Filed under: Analysis / Opinion, eMac, Security
Leo says Macs not inherently safer than Windows
Mac security is a subject near and dear to my heart, especially since lots of folks on the Mac web disagree with me (and let me know in the comments). I am firmly in the camp that Macs aren't perfect, and that eventually someone is going to take advantage of a trusting Mac user base and cause lots of trouble. Other folks think that Macs are vastly superior to Windows, and that a scenario like that would never happen.At least I have Leo on my side, though I had never heard of Leo until recently. He writes Ask Leo! and his most recent question was, 'Is it true that Macintosh is very safe in that viruses cannot get through? And what about emails? Can others sniff and get info using mac?'
Leo admits that he doesn't own a Mac but he contends that no software is perfect. Therefore, it is conceivable that Macs might encounter security issues, however, thanks to the small marketshare hackers aren't paying attention to the Mac.
Perhaps a man who doesn't own a Mac isn't the best ally in this fight, but I have to take what I can get.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Doug said 10:08AM on 11-22-2005
I am sure LEO LAPORTE would have a different opinion. He's the real Leo; this one is a defective clone.
Reply
dan said 10:08AM on 11-22-2005
yes, mac's aren't percent.
Reply
Dan said 10:19AM on 11-22-2005
"Are Mac's inherently safer?" You misunderstood. He meant to ask whether something belonging to a guy named Mac is inherently safer. I happen to be a former friend of Mac, and I know that his computer (a Dell laptop) has a short-circuit in it and is about to explode. In fact, most of Mac's possessions are quite dangerous. I'm really annoyed: when is Mac going to start thinking about somebody other than himself?
Reply
Scott McNulty said 10:16AM on 11-22-2005
Neither am I, it seems, Dan.
It is fixed now. :)
Reply
frumin said 10:32AM on 11-22-2005
Due to the design of OS X, it is almost impossible to cause a significant damage to the system. In the worst case scenario, an intruder will have an access to a handful of files and your home directory. With a freakish luck, he/she may be aware of an uncovered local exploit that will elevate user's privilages but the same can be said about any operating system with user access control. Unless you change file permissions on / and don't pay attention to services running on your computer, it is a safe assumption that your system won't be damaged beyond repair.
Reply
Jesse Hogue said 10:44AM on 11-22-2005
As much as I love my Mac, I am not stupid. No software, and I mean NO software is totally hacker proof. And no operating system is totally immune to viruses. Having someone telling everyone not to worry is rubbish. It causes confusion and in the end, that will be why people get a virus when it does come out. "Well I read that macs were immune!"
Reply
MikeN said 10:51AM on 11-22-2005
The age-old market share argument doesn't become any more true by being repeated constantly. See the following article (written by a security pro) for an explanation. It focuses on Linux but the conclusions apply to Mac OS X as well.
Linux vs. Windows Viruses - http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
Reply
Michael said 11:03AM on 11-22-2005
Macs aren't much safer than Windows.
They are less popular than Windows, and therefore not many virusses are coded for Mac.
But now the point is: when the beta of Windows Vista came out a couple months ago, within days there were three virusses specifically for Vista. Vista is far less popular than Mac OS X. Why would anyone write a virus for an OS that only has a couple thousand copies?
So maybe the OS core of Mac OS is safer?
Reply
Thorn said 11:02AM on 11-22-2005
As OS X's marketshare continues to expand, more and more "regular" user (read: less computer savvy than the current OS X crowd) are going to be "switching".
If anyone really thinks that just because OS X prompts you for your password before doing anything "serious" to the system is going to protect the "regular" user, then they seriously should go work with a few "regular" users for a few days. These folks are going to have NO problem typing in their password anytime that OS X asks for it. They're *not* going to stop and think "hmm, it's asking for my password after I clicked on this file that I got in email -- maybe I shouldn't do that".
Reply
Thorn said 11:14AM on 11-22-2005
One of the points of the article over at The Register is that Windows is evil because most everyone uses Outlook or Outlook Express.
He thinks Linux is great because only god knows what email client a user would be using (KMail, Mozilla Mail, Evolution, pine, mutt, emacs).
Seems like the majority of OS X folks use Mail.app, putting it in the same boat as most Windows folks using Outlook.
IMO, the guy was stretching with some of his points when it comes to Linux and security, ... very few of it can be applied to the OS X world.
Reply
Thorn said 1:10PM on 11-22-2005
"Why would anyone write a virus for an OS that only has a couple thousand copies?"
Because in short order after being released, it'll be fast on its way to becoming the OS w/ the most marketshare.
Because a lot of people hate Microsoft and love to embarass them whenever possible (esp. after they make bold statements about how safe their next OS is going to be).
Because it probably wasn't very hard for them take the skills they got writing XP malware and tweak them to write Vista malware. :)
Reply
ToeKnee said 11:38AM on 11-22-2005
Thorn,
As I just wrote over on Leo's site:
-------
The definitive guide to this was the "Mad as Hell; Switching to Mac" series of blogs by Computer Security Expert Winn Schwartau. He gave the Mac platform a one-month trial and evaluates all the angles on his blog at http://securityawareness.blogspot.com/2005/09/mad-as-hell-switching-to-mac-1-16.html
One month conclusion? "GRADE: A-: For managing to create a much safer and more secure computing environment that is more productive than any WinTel solution I have seen since DOS 5.0. (DOSTEL)."
and, 3 months later, in his 17th installment and conclusion to the series he writes: "My first goal was to determine if the Mac switch was worth it, and yet, it was unquestionably one of the smartest things I have ever done, albeit late. My tech-stress level is way down. Things just work they way they should. My productivity is way the hell up! I dont have to waste time trouble shooting."
Leo, you really need to at least borrow a Mac to try before you try to answer the question posed...
-------
Reply
consumer_q said 11:40AM on 11-22-2005
" I am firmly in the camp that Macs aren't perfect, and that eventually someone is going to take advantage of a trusting Mac user base and cause lots of trouble. Other folks think that Macs are vastly superior to Windows, and that a scenario like that would never happen."
Then there are other folks yet, who do not believe Macs are perfect, but vastly superior to Windows in terms of security, and although there may be exploits the trouble-causing will be far smaller than the security flaws that Windows offers.
Reply
ex2bot said 12:34PM on 11-22-2005
It would be nice if people expressed only informed decisions online. But we all know that doesn't always happen. Someone comes up with a clever "comeback" against Macs, such as "Well, there aren't any of them so they don't get viruses," and everyone passes it around.
It is an interesting hypothesis, but where's the evidence? I had an Amiga years and years ago. There were a total worldwide 3 million (IIRC) Amiga owners.
Only 3 million! Total!
And we had viruses. Perhaps a few dozen.
OS X has 0. Now, does that mean it is bulletproof? No. It just adds doubt to the hypothesis that having a small userbase prevents viruses.
Evidence that OS X is "more" secure:
1. Since 2000, OS X has shipped with all ports closed. Yes, I know that Service Pack II (WinXP) ships with the firewall activated--thank goodness!! But that's a recent change.
2. No ActiveX.
3. System is protected. Not perfect, but it is protected.
4. System warns user before completing download of an application.
5. System warns user before running any app (other than system apps, I think) for the first time.
6. Safari (web browser) blocks pop-ups and does not allow cookies from advertisers' sites. That helps confound advertisers' efforts to profile users (read grc.com).
7. Apache doesn't run as root.
8. OS X has been around for about five years now with no viruses, worms or spyware. Fact as of 11/22/05
Ex2bot
Reply
brian-good-fellow said 12:48PM on 11-22-2005
Laugh. Yes, Lots of people get it. You can have a safer car and a safer OS, but there are still no guarantees in life.
Yes, OS X shouldn't allow you to install apps with out passwords, but this is not fool-proof. Plus, a lot of hacks, spy-ware, viruses do not care about complete control, just stealing data or cpu cycles.
Spam is an issue in Mail. that's why everyone has a spam filter for their apps.
Tips
Use a great password, not your dogs name, bob, 1234, etc. If I can go thru your files and guess your password in a day/week, then a crack program probably has it by now.
Turn on all the goodies - firewall, block UDP Traffic, log firewall, enable stealth
Use multiple login accounts for different tasks - paying bills, work, play. This helps separate risk if one doesn't gain root access.
Lock down documents by storing them in password protected disk images. Only keep those images mounted when they are being used.
Back up.
Leave your computer off. Always. this guarantees you can't catch anything. =+)
Reply
David said 1:05PM on 11-22-2005
The Mac is inherently safer than Windows. The Mac's OS is not perfect and will probably some day be struck by a virus. The two statements are not mutually exclusive. Why do you have trouble with those two concepts?
Reply
FlacoakaIntruder said 5:28PM on 11-22-2005
well guys... you are having serious problems on determining how secure an OS can be. Im not an expert on the subject, but i can say know a lot, cause of my work. You dont determine the security of an OS saying that an user can type its password every time its prompted.. Or saying that an OS is not secure enough, cause someone spent 3 days attacking it with a bruteforce cracking program, and in fact got the telnet or ssh password. C'mon, that doesnt have anything to do wiht "OS security", thats USER security. If you dont use a good pass, or you leave ports opened, or you neglect to read wich application is asking you for your pass, then thats YOUR fault. Your BAD... I've benn using a mac for 2 years now, and i can say that is a LOT secure than Windows, and by a lot a I mean %150+... Just think this, a regular user, doesnt have to worry about antivirus, port that come open by default, pop ups, etc... But lets get real, no software ever made is TOTALLY inmune to malware.. so OSX isnt inmune. As someone said before, OSX comes well protected.. and that protection is compared with linux protection!! (and thats big).
Reply
jomy said 8:22PM on 11-22-2005
The primary reason for Windows insecurity is the fact that by default users run as root. So when your infected your totally screwed.
On the Mac however, malware can do very limited damage because users don't run as root.
I also firmly believe a big part of the virus problem is because Microsoft has made a lot of enemies over the years. How many companies have been put out of business and developers pissed-off by their monopolistic tactics.
Apple on the other hand has kept it's nose clean for the most part and has a lot of karma to burn. Apple has a very loyal fanbase and when issues crop up there are usually freeware solutions available quickly. I'm certain that should a virus present itself the community will respond quickly to eradicate it.
Reply
Gary Rogers said 9:24AM on 11-23-2005
Two words: Attack Surface. Try this easy experiment. In a command window on a Mac and on Windows do the following: netstat -a. Now count the number of open ports. Who has more?
Reply