Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure

“Surfing the Web has never been more risky. Simply connecting to the Internet – and doing nothing else – exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams,” Byron Acohido and Jon Swartz report for USA Today.

“Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm. The experiment involved monitoring six “honeypot” computers for two weeks – set up to see what kind of malicious traffic they would attract. Once breached, the test computers were shut down before they could be used to attack other PCs,” Acohido and Jon Swartz report.

“The machines tested were types popular with home users and small businesses. They included: four Dell desktop PCs running different configurations of the Window XP operating system, an Apple Macintosh and a Microtel Linspire, which uses the Linux operating system,” Acohido and Jon Swartz report. “Each PC was connected to the Internet via a broadband DSL connection and monitored for two weeks in September. Break-in attempts began immediately and continued at a constant and high level: an average of 341 per hour against the Windows XP machine with no firewall or recent security patches, 339 per hour against the Apple Macintosh and 61 per hour against the Windows Small Business Server… While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server. There were no successful compromises of the Macintosh…”

Full article here.

MacDailyNews Take: Once again, we see the “security via obscurity” myth exposed for the lie that it is, this time smack dab in the middle of McPaper. 341 attacks per hour against the Windows XP machine resulting in 9 successful compromises versus 339 attacks per hour against the Mac OS X computer resulting in 0 successful compromises.

Related MacDailyNews articles:
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Wall Street Journal’s Mossberg on making the switch from Windows to Mac – September 18, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
SmartMoney: Long-suffering Windows users can only dare to dream of Mac’s ease-of-use – February 12, 2004
Spyware, adware plague Windows users online; Mac OS X users surf freely – April 19, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Tired of patching patches to patch Windows patches? Writer suggests getting a Mac – August 03, 2004
Mossberg: Dump your Windows machine and get an Apple Macintosh to free yourself of spyware – August 25, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Security is top priority in Apple’s Mac OS X – September 12, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
University of Chicago recommends all students patch Windows at least once a day – September 14, 2004
USA Today columinst angry about Windows viruses, adware, spyware – September 15, 2004
Windows besieged by hackers; number of Windows viruses soars by more than 400% – September 20, 2004
USA Today: people are switching from Windows to Mac because of security issues – September 21, 2004
Mossberg: Apple iMac G5 ‘powerful, affordable, virus-free with better, more modern OS than Windows XP’ – September 23, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Cyber-security adviser uses Apple Macintosh to avoid Windows’ security woes – September 27, 2004
Even Bill Gates can’t avoid Windows malware; Mac users surf the Web freely – October 03, 2004
Windows desktop monopoly threatened by secure, safe Apple Mac OS X – October 04, 2004
Windows users’ security woes spark interest in Apple’s secure Mac OS X – October 06, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Windows users line up to pay for spyware removal; Mac users surf Web with impunity – October 18, 2004
Ballmer blames Windows users for not upgrading systems as Microsoft’s biggest security problem – October 22, 2004
Spyware plagues Windows users while Mac users surf Net with impunity – November 01, 2004
Sick of spyware, adware infecting your PC? Don’t fret, just get a Mac – November 01, 2004

37 Comments

  1. Believe it or not Wintel users believe that viruses do not even *try* attacking a Mac platform explaining that – or via misunderstanding – with security via obscurity.

    Macs receive as many attacks per hour while connected as Windows platforms. If there were a security weakness remotely exploitable a Mac would be infected in minutes as a Windows platform. It does not happen not because Macs are so few HENCE not easily found (what the average Wintel user understands with *security by obscurity*) but because there are NO SECURITY flaws that are remotely exploitable.

    A simpleton Wintel user once run this mental picture he had to explain the *obscurity*: “it is like getting the flu. If you are in a crowded room and one sneezes of course you get the flu. If you are alone in a stadium and one sneezes on the other end of it you will never get the flu”

    I know, it really is an idiotic vision and shows the lack of understanding of how viruses propagates, how network works and – frankly – it is typical of the average Windows user level of understanding these things. At least the ones I happen to open their eyes from time to time.

    If you are connected online, no matter what OS you use, you receive breaching attempts. If you are on Windows start praying, on Linux configure yourself so to be safe, on OS X just do nothing – for the time being – you are safe already.

  2. But the article goes on to say:

    “There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls. That pattern was not surprising, as Windows PCs make up 90% of the computers connected to the Internet, and the vast majority of automated attacks are designed to locate and exploit widely known Windows security weaknesses.”

    This is kind of a pissy thing to say in the face of cold hard data.

  3. I guess the real question to ask is how many of those exploit attempts were written to exploit the Mac OS? MDN’s take sounds good and I believe the Mac IS more secure, but just to say there were 339 attacks with no break ins isn’t telling the whole story.

  4. The actual issue, a message that slowly is making its way through sleeping minds, is that the vast majority of automated attacks are design to exploit security weaknesses which – as a matter of fact – are present by the truckloads on Windows OSes and not on others.

    If you were a petty thief, who would you attack? The idiot drunk with all its money visible in his pockets wandering hopelessly in the street or the gym fit athlete marching along with a secure step and a sharp alert eye on the other side of the street?

    Even more if the drunk abounds. Is no excuse for drunken idiots that they are in the majority. It actually is a double offense.

  5. Jump, what the test shows is that if there is a remotely exploit on any OS you have – today – all the reason to release a virus. There are MILLIONS of machines for any OS around. And those machines are used to connect to banks, behind there are people with money, for a cracker there are no less reasons to hack a Mac than a Windows machine.

    The difference is that s/he can easily do that on a Windows machine. You would be able to infect a Mac in minutes if it was possible. The security via obscurity has always been a risible thing for people lacking technical background.

    Actually, since there is also this other myth that Macs are expensive and only the rich snobs can treat themselves with, there would be a higher incentive to break a Mac than the average PC at $399 with Joe Sixpack behind the screen.

  6. “You would be able to infect a Mac in minutes if it was possible.” — Seahawk

    Indeed, I will be able to show this article to Windows apologists. Their take is that a virus would take forever to even find a Mac on the net, hence it is crazy to waste time writing a virus for the platform. If there were enough Macs on the net THEN there would be viruses for it as well.

    I lost my voice trying explaining them that a Mac is as visible as a Windows machine to a virus but they call me Mac zealot and cultist. They simply do not get how network and computers connect. Idiots.

  7. How do you see if your machine is being atacked? Is there some Terminal comand I can use to montor attacks, etc …? Would be interesting to see. I guess they slow down your internet experience regardless of whether you are on a Mac or PC, no?

  8. Seahawk, I fully believe that the Mac OS is far more secure than Windows and I’m glad to see this article. But, unless they can show that some of those exploits were written for a Mac, the article doesn’t really do anything to prove the security of OS X.

  9. hackers love to get big news and make a big splash, but you see so many Winblows virii out there they are lost in the shuffle. If a REAL virus were to successfully attack the Mac community, it would be a huge story. Obscurity my ***

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.