Baltimore Sun (Re)Examines Windows Vs. Mac Security Issues

Windows Vs. Mac security issues have been a bit of a hot button issue at TMO of late. For instance, an influx of Windows users took offense to an article we published putting the damages from the SoBig virus at up to US$1 billion. They expressed their poorly worded displeasure in our article comments, mostly rallying around the cry that the Macis only defense was Security Through Obscurity (STO).

The theory of STO says that if not enough people use a platform, no one will try to break into it. Mac detractors say that Appleis 3% market share means that the Mac has STO. As we discussed in a follow up article yesterday, security firm mi2g said almost a year ago that the Mac did not benefit from STO, and that the Mac platform was specifically the least vulnerable to attack. At the same time, mi2g listed several far more obscure platforms that had been the victims of many, many more attacks than the Mac platform did during the same period, which was part of the reason that the security firm did not offer STO as the reason the Mac was more secure.

In the midst of this discussion comes the newest column from Dave Zeiler at the Baltimore Sun, which deals with this exact issues. Mr. Zeiler writes the Mac Experience column for the Sun, where he touches on many issues relating to the Mac platform. In his column from last week, Mr. Zeiler looked at how Mac users tended not to worry about whatever virus was plaguing the Windows world. Included in that column were comments from an anti-virus software developer who said that Macs were no more secure than a PC, presumably a Windows PC. This week, Mr. Zeiler offers a clearer picture of the market, thanks in part to some of the feedback from the last week. From this weekis column:

Last week, I concluded that Apple Computer Macintosh OS X provided safer computing than Microsoft Windows operating systems -- in part because its small market share offers Internet villains too little opportunity to spread mayhem and partly because OS X ships with all of its vulnerable services turned off. This blocks potential attackers from gaining access to the systemis software in the first place.

The disputed quote arose in the effort to ascertain whether OS X is inherently more secure than Windows -- that is, harder to crack -- or is the dearth of viruses and worms for the Mac a result of "crackers" considering it not worth the time.

Incidentially, several e-mail writers objected to the use of the blanket term "hackers," which more accurately describes people adept at crunching code, and not necessarily for malicious purposes. "Crackers" is the term preferred for virus and worm writers. A larger group -- the "script kiddies" -- simply download other peopleis malware and tweak it.

The remark that many readers found objectionable came from Graham Cluley, senior technology consultant of British anti-virus software firm Sophos PLC.

"Itis perfectly possible to write viruses for Apple Macs," Cluley said. "Indeed, a Mac has no more inherent security than a PC, but virus writers appear motivated by a desire to cause widespread havoc and so have concentrated on the market leader."

Many readers, most of them computer programmers, vehemently disagreed.

The full article goes on with examples of some of those reader comments, some comments from Microsoft, Graham Cluley (who backpedaled a bit), and other related information on how security issues are handled by Mac OS X. We recommend it as a good read.