Mac's better than PC's for security? An analogy to possibly debunk.

Great Debates
41

Maybe, maybe not. If MacOS really is so much more secure, should we really assume it’ll never be a real competitor to Windows, especially now that it’ll be easy to run Windows apps on MacIntel with WINE?

If you get fed up with the crowds at a popular public beach and decide to go to a different, less popular one, that’s fine. But if you start telling your friends to go there too, and they see that it’s less crowded and start telling their friends, pretty soon you’ll all be right back where you started.

42

The way I see it is:

The land of Windows is a vast and rich land which is currently under attack… Defenses are there and Windows Land is currently in the state of war. Windows knows how to react and repel invaders. Unfortunatly there are many new imigrants who don’t know nor understand their civil duty to also defend the great nation of Windows. These new immigrants are very attractive to attackers and are easy prey.
Then we have the Isle of Mac, which has never known a war, and have only had a few small squirmishes, nothing really to speak of. It is a peacefull place, and people can relax.

So the choice is do you want to live in the land under attack but successfully defending against it, or in the land where no real attack has ever happened, but could.

MHO is that MACS are less secure then windows, and would be much slower to react to a full scale attack due to inexperence, but also a much less attractive target.

That said once a wide scale Mac attack is made I suspect the door to be opened to regular Mac Attacks.

43

Until you can buy a system preconfigured to boot both Mac OS and Windows (which you are never likely to be able to do), I doubt the new MacIntel boxes are going to change much. Some hobbyists will certainly get their Windows programs running, but I think the likes of WINE are beyond the ken of the average user.

With about a 3% installed base, it would take an almost Biblical upheaval to bring Macs even close to the ubiquity of Windows. Even if significantly more home users started switching to Mac, that would still leave the vast majority of businesses on Windows.

44

I’m going to strongly disagree with you here. If you read a history of the development of Unix, I don’t think you’re going to see the word “security”. Remember, the concepts of networking and even email weren’t around when Unix was being developed. Now there might have been specific instantiations of Unix from UCB or CMU that emphasized security, but those came much later. As near as I can tell, the goals of the Unix operating system were flexibility, simplicity and, despite what you said, ease of use, at least compared to the existing operating systems of the day. The whole notion of pipes and I/O redirection connecting small simple utility programs was revolutionary at the time and still is largely missing from Windows and Mac OS (unless you dig down to the Mac OS Unix core).

Now * VMS * was designed as a secure operating system because of its intended role in financial transaction and other high risk systems. But that’s neither here nor there.

As for why a Mac OS based on Unix is more secure than Windows (at least up until recently), it’s probably based on a few issues. Bearing in mind that I’m not an expert on the subject, Microsoft a few years back made some decisions without considering the consequences and enabled scripts and programs to be executed very easily from Mail and other applications. They were trying to make it easy to administer machines remotely, allow users to easily view and execute attachments, write powerful macros, and do a bunch of things that all would have been fine except for the presence of evil-doers in the world. As it turned out, it was pretty much like leaving the keys to a candy store under the mat and hoping no one would look there.
The Mac OS-X operating system requires an explicit password before running installers and doing “system stuff”. That alone reduces the amount of chaos that a virus can cause. I’d guess the kernel is more secure, benefitting from having a lot of eyes go over it over the years looking for exploits, but I don’t know that for sure.

45

As I’ve said before, MAC is makeup. It’s not that hard.

I haven’t run antivirus since I was running 6.0.7 on a Mac Classic with an 800K floppy drive, and it never found anything then, neither.

I’ll echo rjung theory above, that l33t haxxors would love to stick it to us uppity, overconfident Mac n00bs, if only so we’d quit talking so damn much about how we don’t have viruses.

Not if all your friends have “a friend at work” who says the emptier beach has no parking lot, you have to bring your own sand, and that if you take any pictures there, you have to go back to that beach to see them. All this despite that said friend had only been to that beach once, a long time ago (in 1960).

46

Man, I’m tempted to suggest a Dope hacking contest, but I’m afraid the mods wouldn’t appreciate it. :smiley:

47

MacSurfer posts headlines to any story submitted to them about Macs, whether the stories reflect well on Macs and Apple or not.

48

Security by design, whatever that is…

With Windows, the default user is Administrator. Complete access to everything. The *nix equivalent is a user called root.

Whether you’re root or administrator, you have full power to do anything on that computer. The programs you run also have full power. This includes anything you manage to click on and launch.

With OS X, the default user is just that, a user. The root user is disabled by default - you need to take a series of steps to enable the root account and access it. Compare that to probably 99% of home Windows PCs, where nobody bothers to create user-level user accounts and instead, run the PC full-time as Administrator.

49

You still have to check this, after running mandrake almost full time , I set up winXP pro , to run as a regular user , only to find out that the user account had admin permissions for everything, you have to create the user account ,and then turn almost everything off , just to get the same default user privileges in mandrake.

Declan

50

Oh, you mean the parts from luxury cars cost lest than parts from cheap ass economy cars?

51

Cite? Every credible analysis I’ve ever seen says the contrary, and this is part of my job.

52

"This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, [1] 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.

Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful. The Code Red worm that exploited a buffer overrun in an IIS service to gain control of the web servers infected some 300,000 servers, and the number of infections only stopped because the worm was deliberately written to stop spreading. Code Red.A had an even faster rate of infection, although it too self-terminated after three weeks. Another worm, IISWorm, had a limited impact only because the worm was badly written, not because IIS successfully protected itself.

Yes, worms for Apache have been known to exist, such as the Slapper worm. (Slapper actually exploited a known vulnerability in OpenSSL, not Apache). But Apache worms rarely make headlines because they have such a limited range of effect, and are easily eradicated. Target sites were already plugging the known OpenSSL hole. It was also trivially easy to clean and restore infected site with a few commands, and without as much as a reboot, thanks to the modular nature of Linux and UNIX.

Perhaps this is why, according to Netcraft, 47 of the top 50 web sites with the longest running uptime (times between reboots) run Apache. [2] None of the top 50 web sites runs Windows or Microsoft IIS. So if it is true that malicious hackers attack the most numerous software platforms, that raises the question as to why hackers are so successful at breaking into the most popular desktop software and operating system, infect 300,000 IIS servers, but are unable to do similar damage to the most popular web server and its operating systems?"

53

I posted too quick, that was from:

54

Here is an article from a security guy who switched to Macs because he’s tired of dealing with Windows’ security problems.

Corsaire, an IT consultant, has released a white paper which states that OS X is one of the most secure operating systems around in its default configuration and has many other security features that can make it even more secure.

Many of the security updates Apple puts out are preemptive fixes for theoretical exploits. Most of these risks are identified in-house though much of the core code for OS X is now openly available. Updates are released when they are finished, avoiding the monthly update gap for Windows that is often exploited by exploit writers.

On the other hand, Microsoft has ignored serious exploits for weeks or even months in some cases. See articles: here, here, here. . . this is only a sampling.

I was unable to find a web site I read about two or three years ago that was put up by a person who discovered an exploit in Windows XP. He was at first ignored by Microsoft and was later threatened with criminal prosecution when he chose to publish some general information about the exploit in an attempt to get Microsoft to actually do something about it.

In addition, statements like these from Microsoft’s security division head don’t do anything to make people feel good about trusting their OS. Admittedly, this was about four years ago, and there are, apparently, major changes in some XP programs that will plug at least some of the gaping gaps Windows seems to have. Gives people something to make them feel good while they are waiting for the reportedly vastly improved Longhorn to be released sometime next year.

Some things I’d also like to point out is that OS X usually tells you what it’s going to fix and why when it updates. Many applications do not use an installer, which means that they don’t strew files all over your system. When they do use an installer, it’s the OS X installer, which will not do anything to screw up the system, keeps a log of its activities, and requires an administrator password to run.

When I was setting up Windows XP for my girlfriend’s Athlon box (I couldn’t convince her to get a Mac; apparently The Sims 2 is a mission-critical application) I found it very disconcerting to have installers doing who-knows-what behind the scenes, often with no way to get a log of the installer’s activity. I had to trust that the application’s installer wouldn’t screw something up. Updates were also opaque. If you wanted to find out what was done and why, you’d have to look on the Microsoft website. Running Norton Internet Security has brought home in a visceral way just how often Windows tries to access network services in the background. At least once an hour we get an alert that some service wants to access the internet, despite the fact that in the interest of security I set up every option I could find to NOT contact anything external unless it was user-initiated. Without Norton, I wouldn’t have even known that my system was trying to contact the internet.

The more open attitude that Apple has is not only more friendly, it makes you more likely to cooperate. I think one reason people don’t update Windows is because they don’t have any idea how important it is to do so because Microsoft’s policy is to generally keep the user in the dark. “Just do it because we tell you to,” is an attitude that engages our inner teenager and results in many users giving the electronic middle finger to MS. This psychological component, the perception of Microsoft being untrustworthy and patronizing, is often ignored by people when they talk about computer security, but I think it should not be underestimated.

Mac users update frequently partly because they trust Apple to: 1) Not screw up their system with an update (although this has happened, rarely). 2) Let them know what is being changed and why. 3) Actually fix the things that are supposed to be fixed with the update. You also have more control over the update process, letting you dictate how intrusive the updater is and how involved you want to be in the update process. I’ve grown to loathe the little “pop” and tag window that comes up when Windows wants me to update. It annoys me in much the same way one of my co-workers does when she hovers at the edge of my personal space, hoping that I’ll notice her, instead of approaching normally and asking her damn question.

55

So open up the Automatic Updates control panel and turn it off.