secure than Windows?


Certainly, we can all agree that Mac users hate Windows. On the other hand, most Windows users hate the Macintosh and, moreover, Mac users. And those Mac ads.

One thing that really pushes the buttons of Windows users is how Mac users describe the relative security for each platform. What PC users hear in the exchange is that the Mac is invulnerable to attacks.

Of course, this idea is false, and any right-thinking Mac user would admit that any computer can be attacked. Or almost any computer.

"My CPM computer hasnt been attacked once—because its not connected to the Net," joked Ron Hipschman, senior media specialist at San Franciscos Exploratorium science museum. He manages a number of clients and servers of different platforms, including Sun Solaris, Windows and Macintosh.

"Its hard to write a system that cant be exploited, he said. "Leaving it disconnected from the Internet will do it, and sealing the CD drive, floppy and thumb drive [ports] will keep you virus-free."

In one of the hated Apple ads, the sneezing PC guy (the hilarious John Hodgman) comes over to the Mac guy and tells him that he has a virus thats going around. "Dont be a hero," Hodgman warns.

The Mac guy isnt worried. He doesnt get viruses. Well, really he says that hes not going to get one of the Windows viruses, which is perfectly correct.

Still, no matter how much you might consider this comparison an unfair shot, it is real. The Mac is a better platform when it comes to security and malware attacks.

Ive used Macs since 1984, and Ive been infected by some malware twice. Two times.

One was in 1989 on a diskette distributed at a Macworld Expo with a HyperCard stack of naughty drawings (it was infected at the company). And the other was an infection by a cross-platform Office macro virus perhaps 10 years ago. The person sending me the file was a Windows user.

Take a look at the exploits actually seen in the wild on the Wild List. In March, the group recorded 766 different viruses, with a supplemental group bringing the total to 1,709 titles. None are on the Mac.

A search through security vendor F-Secures Virus Description Database for the word "Macintosh" brings up 24 total hits. Most of them are MS Word macro viruses, and five were hoax reports.

Symantec says Mac OS X is running with an outdated and vulnerable version of the open-source file and print program Samba. Click here to read more.

So based on these figures, it would take a lot of attacks to make a dent in the Macs good name and challenge the current record on the PC side.

However, by my reckoning of the installed bases for each platform, there should be many more exploits for the Mac. Depending on how you calculate the number—2, 3, 5 or whatever percent—shouldnt there be that corresponding percentage of viruses on the Mac in these lists?

A side note: Some folks estimate the number of Mac users—ones who actually buy things or read content on the Web—is a greater figure than we would find by looking at pure sales or when looking at the entire PC installed base. Mostly, this means that theres evidence that Mac users are undercounted.

For example, in a previous column I pointed to a chart on Scripting News that listed the sites readers by browser. Firefox was the largest (49.76 percent), and Internet Explorer came in second (23.43 percent). However, Mac-only browsers Safari and Camino were next in line (21.31 and a guesstimate of 2 percent, respectively). And some part of the Firefox figures must have been Mac users as well.

Whatever the number, bigger or smaller, the sum of Mac attacks is statistically nil when compared with the PC market. There just arent many attacks, now or in the past.

Also, its not as if Mac users are hiding off the Web. They are exposed in the same way Windows users are.

Worse, Mac users are very naive when it comes to security. Most dont run any virus software, except for the firewall that comes built into Mac OS X. Most users rely on Apple to update their security, something that happens very often nowadays.

So, whats the reason for this difference in exploits? Why arent there more Mac attacks? And why have researchers been finding more Mac holes?

Next Page: Yes, Macs are more secure.

Macs are More Secure


Perhaps the reason for the discovery of more exploits for Mac OS X isnt as much a reflection of Apples quality of programming engineering (or its lack), but rather the fact that automated security tools have improved. Security blogger Ryan Naraine told me that instead of poring over code into the early hours, security researchers now can let tools run overnight and check in the morning for a new crop of likely holes.

He also suggested that security researchers are turning toward investigating Apple more now that the company has popular Windows programs such as iTunes and QuickTime for Java.

However, credit must go to Apple, according to wireless security blogger Glenn Fleishman, based in Seattle. He pointed to the companys reaction to Januarys Month of Apple Bugs Project as an example of how serious the company is about patching the exploits promptly.

"The prediction beforehand was that Apple would be all pissy about it and it would take a long time to fix the bugs and that they would ignore it. Instead, [Apple] kept coming out with patch after patch and in a nice touch credited [the Project]."

Both Fleishman and Hipschman said that while bugs are constantly being uncovered, Mac OS X appears harder to exploit than Windows.

Hipschman said Apple has turned off a lot of services in OS X that make Windows vulnerable, especially in Windows XP. One example he noted was that Apple offers users an opportunity during installation to enter an administrator password, rather than defaulting to admin user status without a password.

Fleishman said that while there have been exploits demonstrated on the Mac, many are very difficult to accomplish out in the wild.

"No one has come up with a good vector to spread infection on the Mac; thats what stymies people," he said. "Even if you came up with the worlds best Wi-Fi exploit drive around the city, and actually take ownership of 100 Macs, even then, with root-level access on a Mac, you cant just deploy [an exploit] exponentially or even arithmetically. You cant even add one more," he said.

Also, Fleishman noted that Apple Mail has proved difficult for malware authors to exploit for payloads.

Most of the concern in the Mac community is over data in transit and wireless security, he said. "Its all really marginal stuff."

In addition, Fleishman wondered about reports of successful Mac zombie attacks in the past year.

"I believe [the zombie attacks] have happened, and I wouldnt be surprised if some Macs were owned and turned into zombies. But how many worldwide? Was it 100 [machines]? Compare that to the numbers for PCs," he said.

Finally, I believe theres another reason for the Macs amazing security record, beyond the technical and beyond any protection afforded by its supposed market "obscurity."

The protection is cultural. Its that legendary "strong" installed base of loyal users.

As I said before, Mac users love the Mac. Most dont want to do something that will harm the platform. That loyalty includes programmers. So they avoid attacking other Mac users and stick to Windows. Thats an easier and more successful target anyway.

Will there be unfortunate attacks? Of course—its the world we live in.

Consider this: The Mac is the most homogeneous computing platform in the world. That should make it the most vulnerable. Instead, it has the strongest real-world record when it comes to exploits.

Surely, that record will continue.

What do you think? Does the Mac record impress, or is it all a distortion? Let us know here.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Rocket Fuel