Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity
    • PC Hardware

    Why Is the Mac OS More Secure than Windows?

    By
    David Morgenstern
    -
    June 1, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Certainly, we can all agree that Mac users hate Windows. On the other hand, most Windows users hate the Macintosh and, moreover, Mac users. And those Mac ads.

      One thing that really pushes the buttons of Windows users is how Mac users describe the relative security for each platform. What PC users hear in the exchange is that the Mac is invulnerable to attacks.

      Of course, this idea is false, and any right-thinking Mac user would admit that any computer can be attacked. Or almost any computer.

      “My CPM computer hasnt been attacked once—because its not connected to the Net,” joked Ron Hipschman, senior media specialist at San Franciscos Exploratorium science museum. He manages a number of clients and servers of different platforms, including Sun Solaris, Windows and Macintosh.

      “Its hard to write a system that cant be exploited, he said. “Leaving it disconnected from the Internet will do it, and sealing the CD drive, floppy and thumb drive [ports] will keep you virus-free.”

      In one of the hated Apple ads, the sneezing PC guy (the hilarious John Hodgman) comes over to the Mac guy and tells him that he has a virus thats going around. “Dont be a hero,” Hodgman warns.

      The Mac guy isnt worried. He doesnt get viruses. Well, really he says that hes not going to get one of the Windows viruses, which is perfectly correct.

      Still, no matter how much you might consider this comparison an unfair shot, it is real. The Mac is a better platform when it comes to security and malware attacks.

      Ive used Macs since 1984, and Ive been infected by some malware twice. Two times.

      One was in 1989 on a diskette distributed at a Macworld Expo with a HyperCard stack of naughty drawings (it was infected at the company). And the other was an infection by a cross-platform Office macro virus perhaps 10 years ago. The person sending me the file was a Windows user.

      Take a look at the exploits actually seen in the wild on the Wild List. In March, the group recorded 766 different viruses, with a supplemental group bringing the total to 1,709 titles. None are on the Mac.

      A search through security vendor F-Secures Virus Description Database for the word “Macintosh” brings up 24 total hits. Most of them are MS Word macro viruses, and five were hoax reports.

      /zimages/3/28571.gifSymantec says Mac OS X is running with an outdated and vulnerable version of the open-source file and print program Samba. Click here to read more.

      So based on these figures, it would take a lot of attacks to make a dent in the Macs good name and challenge the current record on the PC side.

      However, by my reckoning of the installed bases for each platform, there should be many more exploits for the Mac. Depending on how you calculate the number—2, 3, 5 or whatever percent—shouldnt there be that corresponding percentage of viruses on the Mac in these lists?

      A side note: Some folks estimate the number of Mac users—ones who actually buy things or read content on the Web—is a greater figure than we would find by looking at pure sales or when looking at the entire PC installed base. Mostly, this means that theres evidence that Mac users are undercounted.

      For example, in a previous column I pointed to a chart on Scripting News that listed the sites readers by browser. Firefox was the largest (49.76 percent), and Internet Explorer came in second (23.43 percent). However, Mac-only browsers Safari and Camino were next in line (21.31 and a guesstimate of 2 percent, respectively). And some part of the Firefox figures must have been Mac users as well.

      Whatever the number, bigger or smaller, the sum of Mac attacks is statistically nil when compared with the PC market. There just arent many attacks, now or in the past.

      Also, its not as if Mac users are hiding off the Web. They are exposed in the same way Windows users are.

      Worse, Mac users are very naive when it comes to security. Most dont run any virus software, except for the firewall that comes built into Mac OS X. Most users rely on Apple to update their security, something that happens very often nowadays.

      So, whats the reason for this difference in exploits? Why arent there more Mac attacks? And why have researchers been finding more Mac holes?

      Next Page: Yes, Macs are more secure.

      Macs are More Secure

      Perhaps the reason for the discovery of more exploits for Mac OS X isnt as much a reflection of Apples quality of programming engineering (or its lack), but rather the fact that automated security tools have improved. Security blogger Ryan Naraine told me that instead of poring over code into the early hours, security researchers now can let tools run overnight and check in the morning for a new crop of likely holes.

      He also suggested that security researchers are turning toward investigating Apple more now that the company has popular Windows programs such as iTunes and QuickTime for Java.

      However, credit must go to Apple, according to wireless security blogger Glenn Fleishman, based in Seattle. He pointed to the companys reaction to Januarys Month of Apple Bugs Project as an example of how serious the company is about patching the exploits promptly.

      “The prediction beforehand was that Apple would be all pissy about it and it would take a long time to fix the bugs and that they would ignore it. Instead, [Apple] kept coming out with patch after patch and in a nice touch credited [the Project].”

      Both Fleishman and Hipschman said that while bugs are constantly being uncovered, Mac OS X appears harder to exploit than Windows.

      Hipschman said Apple has turned off a lot of services in OS X that make Windows vulnerable, especially in Windows XP. One example he noted was that Apple offers users an opportunity during installation to enter an administrator password, rather than defaulting to admin user status without a password.

      Fleishman said that while there have been exploits demonstrated on the Mac, many are very difficult to accomplish out in the wild.

      “No one has come up with a good vector to spread infection on the Mac; thats what stymies people,” he said. “Even if you came up with the worlds best Wi-Fi exploit drive around the city, and actually take ownership of 100 Macs, even then, with root-level access on a Mac, you cant just deploy [an exploit] exponentially or even arithmetically. You cant even add one more,” he said.

      Also, Fleishman noted that Apple Mail has proved difficult for malware authors to exploit for payloads.

      Most of the concern in the Mac community is over data in transit and wireless security, he said. “Its all really marginal stuff.”

      In addition, Fleishman wondered about reports of successful Mac zombie attacks in the past year.

      “I believe [the zombie attacks] have happened, and I wouldnt be surprised if some Macs were owned and turned into zombies. But how many worldwide? Was it 100 [machines]? Compare that to the numbers for PCs,” he said.

      Finally, I believe theres another reason for the Macs amazing security record, beyond the technical and beyond any protection afforded by its supposed market “obscurity.”

      The protection is cultural. Its that legendary “strong” installed base of loyal users.

      As I said before, Mac users love the Mac. Most dont want to do something that will harm the platform. That loyalty includes programmers. So they avoid attacking other Mac users and stick to Windows. Thats an easier and more successful target anyway.

      Will there be unfortunate attacks? Of course—its the world we live in.

      Consider this: The Mac is the most homogeneous computing platform in the world. That should make it the most vulnerable. Instead, it has the strongest real-world record when it comes to exploits.

      Surely, that record will continue.

      What do you think? Does the Mac record impress, or is it all a distortion? Let us know here.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      David Morgenstern
      David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.He can be reached here.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×