Apple’s Mac OS X is more secure than Microsoft’s Windows Vista

Apple Store“While an increasing number of bugs have been found in Apple’s Mac OS X operating system, security researchers say it isn’t a high security risk and it’s still more secure than Windows XP,” Sharon Gaudin reports for InformationWeek. “Is it more secure than Windows Vista? The jury is still out on that one.”

MacDailyNews Take: How long is this jury going to take, exactly? Mac OS X is over 6-years-old, with 22 million users. No Mac OS X user in the wild has been affected by malware. Related article from just yesterday: Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild – March 30, 2007. Some people can ignore the obvious forever, it seems.

Gaudin continues, “‘Vulnerabilities just don’t equal attacks,’ said Craig Schmugar, a threat researcher at McAfee, in an interview. ‘Some people are saying the Mac is less secure than Windows because there have been more vulnerabilities in it than in Windows, but there are far fewer attacks reported on Mac OS X than Windows.'”

MacDailyNews Take: For one thing, there have not been “more vulnerabilities” for Mac OS X vs. Windows pre-Vista. For Vista, maybe so far, but it’s only been out for a few months vs. over six years! Give it a few more weeks. Also, does the severity of vulnerabilities count for anything? It should. Fact: Vista already has at least one vulnerability being exploited against actual users in the wild. Mac OS X has none. And, don’t try “Security via Obscurity,” as Mac OS X has 22 million users vs. Windows Vista’s “20 million” claimed by Microsoft. Vista is more “obscure” than Mac OS X, but it’s already been compromised, affecting actual sufferers in the wild. Mac OS X users continue to be unaffected. To say “there are far fewer attacks reported on Mac OS X than Windows” is the height of understatement.

Gaudin continues, “Last year, McAfee reported that the discovery of vulnerabilities in the Macintosh platform increased by 228% in the past three years, from 45 found in 2003 to 143 in 2005. In the same period, Windows had a 73% increase.”

MacDailyNews Take: Lies. Damn lies. And statistics. 73% of what? McAfee never said, but it’s a helluva lot more than increasing from 45 to 143 vulnerbilities and, again, a number the WIndows vulnerabilites actually affected Windows sufferers in the wild. Related article: Analyst: McAfee’s recent Apple Mac security report is ‘sloppy scaremongering’ – May 08, 2006. A vulnerability does not equal an attack.

Gaudin continues, “While Apple’s numbers may not be what they were, it doesn’t mean the Mac suddenly has become a risky operating system, according to Johannes Ullrich, chief research officer at the SANS Institute and CTO for the Internet Storm Center. ‘It’s still safer, but not as safe as Apple pretends it is,’ Ullrich said in an interview. ‘Some features, like the firewall, aren’t all that great. But, yes, it’s still pretty safe.'”

MacDailyNews Take: Mac OS X is “still pretty safe?” Yeah, you could say that. What is this, a “Who Can Make the Biggest Understatement” contest?

Gaudin continues, “Paul Henry, VP of Secure Computing and a recent Mac convert, said it’s all a matter of scale. The cyber bad guys target the richest market, and that’s not the Mac platform.”

MacDailyNews Take: Once again, 22 million Mac OS X users unaffected vs. “20 million” Vista users, some of whom are already affected by malware. Richest market? Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts, according to a 2002 report from Nielsen/NetRatings: http://news.com.com/2100-1040-943519.html

Gaudin continues, “Marius van Oers, a virus research engineer at McAfee, posted a blog last week that showed there are more than 236,000 pieces of malware ‘in the wild.’ The vast majority are aimed at the Windows environment. Only about 700 are meant for the various Unix/Linux distributions, van Oers wrote. How many are for the Mac OS X platform? Seven or less, he said, calling the threat ‘pretty much non-existent at the moment.’ For older builds of the Mac OS, there are 69 known malicious items…”

MacDailyNews Take: Mac OS is dead. Has been for many years. Do they go back to Windows 3.1 to include “malicious items,” too? Of the “seven or less” Mac OS X malware instances, how many affected users in the wild? That we know of, none. Zero.

Gaudin continues, “‘It is clear that OS X malware is not taking off yet. With an estimated OS X market share of about 5% on the desktop systems, one would expect to see more malware for OS X,'” [van Oers wrote].”

MacDailyNews Take: Finally, someone’s making sense.

Full article here.

MacDailyNews Take: Our headline is fact, whether some people like that fact or not.

Related articles:
Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild – March 30, 2007
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

96 Comments

  1. I’d like to take issue with the claim, “No Mac OS X user in the wild has been affected by malware.”

    Many Mac OS X users also have to run Windows. Most of those Mac OS X users have in fact been affected by malware. Okay, sure, I’m being pedantic and pissy. But as Dan Quayle famously said (and GWBush Inc. should say), “I stand behind my misstatements.”

  2. What’s worse, a boat with a bowling ball sized hole in the bottom, or one with a number of pin-pricks? Vulnerabilities ≠ exploits. Windows has severe issue after severe issue. One bowling ball-sized hole is enough, don’t ya’ think?

    MDN “thinking,” so you don’t have to.

  3. Running Mac OS since 1992, Mac OS X since day 1.

    I am a CFO for a small manufacturing company in So. California.

    NO PROBLEMS WITH SECURITY OR MALWARE. Mac OS X has been “stellar” as an low maintenance cost software operating system.

    These articles about Mac OS X lack of security in any sense are bullsh_t. McAfee really has nothing to sell for Macs in security products. Nor does any other company.

    All the Windows malware problems at the company I am employed by have been brutal. Software and Router upgrades, IT “troubleshooting” consultants, down time, and lost productivity have cost this small company over $10,000 in the past year alone on it’s Windblows “security” issues. This does not include other Winblow issues.

    Frankly, I am sick of writing the checks.

    On the Mac side, downtime operating costs have been less than $500. No malware. No viruses. No other unplanned operating costs. Period.

    Ratio of Windows PC’s to Macs in my company: 4 to 1.

    My take: buy a Mac and operate much less expensively than Winblows.

  4. ‘It’s still safer, but not as safe as Apple pretends it is,’ Ullrich said in an interview. ‘Some features, like the firewall, aren’t all that great. But, yes, it’s still pretty safe.'”

    I tend to agree with this statement and unfortunatly disagree with MDN’s stand on Mac OS X’s security.

    Mac OS X needs some improvement in the security area.

    1: Out of the box Mac OS X is insecure because as soon as it’s hooked up to the internet and before Software Update can be used, the Mac can be compromised. Home users tend to go months, even years before doing a SU!

    Apple needs to provide Software update disks with each new machine and disable internet access until the SU disks are run.

    Alsothe firewall is not enabled by default. There is no outgoing firewall whatsoever.

    2: Apple doesn’t practice enough compartmentalized security with Mac OS X.

    Applications shouldn’t demand a admin password to install and leave hooks into Mac OS X that can be exploited via application exploits. Apple should take over the installation process to insure security and police developement. Sandbox the OS better.

    3: Apple tends to include a users real name and details in places it shouldn’t be. Like the name of the computer, emails and Apple website loging cookies for instance. People should have the option to have a privacy install option.

    4: Apple still hasn’t fixed a severely critcal Metadata file exploit from a few years ago. Any file has the potential to run code on Mac OS X.

    5: There has been over 100 exploits of Mac OS X since it’s arrival. Some very severe, like the URL handler exploits.

    6: Buisnesses have the money for IT staff to keep Windows secure. Windows services are open “out of the box” which is bad for the home user

    Mac OS X services are closed “out of the box” which is good, until the novice home user enables the services, then it’s bad.

    There is more, but I said enough.

    I sincerly beleive the reason Mac OS X is mostly ignored is because Windows is easier and more common to exploit. The reason Windows is less secure is because out of the box it takes more for it to be secure.

    I sincerly beleive if Windows and Mac OS X market share were reversed that Mac OS X would be the most exploited OS and Windows would have some malware floating around anyway.

  5. “…Richest market? Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts…”

    rich |ri ch |

    2 plentiful; abundant : China’s rich and diverse mammalian fauna. • having (a particular thing) in large amounts : many vegetables and fruits are rich in antioxidant vitamins | [in combination ] a protein-rich diet. • (of food) containing a large amount of fat, spices, sugar, etc. : dishes with wonderfully rich sauces.

  6. @ Sum Jung Gai. Pedantic? Shifting the “affected by malware” from the OS to the user is beyond pedantic. The PCs I manage at work are affected by malware, my Mac at home is not. If I run Windows via Boot Camp, and it gets whacked by a virus, it’s not Mac OS X’s fault. It’s Window’s.

    So maybe you could say I’m affected by malware, but you can’t, because of broader scope, say that it has anything to do with OS X.

  7. Actually us Mac users are under attack all the time. From Windows users who’s computers get taken over by “malicious code” and are used without the owners knowledge to send us truck load after truck load of spam email!

    Thanks Windows user.

  8. Has anyone done a comparison between the amount of exploits and relative market share of the two OS’s?

    If Mac OS X had 100 exploits over 5 years with 5% market share.

    and

    (example) If Windows had 100 exploits over 5 years with 95% market share….

    See where I’m getting at?

    All things being equal, Windows should have 9500 exploits over the last 5 years in order for it to be equal to Mac OS X in market share.

    (not versions of malware mind you)

    I seriously beleive the larger the market share, the more exploits. Because more eyeballs are messing with the code.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.