You are right. Because you don't have much experience with Macs, you don't know very much about Macs.
Your "Security by Obscurity" claim. There are now approximately 30,000,000 OSX Macs in use. THIRTY MILLION. Macs now represent approximately 8.3% of the overall US computer market in US sales and among non-business consumers they are approaching 20%! That is not obscure.
The vast majority of those Macs, probably in excess of 95%, are running bare, naked on the Internet without any anti-viral or anti-spy ware of any kind. Many of them without a firewall... and yet there are still ZERO self-replicating viruses or worms, or self installing spyware in the wild. OSX is approaching 7 years on the market and successful hacking of an out-of-the-box OSX Mac is also so rare that prizes are offered at hacker contests for someone who might accomplish that task. It has still not been accomplished without lowering the rules and opening the Mac up.
There are a few trojans... but that require quite a bit of user participation to download, install and run... giving administrator permission at every step.
Incidentally, demographic studies of Mac and PC users show that Mac users tend to be a bit more affluent than PC users and so should be the easy and desirable target for hackers.
If you truely want better security by design you are usualy better off going with some flavor of Unix...
That's good advice, Grumpy. You are aware that Apple Mac OSX is one of the three certified UNIX OSes on the market, aren't you?
"Leopard is an Open Brand UNIX 03 Registered Product, conforming to the SUSv3 and POSIX 1003.1 specifications for the C API, Shell Utilities, and Threads. Since Leopard can compile and run all your existing UNIX code, you can deploy it in environments that demand full conformance — complete with hooks to maintain compatibility with existing software."
Swordmaker,
Simply put you are wrong about the security flaws. A simple search on CERT, SANS or any other popular security website will yield a TON of OS-X advisories, not just trojans but buffer overflows too.... including Zero Day Exploits.... it’s just the way it is...
And any serious security proffesional with thier eyes open knows it.
Furthermore, if you know much about the motivation of malware writers/blackhats. It really is largely about numbers. The more zombies you get the bigger the DDS attack you can stage. The more computers you compromise...the more SS numbers, credit card numbers, etc you have a chance to snag and sell. The more sites you deface.... the bigger the street cred you get. That’s just the way it is with these guys.
They can choose to put out a hack that only has the potential to hit 10% of the possible target pool....or they can choose to put out a hack that has the potential to hit 90% of the potential target pool. It’s a no brainer which they are going to choose... it’s as simple as that.
Not real familiar with Leopard... I’ve already granted that. However POSIX compliance isn’t that big of a deal.... Windows is mostly POSIX compliant.... you just have to enable the shell/services for it. MS needed to do that in order to meet Fed purchasing requirements. Heck many flavours of Unix (including most Linux distros and FreeBSD) don’t really do any better then that.
The thing about most of the Unix distros I’ve seen is not that they are bullet proof or anything like that.... it’s that they tend to let you dig down to alot more granualar level of how the OS functions then MS... and they often tend to install with only minimal functionality/services enabled. That is good from a security standpoint but comes with a real trade off from the administrative overhead aspect....especialy for home users. Admitedly the last time I worked with Mac was only very early OS X... but it certainly didn’t seem to follow that design philosophy....and I can’t imagine later versions would have changed that radicaly.
Frankly a good Windows admin can achieve much the same results as you would see on a Unix box....although it sometimes takes outside tools/kits to achieve. ( The Windows Servers I administer... which are commercial servers hosted on the internet for Fortune 1000 companies haven’t had one successfull penetration in over 7 years of operation.... and we get dozens of attempts every hour).
Plus, it’s REALLY, REALLY dumb advice for anyone to run naked on the internet without some sort of FW (hardware or software) on the point of entry to thier home network....regardless of the OS they run on thier machines.
Especialy a home user. There are alot of even HW level vulnerabilties out there. Plug a printer or multi-function machine into your home network and it may well try to grab a publicaly exposed IP from your internet point of access and if it’s setup with SMNP functionality.... as many of those are these days... you’ve got a built in vulnerability without even having to turn your computer on.
Look, I’m not trying to argue thst MS is God and Mac crap.... just that for most home users it ends up being a choice between Coke and Pepsi.