Apple’s Mac OS X is more secure than Microsoft’s Windows Vista

Apple Store“While an increasing number of bugs have been found in Apple’s Mac OS X operating system, security researchers say it isn’t a high security risk and it’s still more secure than Windows XP,” Sharon Gaudin reports for InformationWeek. “Is it more secure than Windows Vista? The jury is still out on that one.”

MacDailyNews Take: How long is this jury going to take, exactly? Mac OS X is over 6-years-old, with 22 million users. No Mac OS X user in the wild has been affected by malware. Related article from just yesterday: Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild – March 30, 2007. Some people can ignore the obvious forever, it seems.

Gaudin continues, “‘Vulnerabilities just don’t equal attacks,’ said Craig Schmugar, a threat researcher at McAfee, in an interview. ‘Some people are saying the Mac is less secure than Windows because there have been more vulnerabilities in it than in Windows, but there are far fewer attacks reported on Mac OS X than Windows.'”

MacDailyNews Take: For one thing, there have not been “more vulnerabilities” for Mac OS X vs. Windows pre-Vista. For Vista, maybe so far, but it’s only been out for a few months vs. over six years! Give it a few more weeks. Also, does the severity of vulnerabilities count for anything? It should. Fact: Vista already has at least one vulnerability being exploited against actual users in the wild. Mac OS X has none. And, don’t try “Security via Obscurity,” as Mac OS X has 22 million users vs. Windows Vista’s “20 million” claimed by Microsoft. Vista is more “obscure” than Mac OS X, but it’s already been compromised, affecting actual sufferers in the wild. Mac OS X users continue to be unaffected. To say “there are far fewer attacks reported on Mac OS X than Windows” is the height of understatement.

Gaudin continues, “Last year, McAfee reported that the discovery of vulnerabilities in the Macintosh platform increased by 228% in the past three years, from 45 found in 2003 to 143 in 2005. In the same period, Windows had a 73% increase.”

MacDailyNews Take: Lies. Damn lies. And statistics. 73% of what? McAfee never said, but it’s a helluva lot more than increasing from 45 to 143 vulnerbilities and, again, a number the WIndows vulnerabilites actually affected Windows sufferers in the wild. Related article: Analyst: McAfee’s recent Apple Mac security report is ‘sloppy scaremongering’ – May 08, 2006. A vulnerability does not equal an attack.

Gaudin continues, “While Apple’s numbers may not be what they were, it doesn’t mean the Mac suddenly has become a risky operating system, according to Johannes Ullrich, chief research officer at the SANS Institute and CTO for the Internet Storm Center. ‘It’s still safer, but not as safe as Apple pretends it is,’ Ullrich said in an interview. ‘Some features, like the firewall, aren’t all that great. But, yes, it’s still pretty safe.'”

MacDailyNews Take: Mac OS X is “still pretty safe?” Yeah, you could say that. What is this, a “Who Can Make the Biggest Understatement” contest?

Gaudin continues, “Paul Henry, VP of Secure Computing and a recent Mac convert, said it’s all a matter of scale. The cyber bad guys target the richest market, and that’s not the Mac platform.”

MacDailyNews Take: Once again, 22 million Mac OS X users unaffected vs. “20 million” Vista users, some of whom are already affected by malware. Richest market? Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts, according to a 2002 report from Nielsen/NetRatings: http://news.com.com/2100-1040-943519.html

Gaudin continues, “Marius van Oers, a virus research engineer at McAfee, posted a blog last week that showed there are more than 236,000 pieces of malware ‘in the wild.’ The vast majority are aimed at the Windows environment. Only about 700 are meant for the various Unix/Linux distributions, van Oers wrote. How many are for the Mac OS X platform? Seven or less, he said, calling the threat ‘pretty much non-existent at the moment.’ For older builds of the Mac OS, there are 69 known malicious items…”

MacDailyNews Take: Mac OS is dead. Has been for many years. Do they go back to Windows 3.1 to include “malicious items,” too? Of the “seven or less” Mac OS X malware instances, how many affected users in the wild? That we know of, none. Zero.

Gaudin continues, “‘It is clear that OS X malware is not taking off yet. With an estimated OS X market share of about 5% on the desktop systems, one would expect to see more malware for OS X,'” [van Oers wrote].”

MacDailyNews Take: Finally, someone’s making sense.

Full article here.

MacDailyNews Take: Our headline is fact, whether some people like that fact or not.

Related articles:
Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild – March 30, 2007
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

96 Comments

  1. @Wiseguy

    Your hypothesis and numbers are great!!!

    Too bad they are uproven in the real world. I don’t know, maybe you should ask a Mac user if their Macs have been compromised. Their reply would most definitely be “Virus, Malware, what the hell is that?”.

    You guys and your pipedreams. LOL

  2. Bottom line is there is no threat to Mac OS out in the wild = 0%,

    …while there are thousands of threats that a Windows machine is instantly bombarded with every second on the internet = 100%

    So what is the comparison?

    Let the spinmeisters spin….

  3. I switched from a PC to a Mac almost a year ago and nope… no viruses, no malware, no crashes. It’s like they say, once you go Mac, you never want to go back. So stop with the FUD campaign PC drones!

  4. In brief from the link.

    1: Mac OS X exploits are increasing.

    2: Mac OS X exploits exceed the amount of Windows exploits.

    3: Both pale in comparison to the 95% of exploits that target applications.

    (don’t give apps the admin password!)

    Windows has more malware using the exploits because they have a larger market share and the Mac was a forgotten platform until just recently.

    It’s plain as rain.

    I still love my Mac anyway though and confident Apple will turn things around as far as exploits go.

  5. “Home users tend to go months, even years before doing a SU!”

    Uh, yeah, any evidence of that? Maybe Windows users don’t update much, but I seem to remember every new Mac I buy phoning home as soon as I hook it up. And in TS, almost everyone I encounter is running the very latest build. Even if they’re running 10.3, they’re running a fully updated 10.3 Windows users span the timeline all the way back to Win 2k and beyond. I’m not saying you’re wrong, I just think you might be mistaken.
    Anyway, my 2 word response to this whole article:
    “No Shit.”

    -c

    MW: ‘straight’ (yeah. that’ll be the day)

  6. over three years since i switched (panther is what did it for me). no viruses, malware, etc etc. how many times have i checked for them? none. i’m not going to say that mac os x is bulletproof. it’s not. it DOES have vulnerabilities, and every mac user on MDN is aware of that. it’s not the point, though. OUR point is that there hasn’t been even ONE reported instance of an os x machine SUFFERING fro malware or exploits, aside from people who tried VERY hard to set up special instances (like that whole wireless fiasco a few months back).

    i was checking for malware every day before i switched to mac. haven’t had to since. don’t see it happening in the near future. if the day ever comes that os x is in as bad of shape as windows is, i’ll find something else. i don’t see that happening, though. =)

  7. Please excuse my ignorance about this subject. I have been a Mac user since the beginning as my friend who introduced me to computers is too. I probably would be a Windows user if he had been one. Who knows.

    Anyway, I am confused about the differences in the security lingo being used ie attacks, vulnerabilities, exploits and threats. Would someone be kind enough to enlighten me about the differences. The only problems I’ve had with OS and OSX have been of my own making which I guess would mean I had none with the operating system or any outside interference. This would be over a 10 year time span.

    Thanks in advance

  8. Exploit – In computer security, an unethical or illegal attack that takes advantage of some vulnerability.

    Vulnerability – A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.

    Threat – The danger of an attack on a computer system.

  9. Even though “vulnerability” is more accurate to reflect a software flaw, the new generally used term is “exploit” because of the internet’s rapid response it doesn’t remain a vulnerability very long.

  10. Think of the comparison of OSX and Windows as a school surrounded by a playground.

    The OSX school is a seamless cube with doors that can only be opened from the inside because all of the critical system functions were designed from the beginning on the inside. What goes in and comes out is controlled.

    Contrast that to Windows which is like an old schoolhouse built back in the day when they had no running water and used an outhouse.

    When they had bring in running water, and pump out the crap from the bathroom (the running water and the crap being comparable to the newly found critical system functions that were not originally designed in Windows) the designers of Windows for whatever reason decided to run the in (water)pipes and the out (crap) pipes through the existing doors and “windows,” instead of creating new in and out pipes with their own separate controls through the outer skin or wall. Or buried deep in the ground so that no one could dig up the pipes.

    That meant that the “doors” and “Windows” could not be secured, or if they were, only temporarily. The “doors” and “windows” keep getting re-opened by hackers who redevelop new versions of old viruses (now THAT is scary!).

    It is theorectically possible that some hacker could penetrate the one piece skin of our OSX schoolhouse, but is that likely to happen before the repainted old schoolhouse with many new padlocks woodscrewed to the doors(Vista) implodes?

  11. Forgot to include the playground in my school analogy.

    In both playgrounds, the malware kiddies get to play, but they can’t get inside the outer skin of the OSX school, while the doors and Windows have to be opened to let students, as well as the inbound water and the outbound crap to pass through.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.