Mac owners boast of virus, worm immunity vs. Windows’ swiss cheese security

“Mac owners have long boasted of their immunity to viruses. But with Unix-based OS X, it’s a whole new ball game,” Alex Salkever writes for BusinessWeek.

“In the wake of the MyDoom/Novarg fiasco, every Mac columnist has an easy out. After yet another virus attack has hammered the Windows world, the automatic response has been to pen the standard Mac gloat. It goes something like this: I didn’t get this virus because I have a Mac. In fact, I never get viruses. Never have, never will. That’s because Mac software is simply better than Windows software. So there,” Salkever writes.

“The game changed for Apple when it transitioned from OS 9’s fairly unique operating system to the Unix-based OS X. That meant any attack aimed at Unix machines could affect Macs. And there have been plenty of virus and worm attacks aimed at Unix. In short, now that Apple has Unix under the hood, Steve Jobs can’t rely on security through obscurity. The argument that Apple is safer because of its marginal place in computing’s cosmos no longer applies. With its embrace of Unix, Apple has joined a big family — and it keeps growing, thanks to Linux and other open source versions of Unix,” Salkever writes.

Salkever then plods through the many reasons Mac OS X is more secure than Windows XP and concludes, “Not everything in OS X is secure. The relatively short length of the passwords for accessing individual accounts isn’t a good thing. And security experts have found a steady stream of bugs in OS X requiring fixes. But for lowest-common-denominator attacks coming through e-mail attachments such as Mydoom, Apple offers far better protection than Microsoft. That’s particularly encouraging now that the Mac is playing in the far rougher and more populous Unix neighborhood, where security shortcomings could lead to disaster.”

Full article here.

MacDailyNews Take: Salkever tries the “Security Through Obscurity Myth” on for size, but is rather unconvincing – particularly because it isn’t true. The underlying tone Salkever tries to weave throughout is that Mac OS X could be suseptable to worms and viruses, but he proves nothing and fails to state that there are no worms or viruses for Mac OS X to date. Quite a large fact to leave out of such an article, Alex. So there.

Related MacDailyNews articles:
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003


  1. Does Salky with all his talking ’bout being now in the big arena, exposed to ‘hostile net environment’ (Micros**t citation) that we are already in the 4th year? OS X successful attacks? ZERO. There is the same probability to have a virus as BSD Unix has, that is the overall most secure and robust *nix flavor so far.

    Actually, OS X should even perform better than that with its additional default undertaken security steps.

  2. Anyway, reading it from the perspective of a Wintel user, it is an article that casts doubts in the right direction.

    The message seems – in short to be – that the Mac was protected by obscurity before (so there Mac users, that’s why you were getting no virus) but that cannot be said anymore. Still, the situation remains, so MAYBE, THIS TIME, Apple is protecting its users better than others.

    Windows world got ANOTHER worm: the worm of doubt: MAYBE there is something good in those Macs after all.

    ” width=”19″ height=”19″ alt=”grin” style=”border:0;” />

  3. What has password security got to do with virus? Generally virus don’t rely on cracking your password…

    I think there ethics that virus writers adhere to as well. Probably only target companies/systems that they feel have not been playing “fair”.

  4. �To use words wrongly and indefinitely is not merely an error in itself, it also creates evil in the soul.� Socrates

    Gee, I knew that Macs were better than PC’s, but I had no idea that Microsoft apologists were also evil.

    Purge this evil from your mind, Alex, by careful and objective analysis of the inherent differences between OS X and Windows. Please, for your own good compare and contrast.

  5. No one brags about unsuccessful attacks on OS X. What a feather in one’s cap to say that they were the first to bring down the impenetrable OS X.

    �Obscurity?� All this hot air from the orifices of the Windoze world should have eliminated all anonymity. I get the impression that these people believe that the louder they scream the more convincing their argument. Sad, sad, sad.

  6. Mr. Salkever:

    You said that if Macs made up 95% of the world’s computers there would be viruses and other little nasties attacking them. Well, let’s test this hypothesis. You and your Windows colleagues buy equivalent numbers of Macs from Apple, distribute them, and monitor the number of successful attacks. After a sufficient period of time we can compare hard data. OK?

  7. One thing that separates Windows and Unix, is that security was a priority from day 1 at AT&T’s Bell Labs and Microsoft is just now taking security seriously (supposedly). Unix has been working on security issues for 30+ years, where as Windows started working on the issue maybe 2 years ago. That’s a lot of catching up to do if you ask me.

  8. Wow guys, cool down. I think most of you are overreacting a bit here. While the article is not particularly good it isn’t just another “security through obscurity” myth. In fact, it goes somewhere towards debunking that.

    What we have here is an article that starts off with a wrong premise, and then refutes that, to go on to say why OS X is still more secure than windows. There are some inaccuracies in there, but to put it in the same boat as Enderle’s drivel is damn unfair!

    I’ve just gone through the full article and this is what I found:

    “It goes something like this: I didn’t get this virus because I have a Mac. In fact, I never get viruses. Never have, never will.”

    Now this sentence alone destroys his whole piece from the get go. It’s complete bull, and I think we should challenge Salkever to show as a columnist or Mac writer who ever claimed that. Heck I haven’t even seen this shite from forum 10 year old forum kiddies! So, Salkever, if you make a claim please back it up.

    It then gets a bit explaining the myth put out by windows users to be only a myth, until he gets to this:

    “Few self-respecting hackers would want to waste their time plumbing the files of a bunch of advertising agencies or grade-school computer networks, two areas where Macs maintain a strong presence.”

    The “self-respecting” hackers aren’t the ones that write the VBscript virii or go mining for email addresses or cc numbers. The self-respecting ones are the ones that like to overcome the biggest challenge, which at the moment must be OS X. The others are just a bunch of little delinquents with no social life or decent use for their computer.

    He then goes on to talk about OS 9s security which is generally ok except for this:

    “Also, Macs used their own funky languages, such as data-communications protocol Apple Talk. That meant miscreants seeking to write viruses for Macs would have had to learn new coding skills which, invariably, were a bit more complicated than the paint-by-numbers Visual Basic, the favorite coding tool of virus writers.”

    Putting AppleTalk alongside VB is rather silly, as they serve completely different purposes. It’s obvious he meant AppleScript, and I’ll give him the benefit of the doubt that he just forgot to proof-read.
    Even so, AppleScript takes no time to learn and wouldn’t be a hurdle to any decent hacker. The difference in assembler language would be more of a barrier for any more than casual hacker.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.