“Critics say that Microsoft operating systems and software are so dominant on the desktop, and so prevalent in the back-end world of servers and business systems, that viruses, worms and other attacks can spread far more quickly and cause more widespread disruption than they would if the world of computing were more diverse. In other words, the dominance of Microsoft Windows has created a dangerous digital monoculture,” Mike Himowitz reports for The Baltimore Sun.
Himowitz reports, “Although computer scientists have grumbled about this for years, the issue bubbled into the public consciousness in September, when a group of security experts, backed by the Computer & Communications Industry Association, issued a report warning that the growth of the Internet and Microsoft’s hegemony (including its dominance on government desktops) posed a threat to national security.”
“This was particularly troublesome, they said, in light of Microsoft’s miserable record of writing insecure software – and its frequent security patches, which corporate and individual users may or may not learn about or bother to install,” Himowitz reports. “To be fair, the authors of the report and the trade group that backed them are longtime critics of Microsoft’s monopoly. But their conclusions ring true. Just look how fast worms and viruses such as MyDoom, Bagle.a, Sobig, MsBlast and other recent invaders that target flaws in Windows have spread. That’s a testament to the danger of a monoculture.”
So far, so good, but Himowitz is about to lose his mind – and his credibility…
Himowitz reports, “What’s the solution? To critics, it would be a more “biodiverse” computing environment, with a better mixture of operating systems and software. But what are the chances of that? The only alternatives are the Apple’s Macintosh operating system, and Linux or other variants of Unix.”
“Experts say both are more secure than Windows, but neither is perfect. Nor are any alternatives close to Windows in market penetration. Apple has less than 5 percent of the PC market, while Linux – popular for Web servers and other back-end systems – isn’t a factor in the consumer world. It’s hard to imagine a scenario in which either would threaten Microsoft’s share of the desktop market,” Himowitz reports. “Also, their relative safety lies in their obscurity. After all, who wants to write a virus for 5 percent of the market? If either were to make considerable inroads with users, it would generate far more interest among hackers, worm and virus writers than either has – and undoubtedly prove far less secure.”
[MacDailyNews: Bzzzzt. Please try again:
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004]
Himowitz writes, “Nor are most customers likely to set up digitally biodiverse environments solely for security. A mixed bag of Windows, Mac and Linux machines might be harder to put out of business, but from a management standpoint, it’s a nightmare to maintain and support. Ditto for home users. Do you want three kinds of computers with incompatible software and different user interfaces, in your house?”
[MDN Questions: How about just getting three Macs instead? And since Macs require so much less support, wouldn’t it be easier if you replaced a third of your buggy Windows boxes with Mac OS X machines? Why doesn’t Himowitz make the logical leap? You can do without Windows, Mike. Do not be afraid.]
Full article here.
The security through obscurity has a small kernal of truth to it. It is just over emphasized and used as an excuse too much by windoze apologists. The Mac is undoubtedly more secure and with recent competitive prices a viable alternative for businesses. Especially when you consider the cost savings you can make up through lower maintenance. It is hard to call this guy dead wrong. He is just skewed a bit and puts too much emphasis on areas where it doesn’t belong.
Windows viruses, worms, exploits = 80,000+.
Mac OS X viruses, worms, exploits = 0.
Security through obscurity is a false premise. Mac OS X is in use by 10,000,000+ installations. There should be SOME virus issues. There are NONE.
The best math I have seen all day.
Know a friend who used to work for a Research facility (one of the largest in the country) and they pretty much ran all 3 platforms in the same LAN and others were isolated for specialty & workload reasons. It has been done…therefore it can be done. I would think with a facility like that you NEED all 3 platforms. There were rocket scientists, scientists of all kinds, biologists of all kinds, chemists of all kinds, the list goes on and on…
Some people just dont want to do it…I think they are just lazy or dont want to admit it can be done. People like that stifle innovation and the progress of mankind.
I agree Fred. OS X is more secure. But Apple only having like 5 percent of the market also makes it a smaller target (just to be fair). That is why I said there was a small kernal (and kernals are tiny to begin with) of accuracy in saying this situation has an effect. You are right tho, there should at least be a few measly viruses for OS X if obscurity was its only protection.
An interesting theory that I have heard though is that to write a virus for an OS you have to know the system. Any virii writer deciding to write a Mac virus would therefore have to use one and get to know it. As we all know, if you use a Mac you fall in love with it. Result – an automatic short circuit of the will to write such a virus. Getting to know a windoze system, however, would just make you want to write that virus more!!!
interesting… he tries to make his point valid yet does he have the right number when it comes to the computer market?
Is 5% still the share given to Apple nowadays? Or is it the pathetic excuse most windows user had in the 90s? Do we have valid numbers to prove otherwise?
His article is interesting, yet he misses the logic to back his ideas. – He is blasting on something that he keeps on using. A bit like a farm chicken who shits where she eats.
Peace.
Jack, being a Mac users, you should know that the 5% thing is FUD. Haven’t you been reading MDN recently? ;o)
If security is obtained through obscurity then way was there a set of viruses for the Classic MAC OS? It was also obscure based on the old shibboleth “market share”. Also, the vast majority of servers run various UNIX versions, yet we hear no daily litany of attacks on them.
There is no getting around the fact: Windows is a piece of Swiss cheese and Mac OS X by comparison is Fort Knox.
Careful, Jack. Your attempting to be reasonable. That doesn’t go over very well, here. These fanatics believe that, since there hasn’t been a virus on OS X, that security through obscurity is a myth. Don’t ask my how the premise leads to that conclusion; I’m not foaming at the mouth.
“… Microsoft’s miserable record of writing insecure software…”
I completely DISAGREE!!! Microsoft has an excellent record of writing insecure software; they are one of the best producers of insecure software anywhere!! If I needed insecure software for my company, Microsoft would be my company of choice. There are no others that even come close! They have my vote!!
I agree with Jack. Security through obscurity, is not a false premise/theory, it just does not apply in this case. The Mac OS is more secure.
However on the other hand it would be very easy to write an applescript or a shell script that can be emailed, and when double clicked would start to delete data in your user folder, (mail itself to others in your address book, etc.)…isn’t that a virus? The only two differences (from Windoze) being: 1) that I could not write such a script that would effect other users folders, or the Mac OS system itself, unless I was lucky enough to hit a user running in root; and 2) the script could not self install/execute like it does in Windows.
This second reason is key to automatic and rapid proliferation of viruses. Windows was designed from the ground up to allow this automation (since it was just to damn complicated for M$ to allow the user to do it themselves!), and thus, Windows in its present form is not fixable. Windows was never built for networks, or at least secure networks.
zac
Kenny, that’s pure BS. Sure, some of the guys here get a bit emotional now. But what I have seen here is people objecting to STO as an excuse for M$’ poor performance, as in “oh, if 90% were macs they’d have just as many problems”.
Of course the smaller user base plays a role. The type of user also plays its part. All the pathetic little script-kiddy sociopaths use windows. They’re the ones who couldn’t cut it as real class A hackers. They’re the wannabe l33ts with nothing better to do between playing quake 3 and l33ching pr0n.
Compromising security used to be a bit of an art form. Hackers sized their egos based on the severity of the task they succeeded in. These guys didn’t just issue slight modifications of known worms that exploit publicly known holes. They often found the holes in the first place. The bunch of losers that are in the trade nowadays aren’t very intelligent and obviously don’t have much pride, and they most certainly aren’t part of the mac user base. They go with the “easy” system that everyone else has. If they had the skills to create an OS X virus they would be at it in a heartbeat. But it’s just too hard. They’d have to find a hole (one enabled by default for any serious effect) and somehow get the user to supply the admin password, and to accomplish any of this they’d have to spend considerable time using the mac. It would be the same if the mac had 50% market share. The script kiddies aren’t interested. They’re not the hackers of old that thrive on the challenge. They’re just pathetic little vandals who are too cowardly to go out at night and vandalise physical property.
If they’d try on the mac they’d end up creating shitty techno in Garageband or they’d just give up after an hour of AppleScript and go back to the system that was built exclusively for them – Windows!
oh, and it’s actually the security experts that always preach that there’s no security through obscurity. It seems the popular press has just chosen to forget that.
I agree with Aryugaetu… when I hear the words “insecure software”, my mind immediately thinks “MICROSOFT”. You don’t get that sort of brand recognition by being miserable at writing insecure software…
…and as it has been pointed out before, OS X does have a virus: Virtual PC!!!
Whlie I think that MDN bangs on a bit too much about market share versus installed base, in this case I think installed base is what they should be talking about. They’re talking about how many computers would be affected, not how many new computers sold in the last quarter are affected.
So for security through obscurity, installed base is important. Add the fact that Mac users are more likely to be hooked up to the internet too. There are a lot of corporate boxes that don’t have any internet connection.
and as it has been pointed out before, OS X does have a virus: Virtual PC!!!
That was me !
Rather than do the mac evangelist bit, I’ve taken to dissing Microsoft whenever anything goes even mildly wrong. “Yeah, well it is running microsoft shit”. I usually get a resigned sighing, “yes”, in return. Grind ’em down. The more people believe it’s Bill’s fault, the better.
Noone in the press seems to realize that virus writers are ego-driven. Why else do they sign their creations (e.g. andy)? Hence, one of the sure ways to gain ‘respect’ of their peers is introducing the first ever OS X worm/virus? The fact that there is none is quite telling. Another way is to write the most devastating virus or worm for that swiss cheese called Windows. The fact that we hear about it all the time is also quite telling.
I truly wonder what the competition is like to write the first OS X virus is like. Can anybody in the cracking community tell?
to settle this stupid argument once and for all, a reward should be offered for someone to write a virus for OSX. When it is never paid just think of the change it will make in peoples thinking.
there used to be a “voluntary” UNIX virus that was emailed around a few years back. It said something along the lines of 1) log in as root, 2) delete a random system file, 3) delete three random documents, then 4) send the email off to 10 friends.
Maybe we could do something like this in a “grass roots” effort to gain some “credibility” for the OS X platform.
Funny thing is another writer from the same newspaper corrected himself so I wrote to the editors of Baltimore Sun to point that out.
An article called: Backlash, By David Zeiler: The Mac Experience
Readers contend Mac’s OS X is much tougher to crack than Windows, Originally published Aug 28, 2003.
http://www.baltimoresun.com/technology/custom/pluggedin/bal-mac082803,0,1353478.column
beryllium, never thought I’d see “shibboleth” used to describe “market share,” much less see them in the same sentence. Ooo, you’re good
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Would I like Apple to have 40 to 50% of market share? Yep! But even if Apple’s current “meager” market share reduces my risk of viruses and worms why should I complain?
As long as Apple produces innovative and useful devices and software they will succeed in making a profit and Apple users will be content, if not ecstatic, with Apple’s products.
Call me elitist, but I’m not sure I’d want Apple to gain too large a market share if it means inheriting too much of the more “aptitude-challenged” Windows user community…
yayaya
i don’t no what os is the most secured
BUT
has any1 thought of Apple being the reason Microsoft
being so dominate?
by not licensing there os to other servers
there is no choice for other computer makers
but to go to windows.
linux is no user friendly
windows is user friendly enough
and Apple os is the most user friendly
so could it be that sometime in the FUture
that Apple could be sued for not licensing there os
and letting Microsoft dominate with there flawed os
or maybe the other computer makers could just come out with there own os
Or Apple could make a new os for other computer makers
or license their older os systems?