“Mac OS X is, out of the box, a very secure OS. It is, however, not magically secure. While some Mac users like to propagate the myth of ‘Mac OS X’s perfect security,’ the fact is that like any other well-designed OS, Mac OS X is highly resistant, but not invulnerable, to attack,” John C. Welch reports for TechWeb.
“This is not to say that it’s as bad as Windows at its worst. Early on in the history of Windows NT 4, Microsoft Office, and Internet Explorer, Microsoft made some decisions that, while not terrible from a user’s point of view, created the nigh-crippling problems you see with Windows today. The worst of these is the administrator account in Windows, and the reliance of too many software packages on that account. The Windows administrator account is essentially the same as the all-powerful root account on Unix — there are no files the administrator can’t access and no actions the administrator can’t perform — and it’s the default account on every version of NT through XP. So once you’re running as root, then you’re…well…root. There’s nothing you can’t do, and you aren’t going to even get a warning about it,” Welch reports.
Welch reports, “The insecurity of this is exacerbated by Windows’ very bad habit of, until fairly recently, not even asking for a password on the Administrator account. Auto-logon as root, no password needed. There aren’t enough letters in the phrase “That’s a Very Bad Idea” to adequately communicate the ‘bad idea-ness’ of this bad idea. So if malware gets into your system, then it is running as root. There’s very little any OS can do to stop a software process running with that kind of authority.”
“Apple has never done this. A user who is an ‘administrator’ is not even close to root, but rather is a part of the OS “admin” group. That means that, if needed, the user can authenticate and run processes as root, but is not root on an ongoing basis. In fact, on Mac OS X, the ability to log on as root is disabled, and positive steps must be taken to enable this feature,” Welch reports. “It’s worth noting that Microsoft has taken a page from Apple in its upcoming Windows Vista operating system: When that OS is released next year, users will not be logged in as administrator/root by default.”
Welch reports, “So no, there’s no looming security nightmare for Mac OS X. All the headlines mean is that more people are taking Mac OS X and Apple more seriously from a security point of view — and that is, in the end, a good thing.”
Full article with some good advice for keeping Mac OS X secure here.
[Thanks to MacDailyNews Reader “Rainy Day” for the heads up.]
Related MacDailyNews articles:
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
Want Microsoft’s promised Windows Vista security now? Get a Mac – July 31, 2006
Mossberg: Jump through hoops trying to secure Windows or just get a Mac – July 27, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Network World: Apple’s Mac OS X is significantly more secure than Windows – May 01, 2006