Apple touts Mac OS X security advantages over Windows

Apple has squarely addressed the Mac OS X security advantages over Windows on their website:

Freedom’s not just another word for nothing left to lose. Strong security ensures your ability to conduct your business unhampered. Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions. Combined, this intelligent design prevents the swarms of viruses and spyware that plague PCs these days.

Apple’s conservative approach to security protects your Mac from attacks over private or public networks, such as the Internet, right out of the box. All the communication ports are closed and all native services — personal file sharing, Windows file sharing, personal web sharing, remote login, FTP access, remote Apple events and printer sharing — are turned off by default. The Mac OS X administrator account, unlike the Windows admin account, disables access to the core funtions of the operating system. Many people find that Windows-based PCs are unusable unless they use the admin account, which exposes their PCs to attack. The Mac OS X default configuration, in contrast, guards against shady characters who can so easily taking control of your system.

All that spam on the Internet these days gets sent by “owned” boxes, usually Windows-based home computers. Cyber pirates scan for easy-to-compromise machines. Tiger’s built-in personal firewall protects your computer from unauthorized access by monitoring all incoming network traffic. When you enable the personal firewall in Mac OS X, all inbound connections are denied except for those that you explicitly permit. And now with stealth mode, your Mac won’t even acknowledge its existence to people scanning for machines to attack.

Mac OS X keeps your data safe and your Mac secure.

More info about Mac OS X security here.

Related MacDailyNews articles:
New ‘highly critical’ Office flaw embarrasses Microsoft – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
68,736 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – March 12, 2005
Microsoft tries to turn its own security flaw into commercial gain – February 25, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Microsoft’s Gates espouses homogenous operating system environments for better security – February 07, 2005
Windows’ mounting security problems make some consumers eager to purchase Macs – January 03, 2005
Windows Media songs and videos found to carry Windows malware payloads – December 30, 2004
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected – December 28, 2004
Unlike Windows users, Mac OS X users surf the Internet without a care in the world – December 28, 2004
Multiple unpatched Windows holes crop up; Windows systems compromised within minutes in experiment – December 24, 2004
Windows spyware mess is out of control, get a Mac and surf with impunity – December 21, 2004
New Microsoft Internet Explorer exploit spoofs Web sites on fully patched Windows XP systems – December 17, 2004
Microsoft may charge extra for Windows spyware protection software – December 16, 2004
Detroit Free Press: Windows malware problem getting worse, it’s time to get a Mac instead – December 16, 2004
Sick of spyware, adware headaches? Get a Mac and surf the Internet freely – December 13, 2004
Mossberg: Windows PCs plagued with problems, Apple’s Mac is ‘rock solid, elegant and affordable’ – December 09, 2004
Security expert: Don’t use Microsoft Windows, Office, Outlook, Internet Explorer – December 09, 2004
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Sick of spyware, adware infecting your PC? Don’t fret, just get a Mac – November 01, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Spyware plagues Windows users while Mac users surf Net with impunity – November 01, 2004
Ballmer blames Windows users for not upgrading systems as Microsoft’s biggest security problem – October 22, 2004
Windows users line up to pay for spyware removal; Mac users surf Web with impunity – October 18, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Windows users’ security woes spark interest in Apple’s secure Mac OS X – October 06, 2004
Windows desktop monopoly threatened by secure, safe Apple Mac OS X – October 04, 2004
Even Bill Gates can’t avoid Windows malware; Mac users surf the Web freely – October 03, 2004
Cyber-security adviser uses Apple Macintosh to avoid Windows’ security woes – September 27, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Mossberg: Apple iMac G5 ‘powerful, affordable, virus-free with better, more modern OS than Windows XP’ – September 23, 2004
USA Today: people are switching from Windows to Mac because of security issues – September 21, 2004
Windows besieged by hackers; number of Windows viruses soars by more than 400% – September 20, 2004
USA Today columinst angry about Windows viruses, adware, spyware – September 15, 2004
University of Chicago recommends all students patch Windows at least once a day – September 14, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
Security is top priority in Apple’s Mac OS X – September 12, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Mossberg: Dump your Windows machine and get an Apple Macintosh to free yourself of spyware – August 25, 2004
Tired of patching patches to patch Windows patches? Writer suggests getting a Mac – August 03, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Spyware, adware plague Windows users online; Mac OS X users surf freely – April 19, 2004
SmartMoney: Long-suffering Windows users can only dare to dream of Mac’s ease-of-use – February 12, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Wall Street Journal’s Mossberg on making the switch from Windows to Mac – September 18, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
Chicago Sun-Times columnist: Windows ‘many holes in its security’ but ‘none of my Macs have ever been affected – August 26, 2003
Sick of worms and viruses? ‘Move to Mac OS X’ suggests Chicago Tribune columnist – August 25, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

28 Comments

  1. They are finally talking but is anyone listening?

    Wintel sheep are Wintel sheep. You have to hit them between the eyes with an iPod before they begin to see the light.

    Excuse me, I have to go download 5 fixes from Microsoft for major vulnerabilities in XP now. Who knows, in 3 or 4 years XP could be fairly safe.

  2. These arn’t “major security vulnerabilities”?

    Security Update 2005-003

    * AFP Server
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0340
    Impact: A specially crafted packet can cause a Denial of Service against the AFP Server.
    Description: A specially crafted packet will terminate the operation of the AFP Server due to an incorrect memory reference. Credit to Braden Thomas for reporting this issue.

    * AFP Server
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0715
    Impact: The contents of a Drop Box can be discovered.
    Description: Fixes the checking of file permissions for access to Drop Boxes. Credit to John M. Glenn of San Francisco for reporting this issue.

    * Bluetooth Setup Assistant
    Available for: Mac OS X 10.3.8, Mac OS X Server 10.3.8
    CVE-ID: CAN-2005-0713
    Impact: Local security bypass when using a Bluetooth input device.
    Description: The Bluetooth Setup Assistant may be launched on systems without a keyboard or a preconfigured Bluetooth input device. In these cases, access to certain privileged functions has been disabled within the Bluetooth Setup Assistant.

    * Core Foundation
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0716
    Impact: Buffer overflow via an environment variable.
    Description: The incorrect handling of an environment variable within Core Foundation can result in a buffer overflow that may be used to execute arbitrary code. This issue has been addressed by correctly handling the environment variable. Credit to iDEFENSE and Adriano Lima of SeedSecurity.com for reporting this issue.

    * Cyrus IMAP
    Available for: Mac OS X Server v10.3.8
    CVE-ID: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, CAN-2004-1015, CAN-2004-1067
    Impact: Multiple vulnerabilities in Cyrus IMAP, including remotely exploitable denial of service and buffer overflows.
    Description: Cyrus IMAP is updated to version 2.2.12, which includes fixes for buffer overflows in fetchnews, backend, proxyd, and imapd. Further information is available from http://asg.web.cmu.edu/cyrus/download/imapd/changes.html.

    * Cyrus SASL
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2002-1347, CAN-2004-0884
    Impact: Multiple vulnerabilities in Cyrus SASL, including remote denial of service and possible remote code execution in applications that use this library.
    Description: Cyrus SASL is updated to address several security holes caused by improper data validation, memory allocation, and data handling.

    * Folder permissions
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0712
    Impact: World-writable permissions on several directories, allowing potential file race conditions or local privilege escalation.
    Description: Secure folder permissions are applied to protect the installer’s receipt cache and system-level ColorSync profiles. Credit to Eric Hall of DarkArt Consulting Services, Michael Haller (info@cilly.com), and (root at addcom.de) for reporting this issue.

    * Mailman
    Available for: Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0202
    Impact: Directory traversal issue in Mailman that could allow access to arbitrary files.
    Description: Mailman is a software package that provides mailing list management. This update addresses an exposure in Mailman’s private archive handling that allowed remote access to arbitrary files on the system. Further information is available from http://www.gnu.org/software/mailman/security.html.

    * Safari
    Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
    CVE-ID: CAN-2005-0234
    Impact: Maliciously registered International Domain Names (IDN) can make URLs visually appear as legitimate sites.
    Description: Support for Unicode characters within domain names (International Domain Name support) can allow maliciously registered domain names to visually appear as legitimate sites. Safari has been modified so that it consults a user-customizable list of scripts that are allowed to be displayed natively. Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent. The default list of allowed scripts does not include Roman look-alike scripts. Credit to Eric Johanson (ericj@shmoo.com) for reporting this issue to us. More information is available here.

  3. MIcrosoft’s home page, microsoft.com, is MISSING!!

    All I get is “We’re sorry, but we were unable to service your request. You may wish to choose from the links below for information about Microsoft products and services.” and a list of other pages.

    Someone at Microsoft’s server center must have seen the Tiger web pages and is crying into their keyboard, shorting out their web site.

  4. Re: Stealth Mode

    At http://www.apple.com/macosx/features/security/

    ——————
    Personal Firewall
    All that spam on the Internet these days gets sent by “owned” boxes, usually Windows-based home computers. Cyber pirates scan for easy-to-compromise machines. Tiger’s built-in personal firewall protects your computer from unauthorized access by monitoring all incoming network traffic. When you enable the personal firewall in Mac OS X, all inbound connections are denied except for those that you explicitly permit. And now with stealth mode, your Mac won’t even acknowledge its existence to people scanning for machines to attack.
    ——————

    I have tested my (Panther) firewall on various on-line services and none acknowledge that I exist. Perhaps they made it even better by hiding any open ports, too.

  5. Stantheman,

    To add to JadisOne’s comment above, I noticed that all the vulnerabilities you selected are for Mac OS X Server. Your odds of getting shot are a lot greater along the front lines of the battlefield. There are thousands of viruses and other malware that attack non-server Windows boxes.

  6. stantheman, of course there are security updates for OS X; I would hope so. No one is so omniscient that they can produce a product that forever withstands all assault. But, stantheman, perhaps you can identify some OS X machines whose security vulnerabilities have been exploited to the detriment of the machine’s user and/or other machines? Perhaps you could respond to the focus of the article, that OS X by default is more secure, that those patches that Al mentions are just to keep XP minimally fucntional in a hostile world, and tomorrow they won’t be good enough. Stantheman, perhaps you could compare the number of Windows patches per month with the number of OS X updates per year?

  7. stantheman, please note which of those updates require pre-existing admin access to the machine, AND which of those are actual Apple software products OR which of those run on a standard personal Mac client, as opposed to server. You’re reaching; why not just admit the superiority of OS X over Windows? Your own examples prove it.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.