Replies

I have used both Windows and Mac products. Never had a virus on either. From a security perspective, it is just not accurate to claim Apple is more secure than a recent MS OS without security features like UAC disabled. In fact, Apple loses the hack competitions pretty much every year. Apple users benefit indirectly from Apple’s relatively low market share because the malware authors target the platform with the most users (Windows) but as that market share climbs, don’t expect it to last. Apple has finally, though, started taking security more seriously, so hopefully things will improve.

I could start in on the Windows 7 and 8 platforms that I've had to clean up from malware that have had UAC activated. . . But that a subject for DayGloRed' Windows thread. this is about Mac security.

First, the "security by obscurity" canard has been disproved so many times it gotten boring, but there's always someone who hasn't gotten the memo, like you. There are close to 100 million OS X macs in the wild with most of them, 99%, running completely without third-party anti-virus software in the possession of people who statistics show have a higher disposable income than do Windows PC users. These Macs are, in a phrase, sitting-ducks; yet you claim that target is too small to interest criminals. the same criminal that a few years ago wrote the Witty Worm virus to infect the 20,000 known Window PCs left unpatched six months after Black Ice closed the door on the vulnerability Witty exploited. . . and thirty minutes after the Witty Worm was released into the Wild, every single vulnerable computer was infected! So much for you "security by obscurity" myth. That is NOT the reason Macs don't get infected.

As for you claim of Apple products fell first at hacker contests WAS true but not due to ease of cracking. It once was the prize for cracking at these contests was the computer you hacked. The hackers all targeted the Macs. . . And their exploits were not spur of the moment cracks but exploits that took months of research and coding to prepare, sometimes by a team of programmers such as Charlie Miller's team of ex-NSA specialist who won four years in a row, but only seconds to execute. When asked why he went after Apple, Miller said because he wanted to win the MacBook Pro.

Now, they've added cash bounties as prizes and the hackers go for the biggest prize purse which can range up six figures. . . and they are targeting Google Chrome, Microsoft, Java, and perhaps Apple Macs as an afterthought. . . every exploit at this year's contest was on a Windows platform! Sorry, but that's the way it is.

Hi Swordmaker,

I'll just say that it's worth noting that those slams against Macs are the same tired old tech-blog ~~writer~~ whore list of unworth complaints. Same ones as for the last, what, 5? 7? more? years.

"When Apple sells more Macs they'll be attacked more." As though the number out there already isn't enough of a target, compared to other non-Windows targets like certain routers that get attacked plenty.
So-called "hacking competitions". These have always been a joke, now they're an industry embarrassment to anyone with a technical brain. Why not compare how long their d!cks are and leave the computers out of it? It would be just as meaningful as what they do now.
"UAC on Windows is an effective mechanism and raises Windows to the level of security of OS X." Not really. It raises Windows to the same "Mother-May-I?" level of "security" provided by the Mac's prompts for an administrative user's password. It's useful in both cases, and a necessary part of the picture on any operating system, but it doesn't address the real point of true system security.

The real point is that the operating system should provide the smallest and strongest attack surface, and defend that surface itself in a way that does not require the user to make difficult and annoying decisions. Period.

And Apple's OS X, based on BSD Unix with a designed-in, not bolted-on-afterward, approach to security, will continue to have the smaller, stronger, and better defended attack surface for the foreseeable future. Windows has gotten much better over the years, and it's largely on a par with OS X with regard to most aspects of user security. But its internal complexity works against the goal of a simple, strong structure with inherently minimal attackable characteristics. That's just a fact.

There is so much misinformation in your reply, I’m not even sure where to start.

The vast majority of malware that I’ve seen on people’s PCs comes from them downloading some crap and installing it, blindly clicking past the security prompts. Usually this is some software product that has some crap like Ask.com toolbar or equivalent embedded in the installation. I don’t care what platform you’re on, if you do that, you’re going to get malware. The difference is, on the Mac, the quantity of apps that do that is just way less. The App stores (on both platforms), I think are eventually going to kill off that attack vector. There just won’t be another way to install apps.

We’re on a thread discussing a critical vulnerability (root level access) in OS-X, that’s been there since 2011, and you’re sitting there claiming that Macs are completely secure. You’re not doing less-informed users a real disservice with that kind of outright lie.

The comment about Apple products losing the hacking contests because people wanted to win a Mac is, by far, one of the most laughable claims I’ve ever seen on the Internet.

But I will concede one point, and one that you don’t directly make, but that you allude to in your reply. And that is, the biggest security vulnerability these days is not the OS platform, but rather the browser add-in products, most especially Flash and Adobe acrobat. It’s so bad, that the hacking contests like Pwn2Own have broken those exploits out as a separate category. And btw, those products are cross-platform.