News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Preston Gralla's picture
Preston Gralla

Seeing Through Windows

More posts | Read bio

April 1, 2008 - 12:17 P.M.

Why Windows is safer than the Mac

100 comments

Mac users have long gloated that the Mac OS is safer than Windows. The gloating should stop: There's plenty of recent evidence that Vista is, in fact, a safer operating system than Mac OS X.

The most public piece of evidence is the recent "Pwn to Own" challenge, in which security pros were issued the challenge of trying to break into three laptops, a Mac, a PC laptop running Vista SP1, and a laptop running Ubuntu.

The first to fall was the Mac -- and it took a grand total of less than two minutes for security researcher Charlie Miller to break in.

Miller targeted the Mac for a simple reason --- breaking in was like taking candy from a baby.

"It was the easiest one of the three," he told Computerworld. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X."

More than a day later, hackers were still trying to break into the Vista machine. It was cracked only when the organizers of the challenge changed the rules and made the machine easier to break into, by adding a variety of third-party applications, including Acrobat Reader, Flash Player, Firefox, and Skype. A vulnerability in the Flash Player led to the successful break-in. The Ubuntu machine was never successfully breached.

This latest faceoff only confirms what security researcher Dino Dai Zovi noted a year ago, when he successfully broke into a Mac in a previous version of this year's security challenge. In an interview, he had this to say to Computerworld when asked whether Mac OS X or Vista is more secure:

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Here's more evidence that the Mac is less safe than PCs: Swiss Federal Institute of Technology researchers found that Apple patches vulnerabilities slower than does Microsoft. Researcher Stefan Frei said that "the number of unpatched vulnerabilities are higher at Apple" than at Microsoft.

There's other evidence that the Mac is far from safe as well, including the recent release of a Mac Trojan, called Troj/MacSwp-B. According to Computerworld, Sophos says the Trojan, "tries to scare Mac users into purchasing unnecessary software by claiming that privacy issues have been discovered on the computer."

The upshot in all this? If you want a safer machine, get rid of your Mac and get a Vista PC.

[Like this blog? Subscribe to the RSS feed here!]

What People Are Saying

Add new comment

No matter what fanboys say,

Submitted by El_Member on April 5, 2009 - 12:01 P.M.

No matter what fanboys say, Mac & Linux are safer and more secured than Windows i general. A simple reason is that Win is a lot more popular than both Linux and Mac combined and it is widely accepted as a standard OS.

Third Party developers have been developing applications for Windows a long time ago and so hackers which makes it a lot more weaker against viruses. Being hacked in less than two minutes is just an example to show that no OS is safe. Since OSs are created by humans they will always be imperfect since we're not perfect.

I have used all of the three (Ubuntu(8.10), Mac OS X, Win(XP,Vista)) and what I notice is that users tend to get Win because they already got used to it and many 3rd party devs use it as their standard so they rather stay on the safe side.

Both Mac and Linux beat the hell out of Win(specially Vista) when it comes to security and stability. Even Fedora, Solaris, RedHat or Debian are more stable, faster and secured better than Windows Vista. Nevertheless, Win 7 sounds like a huge improvement over Vista.

For those of you who think that Win Vista is better than XP I'd suggest trying out some games on the same PC for testing (try out games like CoD4, Crysis, Stalker....etc) what you will find is that Win Vista eats up almost 40% of the performance for nothing, even DirectX 10 "hidden power" looks like cr*p.

Reply | Report this comment

Security and viruses

Submitted by Garrett on July 23, 2008 - 11:27 P.M.

Windows proponents are always using the excuse "there are many more Windows users, thats why people write malicious code to attack them"

...That argument, though it is true there are more Windows users than Mac or Linux, is NULL. The truth is, Linux and Mac are more secure because they follow the Unix security model.

When you try to install a program on a Linux machine, the OS asks you for the administrative password to make sure the administrator of the system says it is OK to install the program. Now, if the administrator is dumb, they can provide the password to the OS, allowing the OS to install the program, and that program could be a virus. If the Unix security model is broken, and a malicious piece of software is installed onto the system, it is the administrative user's fault, not the OS's fault.

The problem with Windows is, that the programs themselves have too many privileges. This allows mal-ware and worms to freely install themselves onto the computer, without the user of the computer knowing the malicious code is installed on their system, until it is too late!

But also, with Linux, the code is OPEN-SOURCE...This means that there are literally millions of eyes looking at the code and reviewing it. If somebody finds suspicious/malicious code, it is known IMMEDIATELY, and made public, so everyone else knows NOT to install that specific code.

Also, updates and patches to known vulnerabilities of the Linux distributions are provided every single day. Microsoft only releases updates and patches on the first Monday ("Black Monday") of every month...so it may take 30 days for a known vulnerability or threat to be patched.

...These are the reasons that UBUNTU was the only OS in the PWN to OWN challenge that was not cracked!

Reply | Report this comment

Not Null at all

Submitted by Anonymous on January 18, 2009 - 4:43 A.M.

One of my professors addressed this topic in class recently. She's been in computers and technology awhile, says she was one of the ones who worked on the first virus to hit our university and was the tech support person until she decided that she hated dealing with people, in that capacity at least. It was actually a discussion point that came up in class. And it makes perfect sense unless you just don't want to see it. Why is PC hacked so often, because it's a HUGE target and way too much temptation. You really think that if MAC became the popular choice (which is unlikely considering the pricing of their products), that they wouldn't be hacked just as often? It's about the temptation to do it and believe me, no system is foolproof. Even linux. Give it enough time, I'm sure that would fall too.

Reply | Report this comment

Umm, Ubuntu Linux was the

Submitted by Anonymous on October 10, 2008 - 7:20 P.M.

Umm, Ubuntu Linux was the only secure OS in the test.

The conclusion of this article is to adopt Ubuntu Linux, not Vista.

Reply | Report this comment

Re: Security and viruses

Submitted by Anonymous on August 20, 2008 - 11:31 P.M.

The Unix security model is a joke. It has the concept of a single all-powerful system administrator, which is incredibly insecure. For example, if I want to change a password, I have to run as the administrator, which allows me to do ANYTHING to the system. Ideally, in this case, I should be restricted to ONLY being able to change a single user's password (which is the permissions I really asked for), but Unix doesn't work that way. It's like leaving the keys for the safe on your desk. If someone breaks in through the Unix front door, they have complete access to your entire system.

Likewise, programs in Unix can (and do!) run with the privileges of the administrator that installed them. Therefore, if you can get one of these programs (which often run in the background) to do something nasty by exploiting a bug, you'll be able to do anything to the system because it's running under the all-powerful administrator. This is why it was so easy for that security researcher to break into a Mac.

A better security model would segment/limit what a single user or program can do. When you are granted permission to do one thing, you shouldn't be allowed to do any other harmful thing. Unix was not originally designed to be secure. It wasn't even a thought. Unix and its C language literally invented the buffer overflow. Security in Unix has been a tacked-on afterthought and it shows.

Reply | Report this comment

Huh?

Submitted by Anonymous on May 14, 2009 - 3:04 P.M.

"The Unix security model is a joke. It has the concept of a single all-powerful system administrator, which is incredibly insecure. For example, if I want to change a password, I have to run as the administrator, which allows me to do ANYTHING to the system."

Wrong! The administrator is NOT the most powerful user in Unix, root is. root is disabled in OS X and I believe many Linux packages ship with it disabled as well. The administrator cannot do anything to the system even using sudo. They are things only root can do.
Running as administrator in Windows, you could look another users files without doing anything special or you could even delete the entire profile if you want with nothing stopping you.
Running as administrator in OS X, you cannot even look at another users profile or delete it without jumping through hoops.

"A better security model would segment/limit what a single user or program can do."

Unix does this now.

http://en.wikipedia.org/wiki/Sticky_bit
http://www.manpagez.com/man/1/chmod/

"Unix was not originally designed to be secure. It wasn't even a thought."

Your lack of knowledge of Unix sticks out like a sore thumb. Unix was built to be a multi-user system from the ground up, with security being necessary. Yes, just like every OS, Unix suffered from security issues early on, however over the years it was hardened, so much so it makes Windows look like swiss cheese.

Reply | Report this comment

That is actually what most

Submitted by Tom Wright on October 15, 2008 - 6:01 P.M.

That is actually what most modern linux desktops do using policy kit; it only gives permission to access the resources requested. This is advanced even further using App Armour or SELinux as they track which resources a program needs to access then restricts the program based on them. A single root administrator works well as it leaves no ambiguity as to which rights it entailed. If you want to give rights to ordary users you should use sudo or policy kit.
The OSX machine was not rooted, it was just a bug in safari which was compromised. If it had been a Linux machine that bug in webkit would have been fixed (it had been ages before the contest) and such an early and untested release of webkit probably wouldn't have been used. The main webkit browser on linux is epiphany and that separates the engine from the ui anyway meaning user impact would be less likely.

Reply | Report this comment

try this on

Submitted by Larry on July 3, 2008 - 1:15 P.M.

Some people say that because there are so many more Windows machines out there, it makes sense that if you are going to spend a lot of time writing some malicious code that it would be for the Windows machine. If you go onto a AntiVirus website though like Symantec for example you will see that many viruses written for the Windows platform rarely affect a large audience. Every now and then you will here about a big one. But the attacks are frequent.

So if I were to spend the time writing one and want to make a name for myself I would think I would try to do it on Mac. Why you may ask. Well because most Mac users have no third party software against viruses which would mean I could infect most of them. Also, because it is old news hearing about attacks on PCs, an attack against the Mac would stand out in the news. Not to mention those people who think PCs are just as secure as Macs would cry out loudly "There you go, we were right."

Reply | Report this comment

I remember....

Submitted by Larry on July 3, 2008 - 1:01 P.M.

I have been in this business fro about 25 years and I have done a lot of development/hardware troubleshooting/software troubleshooting/system and network administration, etc etc. I have done pretty much everything and have stood by Windows since around 3.1 for workgroups.

In my home I replaced one of my Windows machines with a iMac about 6 months ago. At first it just sat there with only me using it while I gave my wife some incentive to at least try and use it. I gave her a little bit of training and in a few days she took to it.

Today my kids will access some websites that only work well with IE on one of my Windows machines but overall my whole family loves the iMac for many reasons and wants me to get more so that they do not have to share as much. We all have grown to love it more than PC.

Now I would like to target one thing about this article. Nearly 20 years ago Unix was the bomb and the choice, MS-DOS was the choice on PCs and Windows was just catching on, and Novell Netware was dominate. Security was best achieved on Unix. Windows NT came out and began taking the market from all of them and it was not because it was better. Today it does not surprise me that UNIX based OSs are out for the intel platform and beginning to take market share. Really, if you want to compare, they have stood the test of time and have been more secure since before Windows.

People can talk smack if they want to. I know that my family loves the Mac better and they want more. I have already bought my wife an iPhone, bought my kids iPods, bought my mother a new iMac (she never used any computer before) and she loves it, and I bought a friend up in Virginia a iMac so that we can better communicate. My friend sent me his PC to work on because of all the spyware and malware. I could have saved the data, reloaded it, and sent it back. Instead, I bought him a iMac, loaded VMWare Fusion on it, and imaged up his old machine to run in VMware on the iMac. It blew his mind when he received it.

I would suggest people getting on the bandwagon and try to use a Mac for a while. Then decide. Buying new is more expensive compared to PC. But a PC capable of doing what a Mac can will end up costing more in money and in time. The Mac just works.

Reply | Report this comment

So you bought about $------

Submitted by blinkdt on October 27, 2008 - 12:07 A.M.

So you bought about $------ worth of iPods, iPhones, and iMacs and now everyone in the house can surf the Web, read e-mail, and listen to music? Sounds like you got'cher self a house full of iDiots. And you get to look forward to a lifetime of money down an Apple rat hole. Keep an accounting, it would be interesting to see how much you and your brood spend over the next 30 years.

Friend's computer is loaded with spyware and malware, eh? Yup, that's a Mac candidate if ever there was one. pr0n surfin' on a Mac just works, I suppose.

But stupid is cureable via education and clean living. My after school club of computer geeks once had a contest: who can load up the most crap on their computer in 30 minutes? The winner had more than 15 errant pieces of spyware/malware. Every machine benefitted from a reinstall (took an hour each using our unattended install methods).

None of these kids suffer spyware/malware issues at home. None of them own a Mac, nor do they want one. Go figure.

Reply | Report this comment

Related Posts

Four things Apple can learn from Microsoft about security
Researchers: Macs are less secure than Windows PCs
Microsoft honcho: Vista is the "most secure OS on the planet"
Microsoft has serious plans to do away with Windows

Today's Top Stories

Context-aware mobility: What is it and how will it change the business world?
Vista Ultimate users fume, rant over Windows 7 deals
Elgan: The carrier coup must be stopped
DOJ officially opens investigation into Google Book Search
Judge temporarily dismisses MySpace cyberbully case
Mozilla slates first Firefox 3.5 patch
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.