Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows?

BBC News “ClickBack” program’s online column answers questions and comments from viewers on technology matters:

Henry Winckelmann from Oxford said:
I’m disappointed, but not particularly surprised, to see you reporting on potential security issues on the yet to be released Windows Vista. Isn’t it true to say that any such piece which does not refer to secure operating systems with a proven track record (such as Mac OS X) is simply encouraging ignorance in the computer-using population? Shouldn’t you at least state the obvious, namely that there are wildly better, well proven alternatives to the feature-poor, insecure code which finds its way out of Microsoft?

BBC’s ClickBack:
Welcome to the age-old argument about which is more secure – Windows, Linux or OSX.

Henry, if you are saying that Mac OSX has had less security attacks than Windows, then you are absolutely right. No-one has ever denied that.

The question has always been: Why? Is it because it is more secure? Or is it because fewer people try to hack Apple?

All the security experts we have spoken to say the same thing – whilst OSX is a beautiful piece of software, it is still a highly sophisticated operating system, and it still receives regular security patches, just like Windows.

Apple only has small percentage of the market, tiny compared to Microsoft, and the logic is that if you are going to write a piece of malware that goes after the most people, do you write it for OSX, which, according to Apple, has around 15 million users, or do you go for Windows, which, depending on whose numbers you use, has anything up to a billion users?

I think it is a fair argument.

Full article here.

[Thanks to MacDailyNews Reader “Mr Skills” for the heads up.]

MacDailyNews Take: Note first that ClickBack did not answer Mr. Winckelmann’s central question, to paraphrase, why did their report on personal computer security fail to mention the most secure PCs, Apple Macs?

Now, in their response, ClickBack asks whether Mac OS X is inherently more secure OR is Mac OS X more secure because fewer people try to hack it. The response is flawed. The real answer is quite simple: Mac OS X is inherently more secure AND Mac OS X is secure because fewer people try to hack it.

There are 19 million Mac OS X users according to Apple (Steve Jobs, WWDC 2006), not 15 million as ClickBack states. Regardless, this is certainly a smaller number than Windows users, but it is not a small number by any stretch of the imagination. The only small number is the number of Mac OS X viruses in the wild that have affected Mac OS X users: zero (0). The absence of a single virus, for over five years of Mac OS X’s existence, proves the platform’s inherent security. It is not without flaws, however: flaws that Apple routinely fixes before they affect users. Since fewer hackers are looking to exploit Mac OS X (and because Mac OS X’s Unix foundation is time-tested by decades of use), Mac OS X users are even safer.

Windows suffers such massive and ongoing security woes for the inverse reasons that Mac OS X avoids such issues: Windows is inherently insecure and Windows is insecure because many people try to hack it.

By design, Mac OS X is simply more secure than Windows. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.

Related articles:
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Ballmer analyzes Microsoft’s One Big Mistake, Vista… er, ‘One Big’ Vista Mistake – August 02, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005

Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

90 Comments

  1. As more Macs get sold, this argument will finally die. Didn’t Apple take 12% of laptop sales? That’s not exactly a small market.

    Give it time. They’ll be swallowing crow.

  2. what i sent to click back :

    In light of the BBC’s recently heralded ‘partnership’ with Microsoft, it is dubious that the Beeb is entirely impartial when it comes to software. Therefore, the response the Henry Winckelman’s question not only does not answer his question, it is also biased and has no facts to back up the assertion that other operating systems are less prone to attack because there are fewer instances of them. Five minutes research will tell you that the way operating systems are put together determines their security reliability, not how many people use them.

    MW : half as in the BBC’s half-arsed non-answer

  3. Think about it for a second. If I were a cracker who wrote viruses to bring down servers and machines I would go after Apple for nothing more for exposure of being the first to do it. Because Mac OS X is secure, its the most difficult chanellge. Its so secure that even the hackers use OS X. Heck have you been to defcon? Half the users are on Mac laptops. Even at linux conferences they are on Mac laptops. The whole article is misleading and confusing and it doesn’t even answer the question.

  4. If OSX had even one virus in the wild then you could begin to make the argument for the security through obscurity theory, it would be incredible flimsy but you could say that where there is one there is obviously potential for more.

    The fact is there have been none, zero, 0. Now of course, this doesn’t then rule out there ever being a virus but statistically there should be some. Apple has a percentage of the market, even if it small, they should account for a small percentage of the viruses. It wouldn’t matter if this percentage was so small that you would round it to zero but you should have to do the rounding.

    Vista has fewer users yet it has viruses, using the logic that the fewer people there are to target a product the less likely it is to have security problems, then it should have zero. Defenders of the SVO myth could argue that those users who targeted XP are more likely to target Vista because of it’s potential to have a bigger user base and after all using their own argument systems get targeted based on how much exposure their exploits will create. If that were to be the case, why would they disclose these threats so early and give Microsoft a chance to fix them before the world at large was likely to find out about it? They wouldn’t.

    The SVO argument has merit only in general terms, not absolute ones. The fact is that OSX has absolutely no viruses. It might in the future but as of now it has none. I switched a few years ago and have had no problems, even if I do in the future, I’m still fine now. Even if the SVO myth were to be true it would take millions more users and massive market share gains before OSX were likely to see problems. Therefore even if we were to concede that OSX isn’t fundamentally more secure, we can still say that if you use OSX now you’re unlikely to have problems for some time.

  5. Are the malware writers really after the maximum number of users possible or are they after notoriety? I think the latter. And, if so, hacking Mac OS would bring you more notoriety than hacking WIndows. Who can’t hack windows?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.