Barney's Blog

Blog archive

Doug's Mailbag: Mac Attacks

Here's some thoughts on the state of security in Apple computers:

Macs and Windows have one thing in common: HUMANS. Humans make the OS and applications, and humans use them. Since we are still not perfect, there will be issues. Also, Doug, why do you hate on Microsoft so much? When it comes to security Microsoft has a much better track record than Apple, Adobe, Google, Sun, etc.

Macs are, in my opinion, more secure than Windows. Unix or Unix-like operating systems start with a more restrictive set of permissions for the average user than Windows. However, "more secure" doesn't mean they are secure. Any OS, be it Windows, Unix, Linux or Mac, is more vulnerable if standard security practices are not followed on a regular basis.

Being system agnostic in terms of support, but a Mac person in terms of personal purchases and preference, I take umbrage with the "decade behind" comment. I believe Macs are inherently more secure than Windows because of the Unix foundation, but simple popularity is the larger factor. With Apple's increasing popularity, it was only a matter of time until Mac users had to buy antivirus software. I don't think that day has arrived yet, but it may be as soon as some time this year.

I would add that there is probably a sizeable population of Macs that are not very secure, not because of what Apple has or has not done, but because of the flawed notion that if you just buy the right product, you won't have to do anything because it is a superior product. Security happens by the practices you follow day to day, and the processes you put in place. If you don't put any in place, then you're destined to discover the flaws of your assumptions sooner or later.

Share your thoughts with the editors of this newsletter! Write to Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 05/04/2012 at 1:19 PM

comments powered by Disqus

Reader Comments:

Fri, May 4, 2012 Tom

Well,,, I would have to respectfully disagree with those citing that Macs (or Unix for that matter) are inherently more secure. To start let's consider the facts as they stand today (not 10 years ago). Unix was developed in the '70s when security was less of a concern (and yes I know Unix has evolved), whereas Windows NT (basis for Windows today) was designed in the '90s with the intent on being secure. Remember that the guy who fathered the NT kernel was the same dude who fathered another secure OS: VMS (Dave Cutler). Now let's consider just a few minor points: a) Macs running OSX ship with the firewall off - unfortunate but true but that's not the fault of the OS, b) People generally run Windows as Administrator which introduces security issues - also unfortunate but here again not the fault of the OS, c) Since Vista, Windows has had the UAC which introduces two user tokens for all users and added security (even Admins) - not really the case with OSX although sudo kinda/sorta provides similiar functionality, d) Until Lion, OSX pretty much had no ASLR which has existed in Windows since Vista, e) permissions of OSX and Windows differ somewhat such as where Windows provides finer grained control, f) Since Vista, boot drivers require signing and if you're running x64 then all kernel mode drivers also do - very good thing, g) the registry (and I know a lot of people don't like it though I do) provides an awesome way to store config items and has excellent permissions structure on top of the actual files supporting the hives - compare this to directly writing to config files --continued below

Fri, May 4, 2012 Tom

Unfortunately historically the protection/coolness of the registry was mucked up by both developers (who wrote sw which touch areas of the reg they had no business touching) and users running as Admins (though this was also due to poor security consious devs who required their sw run as admin). Anyway point is there's a heck of a lot of security built into Windows. My intention is not to say one is more secure than the other (though I obviously have my opinion), or sit here and debate the finer points of the reasons Windows is hacked, but rather would like to say that Windows, by design, is inherently secure, very secure. However people (whether users or devs) will be people, and make choices which affect that inherent security, either positively or otherwise. The dev community is in large part responsible for the security issues since they've been traditionally lax on security. Whether it's app sw, server sw or drivers, every additional piece of sw has the potential of introducing weaknesses which can be exploited. Some will say 'well the OS should be designed to protect the user from bad sw', well,,, it is (everything above) but it comes down to choice and taking risk. Of course nothing is 100% and Windows has certainly had its share of growing up, but point is, it has and today it's one of the most secure OS' around. In any event the approaches of OSX/Unix and Windows are different, and so blanket statements like 'mines better than yours' are mostly unsubstantiated.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.