“[Analysts] do agree on one area where Apple has an advantage: Security. Macs are targeted by viruses and hacking attacks far less often than machines running Microsoft’s Windows simply because there are fewer of them around. Computer criminals strive for maximum impact, so they pay less attention to the relatively small number of Mac users,” Arik Hesseldahl writes for BusinessWeek.
“While Microsoft struggles to build firewalls, anti-spyware, and anti-virus technology into Windows, Mac users are for the most part untroubled by these annoyances, and that’s a point it could press, says Richard Forno, a principal consultant with KRVW Associates, a computer-security firm in Alexandria, Va. ‘I’m seeing more and more people in the security business using Macs and saying they trust them and don’t have to cope with viruses and other hassles,’ he says. ‘I just wish Apple would market its security as a key feature to corporate customers.’ Of course, the more popular Apple machines become, the more likely they are to be targeted by hackers and virus writers,” Hesseldahl writes.
Full article here.
MacDailyNews Take: The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because less people use Macs, is simply not true. Mac OS X is not more secure than Windows because less people use OS X, making it less of a target. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.
Hesseldahl is the same writer who wrote for Forbes back in June 2003, “Naysayers have been calling for Apple’s demise for years. But Apple not only has survived but thrived, it seems, at least partially by the sheer force of Jobs’ will and his ability to maintain the ferocious loyalty of Apple’s users, who still account for 10% of the world’s computer users, while its sales usually account for about 3% to 5% of the world global PC market.”
So, if Macs account for 10% or so (some say as much as 16%), then, according to Mr. Hesseldahl himself, Macs aren’t “obscure” at all. Therefore, the Apple Mac platform’s ironclad security simply cannot logically be attributed to obscurity.
There are zero-percent (0%) of viruses for the Mac OS X platform that should, logically, have some 10-16% of the world’s viruses if platforms’ install bases dictated the numbers of viruses. The fact that Mac OS X has zero (0) viruses discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable solely to “obscurity,” it’s attributable to superior security design.
Still not convinced? Try this one on for size: according to Apple, there are “close to 16 million Mac OS X users” in the world and there are still zero (0) viruses. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.
Arik Hesseldahl’s email address is:
Related MacDailyNews articles:
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005
Intel CEO Otellini: If you want security now, buy a Macintosh instead of a Wintel PC – May 25, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
It’s true that if Macs had greater market penetration that more virus writers would target Mac OS X.
It’s true that no OS, including Mac OS X, is theoretically impenetrable.
It’s just sloppy journalism to conclude that therefore, if Macs had greater market penetration, it would be as bug-ridden as Windows.
Two posters on an earlier MDN piece – http://macdailynews.com/index.php/weblog/comments/6781- indicate Apple (and others) may have been intruding into their Macs.
More secure because they don’t have to leave holes in the system for all of the PC variations that constitutes using Windows.
and mac users are forced to spend another millenia defending the truth…
This horse is dead.
Well, now I have no doubts that we’ll become a bigger target… especially as more windows bigots become even more weary of hearing how happy-go-lucky we are on the internet as Mac users. I assure you further that there are already plenty of people out there who would love to take us down a notch.
But that’s part of why we get constant updates and patches to thing we didn’t even know were potentially broken… to keep us protected from that. Sure, Windows is really easy and really visible… but the Mac is a far tastier target. I’m sure whoever does end up writing the first OS X virus will enjoy a lot of attention… and people know that.
So yeah,security via obscurity thing is a crock for sure IMHO.
Hey bugs only get stepped on more than elephants because there’s a lot more of them around. If there were more elephants man… just you wait and see!
david –
The singular form is millennium.
Left rear Tire –
Security problems in Windows have not thus far been related to a broad base of supported hardware. It’s less-than-airtight code which permits overflows and leaves network ports unprotected.
MDN –
While the security-though-obscurity theory has not been proved, neither has it been debunked. It’s not likely to be proved, and until OSX has a healthy piece of the market (say, 30-40%), it won’t even be stridently tested.
Regardless, BW is wrong. Marketing on a “we go under the radar” platform is a bad idea. As is a “bring it on; we’re invulnerable” attitude. They should promote how easy & powerful the OS is, and continue to court developers. Offering incentives to established Windows-only software makers to develop (*not* port!!) for OSX wouldn’t hurt on that front.
Security through obscurity my ass.
MS Vista has already been hacked. What is Vista’s market share?
Went to the Times and read the article.
Funny that he quotes microsoft as saying they would fix the open ports issue in the next version of Windows which is ” a couple of years away”
Since article is 2 years old, and couple means 2, where is this Windows version of which he speaks?
I hate to break it to MDN because they seem so hell bent on insisting that Macs are impenetratable.
BUT.. OSX is code.. Yes, it is better written code than Windows XP, but it is still code. For any code written, a virus can be written to infect that code. I don’t care how many permissions are required by the OS itself, it CAN be done. I do believe that OSX is more secure by design, but that does not mean that it is immune. We’ve been lucky so far, but that’s no reason to gloat. There will come a time and I’m guessing sooner rather than later when OSX comes under attack.
The very reason Apple does not market OSX for it’s security benefits is because they know very well that the OS is not immune.
Security via obscurity is NOT a myth and this article is correct in that virus writers wan’t maximum exposure. Their efforts can potentially bring down huge corporations with an XP virus and that is what they are after.
But let’s not be so arrogant. As Mac marketshare increases especially into the corporate world OSX CAN and most likely WILL become a target for these hacksers.
Virus Intrusion Spyware Trojan Adware’s market share is about 0%
When the first virus for OS X is written and released into the wild, then the Mac platform will have less than .001 percent of the known viruses and Windows will have almost 99.99 percent of the known viruses.
I think I will stay on the Mac side. When our share gets above 1%, please let me know. Thanks.
Nowhere above does MDN say Mac OS X is “impenetratable.” MDN simply states logic: there are zero viruses, but 16 million Mac OS X users. Hesseldahl himself says 10% of the world uses Macs, so Macs are not obscure, by definition. You cannot have “security via obscurity” if obscurity doesn’t exist.
Microsoft apologists want to blame anyone and anything except the actual problem: Microsoft.
Yet another fool has his say.
I would not like to meet up with MDN in a court of law if they were on the other side.
But MDN is not using logic.
Yes there are 16 million OSX users, but of those 16 million, how many are Banks, corporations, government agencies?? These are the types agencies that hackers target, and for the most part Macs ARE obscure in the above mentioned.
Hackers (most, not all) want exposure, they are not interested in bringing down personal users, graphic designers, musicians and grandmas… Until OSX makes it’s way into the corporate world, we are obscure..
Ted,
MDN’s logic is indisputable:
“There should be at least some Mac OS X viruses. There are none.”
Or at least one. But, in five years or so, there are zero viruses. Zero.
Why? Certainly not because of obscurity.
Security via obscurity is skewed. The Mac OS is well known enough — or, hardly obscure.
The math doesn’t work. Windows has what user base and how many viruses? Mac has what user base and how many viruses? 80,000:0 doesn’t add up no matter the difference in user base. The only way to reconcile this would be if the Mac user base was zero.
I’m not claiming that the Mac is inpenetrable. The answer is that A) Windows is easy and B) hackers love to hate Windows.
Look I’m not defending MS or giving excuses for their shoddy OS. XP is in my opinion is a piece of crap just begging to be intruded.
I know that OSX is more secure by design and I know that there have been no viruses to date. We’ve been fortunate. My point is simply that OSX is not immune. Apple knows this, we should too.
16 million users or not, we are obscure when it comes to being a prime target for hackers.
Hey Ted – Most of the haX0rs I know are using macs these days. Maybe that’s why virus writers aren’t writing viruses for the mac platform – they wouldn’t want to infect their own machines.
Security via obscurity has nothing to do with how many machines are connected at a time but how well the API of an OS is known and publicly available. Funny thing is that the only OS enjoying security via obscurity is Windows in that its API is not entirely public.
This said, a virus to be effective has to be 1) able to infect (ie crack exploitable flaws on an OS, 2) reproduce itself, ie, take control of the OS itself, 3) automatically propagate, ie, not require any user intervention to infect other platforms.
The fact that no OS is bullet proof concerning infection covers only 1) . Sure, any OS is just code and no one could conceivable say that it is immune to buffer overflows, to say one. Also OS X has those and are for the most patched with every security update. But 2) and 3) is what is inherently more difficult on Unix like platform than on Windows.
2) concerns reproducibility. It should be well known that any Windows installation is a copy cat of another. This allows the virus to find exactly the same environment to infect on and on and on. Such copy cat configuration is way less probable on Unix platforms where the same services can be provided by different daemons, not active at all, different versions, etc. This accounts for peak infection rate on Windows of 60% or more and about 5% for Unix platform. On Windows the adagio ‘crack one crack them all’ holds. On Unix doesn’t.
3) Automatic spreading. People could ‘not care how many permissions are required by the OS itself‘ as with the above poster but it is exactly this that undermines requisite 3) for a viral infection. A Windows installation does not require any permission. The OS is made so that any *internal* program is authorized to take full control of the machine and its API. On Unix there are many more *gates* – for so to say – before that is done. A virus that needs an operator physically to cooperate in order to be authorized at each step and propagate simply does not work, not even worth writing one.
So yes, every OS can suffer from condition 1), ie have faults to be exploited. 2) and 3) are GRANTED on Windows, much less so on other platforms. BSDUnix is the one features and featured best security-wise rending 2) and 3) extremely difficult to achieve. This translate into being very difficult to write a virus that could spread exponentially as it happens on Windows.
A virus writer could not care less how many machines are out there, but how many can be infected in the shortest period of time. And this has very little to do with market share, practically nothing.
Would you target 500 Millions machines when you know at best you may infect 50000 or 10 Millions machines when you know you will infect for sure 8 Millions?
Hackers crave the ultimate high of cracking OSX, but it’s no good slaving for it when you’re likely to fail, so they satisfy themselves with cheap-and-easy thrills on Windows. It’s not obscurity that keeps Mac safe, it’s difficulty.
Nice work , MDN. You really make the case!
As it has been said on and on and on in these threads, the “larger target best target” for viruses only holds if one believes that every OS is inherently as secure – or insecure – as all others. If that was true, then of course, the largest target is the best.
Too bad this is not true. It is not true that Windows is as secure as others Oses, especially against Unices: it does not get to their ankles. Conversely, it is not true that other OSes are as vulnerable as Windows.
Hence, what we have is that the largest target is at the same time the easiest and more vulnerable of all out there. It would still give greater return, in terms of absolute number of infected machines even if it was the smallest target.
Is that SO DIFFICULT to understand?