News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Preston Gralla's picture
Preston Gralla

Seeing Through Windows

More posts | Read bio

April 1, 2008 - 11:17 A.M.

Why Windows is safer than the Mac

105 comments

Mac users have long gloated that the Mac OS is safer than Windows. The gloating should stop: There's plenty of recent evidence that Vista is, in fact, a safer operating system than Mac OS X.

The most public piece of evidence is the recent "Pwn to Own" challenge, in which security pros were issued the challenge of trying to break into three laptops, a Mac, a PC laptop running Vista SP1, and a laptop running Ubuntu.

The first to fall was the Mac -- and it took a grand total of less than two minutes for security researcher Charlie Miller to break in.

Miller targeted the Mac for a simple reason --- breaking in was like taking candy from a baby.

"It was the easiest one of the three," he told Computerworld. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X."

More than a day later, hackers were still trying to break into the Vista machine. It was cracked only when the organizers of the challenge changed the rules and made the machine easier to break into, by adding a variety of third-party applications, including Acrobat Reader, Flash Player, Firefox, and Skype. A vulnerability in the Flash Player led to the successful break-in. The Ubuntu machine was never successfully breached.

This latest faceoff only confirms what security researcher Dino Dai Zovi noted a year ago, when he successfully broke into a Mac in a previous version of this year's security challenge. In an interview, he had this to say to Computerworld when asked whether Mac OS X or Vista is more secure:

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Here's more evidence that the Mac is less safe than PCs: Swiss Federal Institute of Technology researchers found that Apple patches vulnerabilities slower than does Microsoft. Researcher Stefan Frei said that "the number of unpatched vulnerabilities are higher at Apple" than at Microsoft.

There's other evidence that the Mac is far from safe as well, including the recent release of a Mac Trojan, called Troj/MacSwp-B. According to Computerworld, Sophos says the Trojan, "tries to scare Mac users into purchasing unnecessary software by claiming that privacy issues have been discovered on the computer."

The upshot in all this? If you want a safer machine, get rid of your Mac and get a Vista PC.

[Like this blog? Subscribe to the RSS feed here!]

What People Are Saying

Add new comment

Look

Submitted by Zulu on October 12, 2009 - 7:15 P.M.

Hey try to look at this

http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

No operating system is safe.
It is all made by Humans.

Reply | Report this comment

No truly secure system...

Submitted by Kenneth on August 21, 2009 - 2:28 A.M.

There is no TRULY secure system, they will all eventually get attacked. I'd say to just use the system that you're comfortable with and brush up on security tips. Windows can be one of the safest systems, if configured correctly.

Reply | Report this comment

No matter what fanboys say,

Submitted by El_Member on April 5, 2009 - 11:01 A.M.

No matter what fanboys say, Mac & Linux are safer and more secured than Windows i general. A simple reason is that Win is a lot more popular than both Linux and Mac combined and it is widely accepted as a standard OS.

Third Party developers have been developing applications for Windows a long time ago and so hackers which makes it a lot more weaker against viruses. Being hacked in less than two minutes is just an example to show that no OS is safe. Since OSs are created by humans they will always be imperfect since we're not perfect.

I have used all of the three (Ubuntu(8.10), Mac OS X, Win(XP,Vista)) and what I notice is that users tend to get Win because they already got used to it and many 3rd party devs use it as their standard so they rather stay on the safe side.

Both Mac and Linux beat the hell out of Win(specially Vista) when it comes to security and stability. Even Fedora, Solaris, RedHat or Debian are more stable, faster and secured better than Windows Vista. Nevertheless, Win 7 sounds like a huge improvement over Vista.

For those of you who think that Win Vista is better than XP I'd suggest trying out some games on the same PC for testing (try out games like CoD4, Crysis, Stalker....etc) what you will find is that Win Vista eats up almost 40% of the performance for nothing, even DirectX 10 "hidden power" looks like cr*p.

Reply | Report this comment

Security and viruses

Submitted by Garrett on July 23, 2008 - 10:27 P.M.

Windows proponents are always using the excuse "there are many more Windows users, thats why people write malicious code to attack them"

...That argument, though it is true there are more Windows users than Mac or Linux, is NULL. The truth is, Linux and Mac are more secure because they follow the Unix security model.

When you try to install a program on a Linux machine, the OS asks you for the administrative password to make sure the administrator of the system says it is OK to install the program. Now, if the administrator is dumb, they can provide the password to the OS, allowing the OS to install the program, and that program could be a virus. If the Unix security model is broken, and a malicious piece of software is installed onto the system, it is the administrative user's fault, not the OS's fault.

The problem with Windows is, that the programs themselves have too many privileges. This allows mal-ware and worms to freely install themselves onto the computer, without the user of the computer knowing the malicious code is installed on their system, until it is too late!

But also, with Linux, the code is OPEN-SOURCE...This means that there are literally millions of eyes looking at the code and reviewing it. If somebody finds suspicious/malicious code, it is known IMMEDIATELY, and made public, so everyone else knows NOT to install that specific code.

Also, updates and patches to known vulnerabilities of the Linux distributions are provided every single day. Microsoft only releases updates and patches on the first Monday ("Black Monday") of every month...so it may take 30 days for a known vulnerability or threat to be patched.

...These are the reasons that UBUNTU was the only OS in the PWN to OWN challenge that was not cracked!

Reply | Report this comment

Not Null at all

Submitted by Anonymous on January 18, 2009 - 3:43 A.M.

One of my professors addressed this topic in class recently. She's been in computers and technology awhile, says she was one of the ones who worked on the first virus to hit our university and was the tech support person until she decided that she hated dealing with people, in that capacity at least. It was actually a discussion point that came up in class. And it makes perfect sense unless you just don't want to see it. Why is PC hacked so often, because it's a HUGE target and way too much temptation. You really think that if MAC became the popular choice (which is unlikely considering the pricing of their products), that they wouldn't be hacked just as often? It's about the temptation to do it and believe me, no system is foolproof. Even linux. Give it enough time, I'm sure that would fall too.

Reply | Report this comment

Huge Target?

Submitted by BillH on July 27, 2009 - 1:32 P.M.

Of COURSE she's going to say that. And, by the way, most of the sensitive data is stored on *nix machines used by banks, stock market, etc. THAT is the data that black hat hackers want to mine but cannot. The desktop PC is quite vulnerable to attacks BECAUSE of Windows. It makes no sense to go after single PCs. It makes a lot more sense to go after servers - specifically servers for financial services (which use *nix).

While I agree with you that no system is "foolproof", only a fool would play the popularity card. For today's black hat hackers, popularity is not a reason for breaking in to a computer - the information you can get from that computer IS.

Reply | Report this comment

Umm, Ubuntu Linux was the

Submitted by Anonymous on October 10, 2008 - 6:20 P.M.

Umm, Ubuntu Linux was the only secure OS in the test.

The conclusion of this article is to adopt Ubuntu Linux, not Vista.

Reply | Report this comment

Lol, you're right!

Submitted by Anonymous on August 17, 2009 - 7:41 P.M.

Lol, you're right!

Reply | Report this comment

Re: Security and viruses

Submitted by Anonymous on August 20, 2008 - 10:31 P.M.

The Unix security model is a joke. It has the concept of a single all-powerful system administrator, which is incredibly insecure. For example, if I want to change a password, I have to run as the administrator, which allows me to do ANYTHING to the system. Ideally, in this case, I should be restricted to ONLY being able to change a single user's password (which is the permissions I really asked for), but Unix doesn't work that way. It's like leaving the keys for the safe on your desk. If someone breaks in through the Unix front door, they have complete access to your entire system.

Likewise, programs in Unix can (and do!) run with the privileges of the administrator that installed them. Therefore, if you can get one of these programs (which often run in the background) to do something nasty by exploiting a bug, you'll be able to do anything to the system because it's running under the all-powerful administrator. This is why it was so easy for that security researcher to break into a Mac.

A better security model would segment/limit what a single user or program can do. When you are granted permission to do one thing, you shouldn't be allowed to do any other harmful thing. Unix was not originally designed to be secure. It wasn't even a thought. Unix and its C language literally invented the buffer overflow. Security in Unix has been a tacked-on afterthought and it shows.

Reply | Report this comment

Huh?

Submitted by Anonymous on May 14, 2009 - 2:04 P.M.

"The Unix security model is a joke. It has the concept of a single all-powerful system administrator, which is incredibly insecure. For example, if I want to change a password, I have to run as the administrator, which allows me to do ANYTHING to the system."

Wrong! The administrator is NOT the most powerful user in Unix, root is. root is disabled in OS X and I believe many Linux packages ship with it disabled as well. The administrator cannot do anything to the system even using sudo. They are things only root can do.
Running as administrator in Windows, you could look another users files without doing anything special or you could even delete the entire profile if you want with nothing stopping you.
Running as administrator in OS X, you cannot even look at another users profile or delete it without jumping through hoops.

"A better security model would segment/limit what a single user or program can do."

Unix does this now.

http://en.wikipedia.org/wiki/Sticky_bit
http://www.manpagez.com/man/1/chmod/

"Unix was not originally designed to be secure. It wasn't even a thought."

Your lack of knowledge of Unix sticks out like a sore thumb. Unix was built to be a multi-user system from the ground up, with security being necessary. Yes, just like every OS, Unix suffered from security issues early on, however over the years it was hardened, so much so it makes Windows look like swiss cheese.

Reply | Report this comment

Related Posts

Security pro: Five ways Apple fails on security
Four things Apple can learn from Microsoft about security
Researchers: Macs are less secure than Windows PCs
Microsoft has serious plans to do away with Windows

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
Elpida inks DRAM tech, outsourcing deal with Taiwan's ProMOS
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.