Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Are Mac’s inherently safer?

Question: Is it true that Macintosh is very safe in that viruses cannot get through? And what about emails? Can others sniff and get info using mac?

Yes they are.

No they are not.

And I just know what the comments on this article are going to be like…

Become a Patron of Ask Leo! and go ad-free!

First, a disclaimer: I do not own a Macintosh. I’ve come very close a time or two for various reasons, but have yet to do so. What follows is my opinion based on my understanding of the technologies involved, the state of the industry, and some assumptions about how hackers think. Yes, that last point is perhaps the most important part of this discussion.

“All software has bugs. Period. There is no such thing as perfect software.”

I answered by saying that a Macintosh is very safe (presumably in comparison to Windows based computers) and that it is also not any safer. Let’s look at why I say both.

Position #1: The Macintosh is no safer than Windows.

All software has bugs. Period. There is no such thing as perfect software. Systems are too complex for all possible outcomes and situations to be predicted and handled properly. Developers are human, and development teams are similarly complex systems that can only produce imperfect results.

Why do I go out of my way to say that? Because “all software” includes Macintosh software, and security exploits are simply the result of a class of programming or design error or “bug”.

I firmly believe that the Macintosh operating system and Mac applications contain their share of vulnerabilities. More than Windows? Fewer than Windows? I don’t know, but it doesn’t really matter, because they are there.

So why don’t we hear about Mac exploits like we do about Windows? That’s because:

Position #2: The Macintosh is much safer than Windows.

I recently read that Macintosh has 4% market share. Over generalizing, that means 1 out of every 25 personal computers is a Mac.

And that’s the reason you don’t hear about massive vulnerabilities or spyware or any of that other stuff we’ve come to associate with Windows. Not because it couldn’t be done, but because no one’s bothered to do it.

It’s not worth it.

This is where we start trying to think like a hacker. If you wanted to cause trouble, would you write something that upset 1 out of every 25 computers? Or would you target the other 24? If you wanted to install spyware, would you write it such that it worked on 4% of computers or 96%?

If you hated Microsoft, would you write a virus for the Mac?

The answer for all of that should be fairly obvious. Apple and the Macintosh simply aren’t as big a target as Microsoft and Windows. As a result, you are inherently safer on a Mac, because almost no one is actively trying to cause you trouble.

But, don’t get too comfortable yet, because:

Position #1, revisited: The Macintosh is no safer than Windows.

Some things are platform independent. You asked specifically about sniffing, which I take to mean monitoring your internet traffic. The answer there is that the Macintosh suffers from all the same vulnerabilities that Windows or any other computer on the internet does. Internet traffic can be monitored, plain text email can be captured, email and websites can still fool you into doing things you shouldn’t.

So please, don’t think you’re totally safe because you’re on a Mac. Safer, yes, but immune? Not at all.

So if the Mac is safer, albeit only because it’s not as big a target, why is Windows so popular? That’s a complex questions that’ll generate about as many opinions as anything else. My thoughts: You can get Windows on a wide variety of computers from a wide variety of manufacturers … you can only get Apple’s operating system for Apple’s hardware. There’s more software available for Windows. Macs tend to be more expensive. Many corporations and schools have standardized on Windows.

That’s not to say that Apples aren’t worthwhile computers … in a nutshell, they rock, and I know it. Apple’s known for a superior and consistant user interface, as well as a fairly seamless hardware experience. But Windows wins market share on cost and flexibilty.

And given that more market share makes you a bigger target … maybe Apple’s happy to let someone else take the bullets.

Update:

As I expected the Mac crowd has weighed in loudly. Perhaps the best “counter-argument” I’ve seen so far to my article is here: MacDailyNews: Apple Macs are inherently safer and more secure than Microsoft Windows. I put “counter-argument” in quotes, only because we arrive at the same conclusion – Mac’s are safer – we just get there through very different means.

I encourage you to read the many comments below. The furor is that I’ve come to the right conclusion – Mac’s are safer – for the wrong reasons. In between the “Leo’s an idiot” statements (which, of course, I hope you’ll ignore), is good information, and many more reasons Mac users love their Mac’s.

While there are many articles that discuss the points tackled here, a reader pointed me to this one – “Broken Windows” – I found it to be a well stated summary of much of what my commentors are saying.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

52 comments on “Are Mac’s inherently safer?”

  1. Leo is just plain wrong on this one. Mac’s have about 10% of the market. Why aren’t 10% of the viruses infecting the Mac? Because OS X is built on Unix. Just like Linux and Solaris. Have there been any viruses for these platforms? None at all. Think about that for a minute. 0 viruses. How many for Windows? 100,000?

    How about spyware? None. On Unix systems, the only user that can install software is the root user or someone designated with root privileges for that task. But it still will ask for a password to install the software. So in theory, spyware could exist, but it would require the user to knowingly install it.

    The fact is Windows was designed as a personal operating system. They have added networking capabilities to it over the years but its just a kludge of code. Whereas Unix systems were designed from the ground up to be multi-user and networked. Do youself a favor people and get a Mac or if you insist on keeping your PC, put Linux on it and get rid of that mess called Windows.

  2. Wow. Your arguments are so wrong on so many levels I don’t know where to begin. Let me attack just two points because I don’t have all day to discuss an issue that has been beaten to death a million times.

    1) Your position number one is just wrong. Period. Repeat after me: There are no known viruses for Mac OS X that have successfully replicated in the wild. Theoretical vulnerabilities? Yes. Proof-of-concept exercises? Yes. Self-spreading viruses and auto-installing malware that brings a Macintosh to a crawl like Windows users have suffered the last five years? No. Here’s just one page of many to get you started:
    http://wilshipley.com/blog/2005/09/mac-os-x-viruses-put-up-or-shut-up.html
    You’re saying “Neither is perfect, therefore they’re equally bad” and that’s absolute bullshit, period. It’s like you’re saying “You can die in a plane crash the same as you can in a car crash, therefore they’re both equally dangerous” while ignoring the COUNTLESS statistics that show air travel to be much safer by any measure than auto travel.

    2) Ah, the old market share argument. Before people realized JUST HOW EASY it is to exploit broadband-connected Windows PCs, the main target of hackers was webservers–open-to-the-internet powerful boxes on fast connections. Who had the most market share? Apache, by quite a margin. Who had the most exploits? IIS, by a large margin.

    Let me say this once for the cheap seats: OS X is based on UNIX, which has been developed for over three decades and was designed from the ground up to exist in a multi-user networked environment. It assumes the network is dangerous. It is usable by users with limited access. Windows, on the other hand, only got networking recently. It assumed you were on a safe corporate network. And Microsoft’s own products, like Office, don’t run well under limited-privilege accounts.

    “So if the Mac is safer… why is Windows so popular?”

    Because safety doesn’t sell computers. (Not much, anyway.) There are a million other factors that influence sales, as you pointed out–chief among them price and software availability. Why does the Ford Focus outsell any model from Volvo or Mercedes?

  3. Isn’t the reason for windows 96 per cent due to Gates pulling a fast one on IBM. If OS 2 could have been developed to run easily on IBM’s first personal pc we may never have heard of windows.

  4. Something you may find interesting:

    Market Share vs. Install Base: Where the misinformation begins

    Installed base (a.k.a. user share) and market share are completely different numbers. Installed base is the total number of computers currently in use. As a software developer, installed base and user share provides the number of potential buyers, NOT MARKET SHARE. Yet editorial tech writers and news reporter use Market Share and User Share interchangeably. This is poor journalism and incredibly misleading.

  5. The Macintosh is no safer than Windows. All operating systems are exactly the same – even if one is better by design. Design doesn’t matter. Superior engineering in an OS makes no difference. An operating system that is intentionally designed to be more secure is no better that one which isn’t. Windows is no safer than DOS. Solaris is no safer than Windows. Vista is no safer than Windows 95. They’re all the same. Don’t be misled by the fact that Mac OS X users have never reported a worm, virus or spyware. It doesn’t matter because 16 million users isn’t worth it to the hackers. They’re only attacking Windows because it is so big, not because it is trivially easy to do so. Turn off your brains and ignore the people who say that OS design makes a difference in security, because it doesn’t. This is based on my superior understanding of the issue, even though I don’t own a Mac or know the first thing about the security implications of software design.

  6. Baloney.

    MacOS 9.x had tons of viruses, and they had also had a small market share.

    MacOSX is more secure.

    Because hackers are in it for the rep, busting MacOSX would be much more presigious than just another PC hack.

    I mean, how hard can it be? A 10 year old can write a PC virus.

  7. Fustian,

    You beat me to it! His argument falls down under scrutiny, simply because of the sad state that was OS9. OS9 had an even smaller market share than X :-)

    He admits to not knowing much about a Mac, and ignores the obvious advantages of an operating system designed from the ground up for multiple users – and tries to explain it away with some FUD about bugs.

    This guys a shameless hack that was looking for nothing but web hits.

    Its time we “asked leo” to shutup and do some research before opening his mouth again.

  8. It’s interesting to note that most of the viruses for OS 9 and below (which totalled fewer than 100) were Microsoft Word viruses – hmmm, I think I see a pattern…

  9. Leo, like so many IT morons, will never admit that the Macintosh is more secure and of much higher quality than Windows.

    Look at the top of ask-leo.com — Leo fixes Windows problems. The Mac has fewer problems. The more Macs out there, the less work for Leo.

    The whole damn IT industry is such a scam. They recommend crud, knowing they will have plenty of work fixing the crud they themselves recommended.

    For any of them to admit the Mac is better, at anything, is the same as admitting that they are incompetent.

    It may be the truth, but don’t expect truth from an IT moron.

  10. It has never been the issue that Microsoft is the only one with security issues. The issue has been the sieve-like nature of MS OSs and apps, and the misguided notion that competing products must have “no defects” to be better than what MS is offering. That notion is a logical fallacy, referred to as the Requirement for Perfection. In other words, it is not the case that Product X must be perfect in order to be “better than” Product W.

  11. Gotta love logic (and the choice of letters…)
    I prefer Mac OS X, yes it’s true, but I am not a fanatic. I maintain a Windows network as part of my teaching job (I even got the school to buy a Mac lab this year to replace a Windows lab).

    Windows’ security issues speak for themselves. Yesterday a very serious issue arose for Windows XP and 2000 – see eWeek’s article at http://www.eweek.com/article2/0,1759,1891749,00.asp?kc=EWRSS03119TX1K0000594

    Interesting to note is that this is a Javascript problem, but it does not affect Javascript in Linux, Mac OS X, or even earlier versions of Windows! They all use Javascript, too!

    MS has gotten sloppy. They deserve to lose some market share, then they will strive to improve, and then we all win with better products.

  12. Hi Leo,

    Your answers were not very satisfying to me as a long time Mac user. I will give you my answers to the questions that your reader asked:

    Is it true that Macintosh is very safe in that viruses cannot get through?

    The question is not absolutely true as stated, but because of the design of the Mac OS X operating system, it is true that a virus is much less likely to propagate and spread than on a Windows system. In addition, for the 5 years that Mac OS X has been in use, there has not yet been one virus reported.

    And what about emails?

    You should not click on unknown links or attachments in any email for any operating system, but for OS X, the default Mail program does not automatically run attached files, so there have not been any exploits by email.

    Can others sniff and get info using mac?

    “Others” can sniff network transmissions for any operating system, so you should always use a secure browser page when transmitting personal information on the web. “Others” can also use “rootkits” and “keyboard loggers” to try to obtain information from your computer. These programs can be contained in a “trojan” to compromise your computer. They exist for all operating systems, so you need to be smart about obtaining software from trusted sources. For OS X, an administrator password is always required to install new software (not true with Windows), so the Mac is safer in that respect.

  13. The security issues is not only about exploitation of sofware bug. The issue depand also on architecture of the OS and the hardware.

    Exemple: It is much more difficult to do a buffer overflow on a PowerPc vs on x86, because the return instruction in the PowerPc chip are in the register not on the stack.

  14. “MacOS 9.x had tons of viruses”

    I wouldn’t call 2, plus their variations tons. The last OS 9 virus (the AutoStart worm) appeared in December 1998, well before the introduction of OS X. SevenDust was the other OS 9 virus.

  15. This is so simple. If you are a hacker, and you want the ultimate respect in hacker circles, you’d write a virus for OS X. Why? Because noone else has done it. Talk about bragging rights!!! The fact that OS X has no viruses written for it says a lot. Leo has his head in the sand.

  16. How can someone admit to a a lack of knowledge and experience, profess to a bias, and then pretend to deliver a meaningful opinion? Safety-through-obscurity is a demonstrated falsehood. Pathetic.

  17. So let me get this straight, because both the OS X and Windows are software, they are inherently equally vulnerable to attack?

    By that logic, Windows XP with all the latest service packs and security updates is no more secure than the first version of XP that came out years ago. They’re still both software, and all software has bugs, right? That’s cleary idotic.

    Obviously the quality of software and increased attention to security issues can make a dramatic difference –even in versions of the same OS. Why is it not possible that Apple did a better job with OS X from the start?

    By the way, I’m not discounting the likelyhood that hackers are more prone to attack a Microsoft OS. That’s probably also true. Microsoft is hated with good reason. Even if years from now, Apple were eventually to match Microsoft’s market share (by consistently shipping excellent products, and not though underhanded tactics like MS), I doubt they would ever suffer the same degree of virus-laden wrath reserved for Microsoft.

    Instead of asking which OS is theoretically more secure, People should ask which OS actually has been, and is most likely to continue to be, the least troublesome for the forseeable future.

    The answer seems clear to me and the ever-growing mass of switchers.

  18. The notion that virus writers would prefer to attack Windows because of its larger isntallation doesn’t hold water. MacOS is also an extremely attractive target. Facts are 1) BSD/Unix has been hardened over many, many years and 2) the exposed code makes it far easier to find vulnerabilities requiring that the code be much, much more secure.

  19. Obviously posting an opinion like this is a neat way of attracting publicity and negative remarks. But here’s my take:

    1) Windows security measures are essentially pointless because the biggest issues can’t be fixed easily, i.e. ActiveX (it’s an open, maximum threat, issue on pretty much any security advisory — the workaround is to disable it) and a poor basic security model (any fool can go delete stuff in c:\windows and so can any piece of code). Arguing that gaping flaws like this are equivalent to as yet undiscovered flaws in Mac OS X is simply unsupportable.

    2) Many of the “security” measures taken in Windows are more marketing exercises than actual security enhancements. E.g. the feature in Outlook that prevents you from saving certain email attachments to disk no matter how sure you are they are safe is so inconvenient that it may *seem* to some users as though it’s actually secure. Meanwhile, on a Mac you will be politely warned if you download or save an attachment with an executable in it, and the first time you run an executable. It’s not foolproof, but unlike the equivalent measures in Windows it is neither incredibly inconvenient NOR is it totally useless.

    3) The argument that no-one is hacking Mac OS because only one computer in 25 is a Mac is specious. Given the instant publicity and infamy an ill-informed blog entry on Mac security gets, imagine the props for creating a successful Mac virus or worm. There’s no glory in creating a Windows virus — ANYONE can do that.

    To date, the most publicized piece of Mac malware is a shell script which requires the user to download the script, execute it (something most users wouldn’t know how to do) and enter an admin password. So, hackers *are* trying to crack the Mac, they just suck at it.

  20. “What follows is my opinion based on…some assumptions about how hackers think.”

    Leo, did you really think this article through before you submitted it to your blog? If you were a hacker wouldn’t you desperately be trying to create the very FIRST virus for OS X? Imagine the bragging rights & “respect” you’d gain…as opposed to writing the 385,721st virus for Windows…

    BUY a Mac then try to equate it to Windows. Don’t just sit on the other side and lob ignorant grenades at the platform.

  21. The only way to settle the dispute for Mac OS is to gain the same level of share like Windows has in personal computers. Yes, there had been fewer viruses for Mac, but I bet there had been fewer hackers trying to wreck Mac. That’s the whole point. One can always claim that Mac OS is inherently more secure etc. Although in truth, you never know in which and how many ways hackers would discover security holes and start exploiting them, had they been serious about Mac. It is possible that it would be difficult or may not be possible at all to attack Mac OS using the same method used in Windows. However, it is also possible that Mac will turn out producing some different kind of security holes compared to Windows. This whole issue of “relatively secure” is biased since Mac just doesnt have the same level of usage compared to Windows.

  22. Leo contends that hackers ignore the mac community because it’s so small. That doesn’t take into account the animus that many pc guys have for the mac. I think they would like nothing more than to bring the mac community to it’s knees.

  23. Leo,
    Wouldn’t “I don’t know” be a perfectly valid answer here?
    There are entire classes of attack that MacOS X precludes by design. For example, there is no “root” or “Administrator” account that has unfettered access to the entire OS. If you want to change the System, you are prompted for your password and permission to do so, and then only if you have an Administrator flag. But even with an Administrator flag, anything you do will be logged as you, not as some generic “Administrator” user.
    In addition, the “active content” (such as ActiveX) is generally Java or JavaScript on MacOS X, which is kept in a much tighter secure box than ActiveX. ActiveX has been a major source of vulnerabilities on Windows.
    Most services are disabled by default on MacOS X and only run when/if needed and explicitly requested.
    Another thing the Mac has going for it, for now at least, is the PowerPC has better protection against data being treated as code, so many “buffer overflows” are vastly more difficult to exploit. Intel is said to be adding this functionality next year, so hopefully Apple will not lose anything in the transition.
    Furthermore, Apple has made it very easy for the expert user to use digital signatures in the default Mail client, as well as strongly encrypted email. Add to that the advanced spam filtering (one of the best client-side ones I’ve seen) and not auto-running anything, and you get a system where even if someone did write an email virus or worm, there are a lot more roadblocks to its propogation.
    To sum up, in MacOS X there are fewer places for malware to hide, its harder to get there, and its harder to spread anywhere else once it’s there. I agree with you that all current software likely has exploitable bugs, but in addition to your point about it not being worth it, the wall is also much higher around the Mac’s security. So yes, the Mac is more secure AND it’s more inherently secure.
    Which is probably why not one single MacOS X-specific virus exists. Anywhere. At all. The only known virus, ironically, that can reproduce on a Mac are macro viruses written for Microsoft Office, if the user has MS Office installed.

  24. (I guess indentation doesn’t work on your comments area…)

    Wouldn’t “I don’t know” be a perfectly valid answer here?

    There are entire classes of attack that MacOS X precludes by design. For example, there is no “root” or “Administrator” account that has unfettered access to the entire OS. If you want to change the System, you are prompted for your password and permission to do so, and then only if you have an Administrator flag. But even with an Administrator flag, anything you do will be logged as you, not as some generic “Administrator” user.
    In addition, the “active content” (such as ActiveX) is generally Java or JavaScript on MacOS X, which is kept in a much tighter secure box than ActiveX. ActiveX has been a major source of vulnerabilities on Windows.

    Most services are disabled by default on MacOS X and only run when/if needed and explicitly requested.

    Another thing the Mac has going for it, for now at least, is the PowerPC has better protection against data being treated as code, so many “buffer overflows” are vastly more difficult to exploit. Intel is said to be adding this functionality next year, so hopefully Apple will not lose anything in the transition.

    Furthermore, Apple has made it very easy for the expert user to use digital signatures in the default Mail client, as well as strongly encrypted email. Add to that the advanced spam filtering (one of the best client-side ones I’ve seen) and not auto-running anything, and you get a system where even if someone did write an email virus or worm, there are a lot more roadblocks to its propogation.

    To sum up, in MacOS X there are fewer places for malware to hide, its harder to get there, and its harder to spread anywhere else once it’s there. I agree with you that all current software likely has exploitable bugs, but in addition to your point about it not being worth it, the wall is also much higher around the Mac’s security. So yes, the Mac is more secure AND it’s more inherently secure.

    Which is probably why not one single MacOS X-specific virus exists. Anywhere. At all. The only known virus, ironically, that can reproduce on a Mac are macro viruses written for Microsoft Office, if the user has MS Office installed.

  25. Hey I’m Leo, I’ve never driven a Ferrari before but I’ve driven a Skoda and I can tell you that they are as fast as Ferraris. How did I know this? Well, they both have 4 wheels and an engine…

    Come on Leo, get real. You simply cannot compare two OS’s when you only use one. There is something called RESEARCH that typical journalists conduct before they start typing. Five years of OS X and no viruses. Vista has not even been released to the general public and there have already been exploits.

    One more thing – going by your rationale, McDonalds MUST be simpy the best restaurant in the world, since they have the most outlets. Right? Wrong. It’s QUALITY not quantity that matters, and OS X has been built from the ground up focused on security. Micro$oft’s half assed SP2 is nothing more than a placebo.

  26. “I put “counter-argument” in quotes, only because we arrive at the same conclusion – Mac’s are safer – we just get there through very different means.

    I encourage you to read the many comments below. The furor is that I’ve come to the right conclusion – Mac’s are safer – for the wrong reasons.”

    The same conclusion? Your conclusion is that Macs are less vulnerable because they have a lower installed base and hackers only want to hit the big target. Just about everyone else’s conclusion is that Macs are less vulnerable (or NOT vulnerable at this point) because of superior design and security. How are those the same conclusions?

    By the way, if I’m a hacker there is nothing I would like more than the notariety of being the first person in the world to write a virus that breaks the Mac OS X cherry.

    Yes, you got flamed by Mac users, but justifiably so. You obviously don’t know what you’re talking about.

  27. After reading your article, I conclude that nobody should ever “ask-leo” anything and expect a logical answer. Too many assumptions in a situation where there are easily verified facts. You do get credit for at least stating your assumptions (e.g. with regard to how you think a hacker might behave, how you think software in general behaves). That you wandered around and guessed the right answer is neither here nor there. So, several points for frank disclosure. However, serveral million points off for failing to grasp the fundamental importance of things like total number of software defects overall, ability of a process to alter the kernal, and other basic issues of operating system architecture, not to mention failing to understand why open source is safer. You know what they say — when you asssume… Please go back to your high school and surrender your diploma at your earliest convenience.

  28. I eagerly await the inevitable follow up article where Leo talks about how the Mac “Zealots” flamed him because he pointed out how Mac wasn’t any better than Windows, and ignores the many facts in this talkback.

    It’s a lot easier just to try to portray Mac users as idiotic Zealots that have drunk the Kool Aid than actually respond to the facts that have been posted here.

    In the meantime, for whatever reason that Mac OS X has 0 viruses and spyware compared to Windows, who cares? Given the choice between living in a leper colony and living somewhere with no leprously – which would you do? Leo clearly would stick around in the leper colony, becuase the other place “could just as easily get leprosy, its just a matter of time”.

  29. I really need to get my Macintosh Security and Maintenance presentation posted. There is so much ignorance on the part of so-called experts raised on the tits of Microsofts’ breast that demonstrate over and over how clueless they are that someone has to save them from their foot-firmly-in mouth punditism, red-herringness and lead balloonism.

    Leo, if you have never tasted salt, how do you describe it? It is not possible. You have to have tasted it first. Taste the Mac and then, just like all the other “Windows-only” folks, you too will begin singing the praises of that platform rather than excusing it out of hand or giving it backhanded grudging praise.

    I was an MCSE back in the NT days. I have run the macCompanion magazine for over 3 years now because again, someone has to help the computer refugees through the underground railroad to escape the slavery of the non-Mac environments.

    Drop by and read the back issue of macCompanion at http://www.maccompanion.com and read for yourself. We welcome you with open arms! We don’t play the Fear, Uncertainty and Doubt game. Come on Leo, come give us a hug…

  30. Well, I personally would like to throw in a good word for Leo. Although I disagree with some aspects of what he wrote. For instance the reason that no one has attacked the Mac is because it has a much smaller market share. I’ve been using macs since OS 6 and I must say that up until Mac Os X there were viruses for the mac. Infact I think about 50 or so. Still less than what you would get on Windows but enough to make anti virus software a good business for the mac. But after the release of Mac Os X there has not been a single virus while the Mac market share has infact increased. So It would seem that market share is not the driving issue for Mac Os X’s security. However that said I really do think people are bashing poor Leo here. I for one was impressed with his very obvious attempt at objectivity and williness to admit that he didn’t know everything. To me this seems like a very good trait in a columnest.
    Alex

  31. Aparently Macs are a smaller target than Windows….
    However according to this article relating to an experiment done last year by USA Today
    http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
    Quote
    “Each PC was connected to the Internet via a broadband DSL connection and monitored for two weeks in September. Break-in attempts began immediately and continued at a constant and high level: an average of 341 per hour against the Windows XP machine with no firewall or recent security patches, 339 per hour against the Apple Macintosh and 61 per hour against the Windows Small Business Server. Each was sold without an activated firewall.”

    341 attacks per hour average for XP vs 339 per attacks per hour average for OS X, How can you say that OS X is a “smaller” Target?

    10:52:08
    Less than four minutes from start of the test, an intruder breaks into Windows XP SP1 through the vulnerability most famously exploited by last May’s Sasser worm. Ensuing instructions get garbled.

    11:03:30
    Eleven minutes later another intruder breaks into XP SP1 through the security hole exploited by the July 2003 MS Blaster worm. Ensuing instructions get garbled.

    11:04:04
    While the previous break-in is still unfolding, another intruder, using a different attacking computer, breaks into XP SP1 through the Sasser hole. Ensuing instructions get garbled.

    20:21:44
    An intruder breaks into XP SP1 for the fourth time using the MS Blaster hole. Things go smoothly. He begins uploading commands. He confirms XP SP1 is connected to the Internet, then begins making repeated attempts to connect XP SP1 to a server running an Internet Relay Chat channel, the equivalent of a private Instant Messaging line.

    20:22:49
    The intruder successfully connects XP SP1 to the IRC channel, which is probably also running on a hijacked PC.

    20:23:05
    The intruder instructs XP SP1 to navigate to a designated Web site, likely running on yet another hijacked PC. XP SP1 downloads a program, called ie.exe, from the Web site.

    20:23:11
    XP SP1 begins scanning the Internet, poised to similarly hijack other PCs exhibiting the same unpatched security hole.

    OS X was NOT compromised!

  32. As a professional Network and Systems Administrator who has beein in this industry a while, I have to chuckle when yet another MicroSoft apologist chimes in with the “Security thru Obscurity” myth. It is like listening to “Talking Points” issued from Redmond. No study thats ever been done confirms this assumption, and that is all it is, an assumption.
    A couple of examples of why this assumption is wrong… perhaps the best example is looking at an area where MicroSoft isn’t the domant player: Internet HTTP servers. Apache dominates this market with 70% of the market vs. IIS at around 20%. Where this myth true, the vast majority of exploits would effect Apache. The exact opposite is true, however, Apache’s security record is much better… just look to disasters like Nimbda or Code Red. Apache has never had an exploit like this. Another example, go to DefCon some year and plug a Windows and OS X machine into the network and see how long either lasts without being hacked. You’ll see lots more OS X machines there than Windows, yet none have ever been hacked.
    The danger with this myth being perpetuated is that it removes responsibility from MicroSoft to build a secure product. If you buy into the assumption, then it isn’t MicroSoft’s fault they are being attacked so much. You do your readership a dis-service passing on this FUD, which is not supported by any research, on your part or anyone elses.

  33. I’ll try to keep this short, because I’m sure you’re wading through quite a bit of verbiage in terms of responses. The Mac is built on UNIX, which among other things, is known for being solid as a rock when it comes to security. Windows is built on, well, Windows. Nearly all the code is gone from the original Windows release, but it’s still the same creaky child-like code that was designed long before anyone thought to connect two computers together.

    If you talk with hackers, they’ll tell you that at this point the Mac is considered THE prize, because everyone keeps claiming that it can’t be done. Still, they don’t succeed. So they continue to beat up on Windows because it’s EASY to do so. Shoot me if you must for invoking the car analogy, but it fits perfectly here. Two cars sitting in a lot, either one of them could theoretically be stolen. But one has an alarm system, a microchip embedded in the key, a denver boot on the tire, and a lo-jack built in. The other car has the window rolled down, the keys on the seat, and a sign taped to the steering wheel that reads “Go ahead and steal it, I need the insurance money.”

    Which car do you think is going to get stolen each and every time? The point that so many of you guys miss is that the rampant, almost laughable spread of viruses, spyware, and associated crap is almost entirely a function of the near total lack of security built into, and child-like coding of, Windows. Hackers couldn’t have one-tenth this much fun if the dominant operating system weren’t such trash.

    Come on, does the current state of malware seem like something that would be considered normal? It’s an outrageously bad joke, and it simply would not be happening if the dominant operating system were as secure as the Macintosh is. When the Mac has thirty-four percent marketshare instead of four percent, and the hackers are still having one hundred percent of their breakthroughs on the Windows side, then we’ll have proof that I’m right about this. Until then, the very fact that there hasn’t bee a SINGLE virus successfully written for MacOS X should tell you something.

  34. To think that I spent all that time and effort on an education to become a systems analyst when all I needed to do was stay an ignorant hick and become a tech writer.

    I have worked (as in written apps) on everything from PCs (Mac & Wintel) through small mainframes and all their associated operating systems and languages.

    In spite of that (probably because of that) I would not have the balls (or the lack of brains) to make a pronouncement that one system “appears” safer because it holds a smaller market share.

    What you need to do next is apologise for your ignorance and complete lack of understanding as to what makes a Mac (and by extension any Unix-based operating system) so much less vulnerable than any flavour of Windows.

    If you fail to do this don’t be too surprised if Leo doesn’t get asked to do anything other than sweep the floors in the future.

  35. Leo, don’t give up your day job! You clearly don’t know what you are talking about when it comes to Macintosh computers. You try to argue their weaknesses based on only a Windows level of knowledge. That’s just flawed in so many ways. Go get educated first, then come back and try again. You can “believe” all you want about the Mac OSX having security flaws, but that won’t make it so. Keep dreaming. If you don’t own a Mac, and don’t really have experience with one, how the hell can you say something so stupid as “More than Windows? Fewer than Windows? I don’t know, but it doesn’t really matter, because they are there.” What an asinine statement.

  36. I appreciate your attempt to compare the security of both the windows an dmac os. It’s true, almost an computer connected to the internet without proper firewalls, etc. can be exploited and breach. However, you fail to mention that macs are simply much more secure than windows in terms of that breach. Every program installed needs administrative privelges and passwords prior to installation. Additionally, in order to serious hurt the OS you need root access which is by default not accessible without certain admin privleges. True the market share is smaller for the mac user, and that is just one small reason why there are no viruses, trojans, etc. One of the major and overlooked reasons is the mac community. Mac users have seemed to grow into a cult, where they love their system, their hardware, their software, and the sake of just owning a “mac.” These users are far more preoccupied with using their mac and creating on it rather than writing viruses for it. It’s almost like a double edge sword, where those who love their mac, really love it, and those same people who rather you NOT switch and continue to be a windows lover. We don’t need more mac users, but once you are one, you’re damn proud of it.

    Your choice of computer depends on your needs. gamers really shouldn’t buy macs, because there are far more pc games available, but the ability to create those games……..can be done on a mac.

    Apple is the only company that creates both the hardware and software and that results in things working hand in hand without the faulty problems that windows users experience everyday.

    Like I said, I appreciate your attempt to make this comparison, but honestly……….it’s like apples and oranges.

  37. I’m not going to restate what everyone else said here… besides the fact that you don’t even OWN a Mac and think you know about it. Let alone have you used one for more than a few days in the year or so?

    Your ignorance is like me saying this: I’m gonna say Ford cars suck but I own a TOYOTA.

    Please…. are you kidding me?

  38. You sir, are an idiot. You have not researched anything. You haven’t even tried a Mac in a real world enviroment. Why not have some FACTS before writing this purely opinion column? Ask-Leo.Com lost whatever credibility it had.

    Next time, do a comparison. Get a Mac, with the latest version of OS X on it. With all the updates. Get a Windows XP machine, with the latest service packs. Use both for a week, and see which has a virus or problems.

  39. In order to understand the underlying differences between Mac OS X (Unix) security and Windows security you need only read this article:

    http://macdailynews.com/index.php?URL=http://www.icefox.net/articles/why_microsoft_market_share_wont_grow.php

    OS X is not secure through obscurity. Any Unix virus or malware would work against a Mac, and the Unix (all flavors combined) market share rivals that of Windows. Unix is simply designed for security with multiple users where Windows never has been and so far, will not be in the future with Vista. The difference is the presence of a registry. Windows is a house with no interior doors locked and some windows left open. Mac OS X is a house with all the doors and windows locked, even the interior ones. Break into the Mac house and you find yourself in a locked broom closet. Crawl into the Windows house through one of the open windows and you have the run of the place.

  40. OK, time to put this to an end. I’m closing comments on this thread.
    Folks are now basically just repeating the same sentiments over and
    over.

    As I read them the comments are best summarized as:

    – Leo’s an idiot

    – Market share has nothing to do with it.

    – Leo has no idea what he’s talking about.

    – OS/X is based on Unix, and therefore inherrently better than Windows.
    It’s simply a more secure operating system, period.

    – Leo’s an idiot.

    – Windows sucks.

    – “Macs” is not possessive. It is plural.

    I *do* want to thank the folks who posted rational, informative counter
    arguments. They’re an important, and educational, perspective.

    I definitely did expect there to be discussion on this topic. I will
    say, however, that I’m disappointed that it got as personal and as
    emotional as it did.

  41. Gee, I do not remember seeing anywhere that Leo stated any certain Mac OS. If you do follow the news you will find that the hackers have penetrated the Mac Os many times and did it within 10 minutes. Now does that mean that a Mac is safe? NO, Does that mean that they may be safer than a PC? Yes But everyone needs to make sure that their computers are safe. Even companies that use Unix use firewalls and scan for viruses and such. If you wish to run your computer with your head down a hole in the ground then be ready to accept what happens. I have had to clean many Macs for a Mac dealer that they took in on trade for newer machines. So saying that one is free from viruses or intrusion is false. Wake up everybody and do what is needed to protect your computers. This means everyone.
    Thank you

  42. I own 2 macs, and have used many PCs in my life. Ive never had a virus on either Mac or Windows. I know for a fact that they both are susceptible to viruses, and that there never will be a computer immune. I would have to say that the Macintosh community as a whole is less at risk for viruses because Mac users seem to love their computers to the point they dont want to break them, Mac is built on unix which is historically more secure, and the Mac requires you enable anything you download to execute before it runs. Windows just seems so much more vulnerable, all a virus needs to do is attack a few select folders, which any user can access, to wreak havoc.

    To counter all those that say that linux is the safest, its only because the people who write linux and run it are, for the most part, computer programmers and would love nothing more than to just have their own little operating system for free. Also why would linux users write viruses for each other?

    And to anyone who says Mac cant get a virus, my antivirus has over 500 000 virus definitions in its database. Im not sure about how many there actually are.

    Great article Leo, very thought provoking on the issue, but perhaps next time a little more research?

  43. For mac i use Protemac Netmine. I have Leopard and use it for protects against viruses and as firewall.It’s helps me a lot.

  44. Well i’m not a technical whizz kid or geek but I have been using Mac for about 15 yrs with great pleasure and would not go back to windows. But i feel this discussion goes way back to when Bill Gates took, what Apple considered to be an inherently unstable os, and made it into Windows. He took it and ran with it and got the market while Apple studiously got down to creating a stable os. Windows have been successively building on an inherently unstable system ever since, in my opinion. Each new Windows os being merely a ‘patch’ on its previous os in its inevitable commercial quest to keep the market. I don’t KNOW that this is true but it is my opinion. Great site Leo and if i knew what ‘HTML tags for style’ was I would use them.

  45. Just wanted to say “Thanks” Leo. I have been a Mac user for over 20 years and probably will be for the next 20. However, I truly appreciate the fact that you took on the issue and helped to answer the issue of Macs and crapware.

  46. I have always been a Windows user for number of reasons, primarily I like the choices to customise a PC. However I have occasionally use a Mac and I have to say it’s a solid well-built machine. If we’re a true hardware lover then we can appreciate anything no matter where that piece of machinery comes from.

    And yes I have been seen seeing new types of malware hitting Macs especially rogue software which is so common on Windows. The first rogue was a simple affair of removing and now I saw it can bypass the admin. That reminds me of how when the first rogue appeared on Windows, a simple affair of removing and now a nightmare. I don’t wish callouslly that Mac users get the same taste of us Windows users for tearing our hair out in frustration removing stubborn today rogues.

    Any computers having Windows, Linux and Macs, we should always be vigilant and educated in making our computers safer to use.

Comments are closed.