Platform wars are so 1990s.
OS X is derived from FreeBSD, including a number of security utilities and low level features incorporated from OpenBSD. OS X is also designed along the paradigm of only giving the user as much permissions to the system as needed to install or operate an application; no bare-assed monkeying with system registries and installing libraries inside of the OS, no open permissions or applications permitted to run with root/admin privileges. Need to install a large application with potentially exploitable access? It gets installed as a virtual disk and runs in a restricted environment. Yes, Mac OS X is inherently more secure than pre-Vista Windows by a large margin, as demonstrated by an almost complete lack of system-level attacks. This is not to say that OS X is flawlessly secure, either by design (although very strong and well tested) or by default configuration (which is actually too open and should be configured for more restrictive access) and of course applications like Office for Mac are still vulnerable to macro-type viruses. But a Mac running OS X it is inherently more secure than a Windows-based computer short of configuring the latter in a highly restrictive manner.
Stranger
Interesting replies so far. When I decided to buy a Mac I was only doing so on the advice of the office I.T guy who said because the Mac has such a small market share, most hackers don’t bother writing programs to exploit its vulnerabilities. I didn’t (and still don’t) know if that’s true but I figured it wouldn’t hurt to find out for myself. The reason I asked the question in the first place was because I was also told that there are no security programs for the Mac at all, ie antivirus or firewall. I figured this was the best place to ask because I would get honest answers rather than being made to feel like an idiot for asking like when I went into an Apple shop the other day.
Well, Norton is happy to sell you an antivirus program for the Mac (I really don’t think I’d recommend it though), but I think the firewall is built in.
Kinthalis, there are a couple of problems with your cite. One is that the report is over a year old, and links to other articles on the same site question Ou’s findings and find them to be flawed. I know of Ou mostly through his frequent mentions in the past on Daring Fireball, where he frequently earned a “jackass” soubriquet, awarded to people who show demonstrable bias in reporting, lack of critical thinking skills, and lack of evidence to back up their claims.
One problem with the old canard of “security through obscurity” is that it hasn’t actually been true for quite some time. They’re particularly strong in notebook sales. This picture is a prime example. Apple’s market share continues to increase while Windows decreases. Explorer is only used by 2/3 of users now.
Yes, that still makes Windows and Explorer the majority, but it also implies that if obscurity was the only thing protecting Macs, they’d be infected a heck of a lot more often than they are. Daring Fireball blogger John Gruber agrees that market share has an impact, but it’s not the whole story.
It’s certainly true that there are theoretical exploits for OS X that are discovered and patched fairly often, and it’s also true that no OS is entirely bulletproof. But so far no malware have successfully propogated in the wild to infect a significant number of machines, despite some attempts like the recent trojan in hacked copies of iLife. Apple does need to improve in finding and fixing security holes; sometimes they’re fixed in the main BSD branches long before they’re fixed on the OS X fork. They also shouldn’t get lazy and assume that a better conceptual design and privileges model, with the pre-hammered-on code from BSD is going to prevent all of their security problems.
There is a firewall built in to the last three versions of OS X, from x.3 to x.5. There are freeware enhanced firewalls available for Macs, many ported from the public fork of BSD. There are free open source versions of virus scanners too. I scan all my files once every couple of months with ClamXav. For the record, I’ve never found any infected files besides a single Word macro virus flagged a few years back.
Also for the record, I don’t use just Macs. I occasionally use the XP computer that’s techically my wife’s, and I maintain and administer most of the Windows computers in my family, mostly because I’m much more technically literate than they are. I spend vastly more time per computer maintaining the Windows ones than either of my two PowerBooks, which is part of the reason why my wife’s computer is going to be our last Windows box.
No one has yet directly addressed your questions, Professor Murder, so I’ll give some concrete recommendations. If you want a virus scanner, ClamXav that I linked to earlier is decent and free, and the installation is no more complicated than your average OS X install, unlike some other open source security projects.
You don’t seem like a techie, so all you probably need to know about the firewall is that it’s activated by default and has built-in rules for a moderate level of security. Tighter security would require more knowledge and tweaking on your part, and articles like this that go into the details are probably way more than you want to deal with. The shareware program Xupport includes an enhanced firewall under the “sharing” tab, along with access to many other hidden functions you’d normally need command line expertise to deal with.
If you absolutely need to monitor outgoing traffic, and can deal with a slightly annoying training period, download Little Snitch. You mentioned that you have an older Mac, which is why I linked to the pre-Leopard version. You’ll get Vista-like notifications for a while until you get past the training period. I’m not sure if you have to pay for the older version or not, but if I remember right, it’s about $20 for a license, which is probably worth it if you’re that concerned about security.
Professor Murder, I’m a techno-peasant and can’t comment with anything like the detail the other posters have provided. (In fact, I often post here for answers to software problems and get great responses, especially from Beowulff.)
However, I can tell you that I’ve used a Mac to surf the net since I got my imac in the fall of 1998. I’ve never used any virus protection, and have never had any problems. I’m now using a MacBook and love it.
Come on now, you just need to help Apple get to 16% market share, at which point it’ll become a viable target for the organized crime elements that are currently running amok on the Win32 platform.
Thanks Sleel for your in-depth answer, it 's helped resolve a lot of my worries about this. I am mainly planning to use the Mac for online banking and general web surfing that’s why I bought this one, the price was right. So far I’m pretty impressed with it. And thanks to everyone else for their posts. Northern Piper, glad to know you’ve not had any problems either.
Quoth Stranger on a Train:
Just to play devil’s advocate, here: It’s certainly true that Mac has some inherent security features which Windows lacks, but then, it could also be true (and probably is, on some level) that Windows has some inherent security features that Mac lacks. Yes, the particular security features that Mac has but Windows doesn’t are considered more significant (in numbers, severity, or both) than the other way around, but that could be at least in part because of the market-share difference.
Quoth Sleel:
I suspect that that’s a school that requires all students to have a laptop, and subsidizes or otherwise heavily encourages a particular model. Most lecture halls won’t have that many computers in them, of any type. But they are certainly gaining ground-- Probably about a third of the laptops I see here on campus as a whole are Macs, and well over half of the ones in the physics department.
Do we have to do a bullshit platform war every damned week? Can you all let it go, Mac and Win alike? Please?
You’re not assuming that people are arguing in favour of their favourite platform? I certainly haven’t been.
Besides, what did you really expect people to discuss in a thread about security on Apple computers?
Well, perhaps I’m being too hasty. Point taken.
Perhaps something different than last week’s mac/win virus platform war, redeaux?
I didn’t want to start a platform war. Myself, I have a windows laptop as well as the Mac, until last friday though I had never used a Mac at all. Hence the question about security. In fact I have only just downloaded Opera for Mac because it came with an old version of Safari and IE and it won’t let me update them.
Well, it seems that after checking the system preferences settings, the firewall was turned off, had been since i got it on friday. Anybody know if this could be a problem?
Yes.
It’s no problem.
Not to get into the debate, but this is like saying straight people are more secure from HIV, because if it were true, we’d see straight people being infected all over in the United States. But we don’t see heterosexual AIDS in the West, why not? Are straight people somehow safer just because they haven’t got it yet? No we don’t see HIV in the straight community in the West, because the virus never got a foothold in the heterosexual community and if it does get transmitted, it’s known and stopped quickly before the heterosexual person spreads it again.
The fact is no one wants to write viruses for Macs because there is no point to it. Long gone are the days when O/S were so unsecure that a college age teen could hack them. Windows and Macs have had 10+ years to develope stragedies to counteract this.
People want to write viruses that DO something, like mass emails, because it’s too large of an investment to do just as a joke. And if you write a virus for a mac and it gets out, it’s known and stopped quickly since Macs aren’t used widely in the business world, it won’t spread. A virus can spread in a matter of hours across windows. Macs are used more for personal use so the network connections make them harder to spread so the virus is stopped.
So are you gonna write a virus, waste a year of your life (or more) and have it infect one or two computers on a mac?
(Statistics in Africa are too unreliable to use, since they diagnose HIV on symptoms not testing in almost all places, so the HIV epidemic is not the same in the West)
I’ve been working professionally with Microsoft’s products for ten years now, as a systems administrator, and the anti “M$” rants admittedly gets on me, because it’s just so much bull no doper minded person could stand it.
Now, this thread is different. Very interesting. Thanks especially to Stranger, Steel, Chronos and Markxx. One seldom reads such good posts in threads like these.
I myself have this Windows XP installation from 2002, which I’ve used everyday for all sorts of things, and it have worked like a charm ever since with built in firewall and free anti-virus software. But now I’m considering buying a new computer, but I haven’t made my mind up yet, whether I should go for Windows, Mac, or Linux. Posts like some of the above are helpful.
(Sorry for being pointless in General Questions, on my part.)
That would be an excellent argument, if it weren’t for the fact that, first, we do see heterosexual AIDS in the US, and second, homosexual males do indeed, on average, engage in behaviours which are riskier in terms of AIDS than do heterosexuals (or at least did, until recently: Awareness efforts may have changed that).
Most virus writers don’t spend a year of their life writing a virus; they spend about a half-hour modifying some pre-existing virus to do what they want. And the few truly new viruses are generally produced by people who do so as a hobby in their spare time, with the commercial exploitation not coming until later.
Markxxx, you really, really need to research those statements before you post.
Check it:
11% of US men living with AIDS picked it up from women.
65% of US women living with AIDS picked it up from men.
If a Mac worm [you’re talking worms up there, not viruses] with the efficiency of Sasser [2] came out, I assure you that it would cripple substantial elements of the Mac community in hours. A worm that finds an “ineligible” host quickly switches to the next randomly-chosen target. These things spread at a wicked pace, and there are PLENTY of Macs nowadays with always-on network connections.
[2]
Just to back you up on this: I read a couple of George’s articles and lengthy back and forth’s between him and posters in the comments section, and I was truly stunned at George’s lack of understanding of basic computing concepts. He was very willing to argue adamantly about topics he clearly did not understand and defend a point of view contradicted by the facts. The first time I thought it was some internet poster that just didn’t understand the issue being discussed, then I noticed he was the author of the article.
Based on what I observed, George Ou is not a credible cite.