“On August 13 at 3:04 AM, a Windows server that I’ve been running for all of two weeks–it just replaced an Xserve G5–was attacked by a new strain of malware,” Tom Yager writes for InfoWorld.
“The attack I encountered occasioned a re-examination of a common question: Is Windows more vulnerable to malware than OS X? I’ve encountered no clearer or more definitive proof point than this attack,” Yager writes.
“I’ve been giving it great deal of thought, and I came up with a reasons pointing to the likelihood that Windows is at greater risk of catastrophic attacks. It’s not easy reading, but it was either this dense packing or a book-length blog post,” Yager writes.
In his full article, Yager gives two extensive bullet point lists that explain why Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X. One example: “Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system.”
After his bullet point lists, Yager asks, “So, after all this, do I have enough to judge Windows inherently more vulnerable to severe malware than OS X? I do.”
Yager reports, “I’ve been writing about these shortcomings for years, and it always traces back to Microsoft’s untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners. Apple’s taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through .Mac, and launchd. Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says ‘launchd,’ and sits back down.”
Full article here.
[Thanks to MacDailyNews Reader “Kevin” for the heads up.]
MacDailyNews Note: The Registry remains in Microsoft’s forever upcoming Windows Vista. Obviously, as we all know, but some still try to propagate, ignorantly or otherwise: “Security via Obscurity” is a myth, as anyone who reads Yager’s article will be able to easily understand. One question stands out: knowing what he knows, why the hell did Yager choose to replace his Apple Xserve G5 with a Windows server? Is he a masochist or was it just a test?
Related MacDailyNews articles:
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
Mossberg: Jump through hoops trying to secure Windows or just get a Mac – July 27, 2006
USA Today writer tries some Mac security FUD on for size – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Network World: Apple’s Mac OS X is significantly more secure than Windows – May 01, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
Security IT Hub: Apple’s Mac OS X ‘has made security a non-issue for users’ – November 21, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
Windows to Mac switchers: recommendations and Total Cost of Ownership analysis – September 29, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005
Intel CEO Otellini: If you want security now, buy a Macintosh instead of a Wintel PC – May 25, 2005
NY Times: Apple’s Mac OS X Tiger is the most secure, stable and satisfying OS on earth – April 28, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
I thought that Mac OS X was so much more secure than Windows only because no one uses it. You know, security through obscurity. Isn’t that right?…
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
IMO there is only one reason why OS X is more secure:
POSIX Permissions
The Windows Registry is a technical disaster. I didn’t like it when Microsoft first tried to ram it down developers throats back with Windows 95 and it’s only grown worse since. Even Microsoft admits its mistake by stating that .Net applications should use INI files over the registry.
Whenever I run into a developer that prefers Windows over the Mac I ask them if they enjoy fighting with MSI Installers and the Registry. Only a masochist could say yes.
Peace,
Kevin
Sometimes the vulnerabilities just sneak up on you.
IE patch carries security bug
There’s more trouble with Microsoft’s latest Internet Explorer patch: It introduces a serious new security flaw on some Windows systems.
The vulnerability could let miscreants hijack a Windows PC running IE 6 with Service Pack 1 and the MS06-042 update installed, Microsoft said in a security advisory published on Tuesday. The flaw lies in the way IE handles long Web addresses and could be exploited by luring users to specially crafted Web sites, according to the advisory.
“An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system,” Microsoft said in its advisory. “We are not aware of attacks that try to use the reported vulnerability.”
so , as apple’s marketshare increases ( and it will )
what will they give as an excuse when we still have no viruses and they’ve got thousands ?
“I’ve been writing about these shortcomings for years, and it always traces back to Microsoft’s untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners.”
If you’ve been saying this for years, then why did you replace your xserve with a Windows server. You got what you deserved.
I’m not sure how security by “obscurity” became OSX and not Windows. When the concept of “security by obscurity” appeared, it meant open source vs. proprietary code. Under their definition, Linux and FreeBSD by opening the source code to public, more programmers can examine and make more secure OS (OSX uses FreeBSD code and also open sourced OSX’s kernel in the past, so by same definition OSX is secure). Windows was “secure by obscurity” because source code for their OS is not available for everyone to examine.
So, “security by obscurity” is not a myth, it is real. However, someone redefined or misinterpret the concept (MS marketing at work?)
MDN Word: Forward
As in replacing an Xserve with a Microsoft Server is going forward??
Funny article…
And odd, because here I sit in Sofia, Bulgaria rather than my usual perch on the Upper West Side of Manhattan, forced to use my in-laws XP box. I won’t even mention the bizarre half-Cyrillic keyboard that likes to switch between English and Bulgarian at it’s whim.
So, I’m stuck using Explorer, because they fear installing anything (using Firefox would be a good start) because something BAD might happen to their machine.
As it is, I’m constantly peppered by evil sounding warnings about possible viruses, prompts to update virus definitions, prompts to install new virus software.
I’m so used to the pleasant ease of using Safari, that it’s plain freaky and unnerving using this Windows thing. I can see why Windows users fear their computers.
Can’t wait to get my PowerBook back and away from this “Wonderland of Windows”… it’s more like Alice’s Wonderland, mad queens, or rather, mad Windows and all…
frlane:
EXCELLENT point!
According to the title……..Don’t we already know this.
I guess some windows folks are starting to get it.
So did he send back the windows server and plug in his old reliable Apple server?
This fact is just unreal. Why do users defend this junk?
“• SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX’s root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore
• The activity of SYSTEM is next to impossible to control or log. “
You want that running on your PC? NOT!
Slow learners. Windows is a pane. Always will be.
Send that article link to every IT bithead and MCSE you know. Then, send it to all of the ones you don’t know. Then, send it to every living, alleged tech writer and editor. Then, send it to sputnik just for a chuckle.
This is GOLD:
“• All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.
• By default, Windows launches all services with SYSTEM-level privileges.
• SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX’s root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore
• The activity of SYSTEM is next to impossible to control or log.
• Most of the code running on any Windows system at a given time is related to services, most or all of which run with SYSTEM privileges, therefore
• Successful infection of running Windows software carries a good chance of access to SYSTEM privileges. . .”
Spread the word. Better yet, send the message in an e-mail worm. (j/k)
Sure is a very very bad day for anyone defending Windows.
MDN, got that shortlist of ‘definitive’ articles for us to start promulgating to all and sundry???
A point I like to bring up but never seems to make it to these Windows vs. Mac security showdowns is the resource fork. Get a Windows executable file downloaded straight to your computer and it will happily run. Download a Mac application straight to your computer and you have a heaping pile of worthless junk because the resource fork won’t make the trip with out getting damaged. So ok, I’m a malware author and I’ve discovered a way to get my application on your computer. Getting you to unzip it for me and launch the program while remaining oblivious to what is going on is a bit of a hurdle. Internet worms or visiting web sites is all it takes to get Windows executables downloaded, installed, and running. Childs play anymore.
Off topic…
I just LOVE Tigers ability to give you a dictionary definition of any word on your screen by holding Ctrl+Option+D and leaving your mouse over the word. Sometimes on this site people who post use words I don’t know the meaning of (like Macaday’s use of the word ‘promulgating’), and thanks to this indispensible tool I learn new words every single day.
I thunk my spalling haz emproved enourmoosely
MW: aid – an invaluable aid!
“So ok, I’m a malware author . . .”
Is that a confession, Chris?
Well I did my job for Apple today and posted this article on Fark. Lots of Windows users over there that I wanted to see this. Do I get an atta boy?
http://www.fark.com/tech/
“Windows is a pane.” – Ampar
NIce play on words.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
WAY TO GO, G-SPANK ! ! !
<cue confetti cannons>
<cue dancing girls>
<cue red phone call from Cupertino>
Good on ya g-spank…but I have to say after reading the comments there, that:
Fark looks like it’s for fags! And as for the ‘Apple a day’ comment… check out how long the Mac-a-day pun has been running!
The threads on Fark are mild compared to most. If that article posts on Slashdot, set the thread to -1. If you can stomach it. And it will always be NSFW. You’ve been warned.
why the hell did Yager choose to replace his Apple Xserve G5 with a Windows server?
Because we give people job security and Apple takes it away.
When your as big as we at Microsoft, and so much a part of the world economy, you have to start thinking no so much about making money, but controlling people through WORK, PAIN AND SUFFERING!!!
People who use Microsoft products LIKE TO SUFFER!!!
Suffering makes the world go around! Keeps the money flowing!!!
Our next endeavor at Microsoft is get into the arms manufacturing business!
hehehehe!
“Our next endeavor at Microsoft is get into the arms manufacturing business!”
Excellent plan. But MS should sell them exclusively to terrorists.
We want the enemy to have buggy, shoddy, malfunctioning weapons:
Light your shoe? Just takes off your foot. You’ll have to reboot.
IED? It just sends out an annoying blue fog.
Rocket propelled grenade? You have to hit the Launch button to shut it off. Confusion and fatal hilarity ensues.
Satellite radios? Sure, but at random intervals painfully loud, uninteruptible commercials for cheap Viagra, Nigerian pleas for help, and fail proof business opportunities will screech into the headsets.