Posted on 06/13/2004 11:39:42 PM PDT by Swordmaker
Broken Windows
Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not?
For the sake of this discussion, let’s consider the realm of “security” to encompass any sort of software running on your computer, which software you wish weren’t there. So we’re not just talking about viruses?/?worms?/?Trojan horses — we’re talking about crapware of any sort, including adware and spyware.
Adware is software that displays advertisements, typically in pop-up windows. Web surfers have been cursed by pop-up ads for years, but it’s common knowledge that they’re pretty much just a problem for Windows users these days, because every modern browser other than Internet Explorer has a pop-up blocking feature. If you have adware installed on your computer, however, even switching to a pop-up-blocking browser won’t make them stop — the ads are coming from hidden applications running on your computer.
Spyware is any sort of software that secretly records information about you — anything from the web sites you visit, to logging all the keystrokes you type. Obviously, there’s a fine line between spyware and Trojan horses.
What’s remarkable is this: Crapware is a problem of epidemic proportions on Windows, but it is almost completely non-existent on the Mac.
How big a problem is it on Windows? EarthLink offers a free program called Spy Audit which scans your PC for various forms of crapware; in March, they published a report showing that after scanning over one million PCs, Spy Audit had identified nearly 30 million instances of “spyware”, nearly 28 instances per PC scanned.
Now, obviously, these results are bit self-selecting, in that the people who suspect their PC has been infested by spyware are a lot more likely run Spy Audit than those running clean systems. And EarthLink is counting cookies from known adware-tracking web sites as instances of “spyware”, which I find tenuous — but still, they also found 5 million adware applications, and over 350,000 Trojan horses and “system monitors”.
A similar audit of Macs might well find nefarious cookies, but would it find adware or spyware? Any at all? If there exists any such software for the Mac, I haven’t heard of it.
No Place to Hide
It’s not like Mac OS X is impervious to crapware. Adware, for example, is just software that displays ads. Anyone with an Intro to Cocoa book could put together an application that displays ads in a pop-up window.
One difference between Mac OS X and Windows, however, is that Mac OS X doesn’t offer nearly as many places for nefarious software to hide. A major aspect to the scourge of crapware is that it’s extraordinarily difficult to find and remove it. This isn’t just about “typical” users; even expert Windows users get hit by crapware and can’t figure out how to get rid of it.
E.G. Dave Winer, who last week installed the “free” version of Kazaa and ended up with “Popups all over the place. Tons of virusware installed.” Winer spent an entire day digging out.
Or, e.g., Paul Thurrott, long-time author of the WinInfo web site and numerous books about Windows. Last week, Thurrott was hit by a Trojan horse:
On Sunday night, while preparing for a trip Monday to New York, the notebook I had planned to bring was suddenly struck by the most malicious software (malware) I’ve ever encountered. This Trojan horse got through my defenses despite the fact that I was running the Release Candidate 1 (RC1) version of Windows XP Service Pack 2 (SP2) with the firewall turned on. It was infuriating, and after hours of investigating, deep cleaning with various antivirus and spyware products, and consulting with my technical guru (Storage Update’s Keith Furman, a lifesaver), I finally gave up. As I write this commentary, I’m heading to New York by train, using a different machine, and my infected laptop is home, awaiting a complete wipeout. I never did completely clean up the machine, and I’m still frustrated by the defeat.
Given Thurrott’s consistent record as a bona fide asshat regarding all things Mac, could this rate any higher on the schadenfreude-o-meter? Hours of work to remove a Trojan, all in vain, and resigned to a “complete wipeout”?
There are all sorts of ways that Windows executes software that don’t have equivalents on Mac OS X. Services get installed in the Windows Registry, and the Registry is an opaque labyrinth.
This just isn’t a problem on the Mac. Even if you ended up with piece of crapware installed, there simply aren’t that many places where it could hide. Assuming the crapware needs to launch itself automatically, it’s either going to be installed in one of the various /Library sub-folders, or it has to be listed in your user account’s Startup Items in the Accounts panel of System Preferences.
Zero Tolerance
You could argue that many Mac OS X users have no idea where their Startup Items are listed, or about the contents of the various /Library folders — but plenty of Mac users do. Certainly a Mac user with the same expertise as Winer or Thurrott would know about these locations.
We all benefit from the fact that the Mac community has zero tolerance for vulnerabilities. Not just zero tolerance for security exploits, but zero tolerance for vulnerabilities. In fact, there is zero tolerance in the Mac community for crapware of any kind.
If some “freeware” software for the Mac surreptitiously installed some sort of adware?/?spyware?/?crapware, there’d be reports all over the Mac web within days. Uninstallation instructions would be posted (and thus made available to all via Google), and the developer who shipped the app would be excoriated.
Zero tolerance, on the part of the user community, is the only policy that can work.
It’s similar to the “broken windows” theory of urban decay, which holds that if a single window is left unrepaired in a building, in fairly short order, the remaining windows in the building will be broken. Fixing windows as soon as they are broken sends a message: that vandalism will not be tolerated. But not fixing windows also sends a message: that vandalism is acceptable. Worse, once a problem such as vandalism starts, if left unchecked, it flourishes.
This theory was made famous in a 1982 article by James Q. Wilson and George L. Kelling in The Atlantic Monthly. They wrote:
That link [between maintaining civil order and preventing crime] is similar to the process whereby one broken window becomes many. The citizen who fears the ill-smelling drunk, the rowdy teenager, or the importuning beggar is not merely expressing his distaste for unseemly behavior; he is also giving voice to a bit of folk wisdom that happens to be a correct generalization — namely, that serious street crime flourishes in areas in which disorderly behavior goes unchecked. The unchecked panhandler is, in effect, the first broken window. Muggers and robbers, whether opportunistic or professional, believe they reduce their chances of being caught or even identified if they operate on streets where potential victims are already intimidated by prevailing conditions. If the neighborhood cannot keep a bothersome panhandler from annoying passersby, the thief may reason, it is even less likely to call the police to identify a potential mugger or to interfere if the mugging actually takes place.
It should be obvious where we’re heading with this.
My answer to question posed earlier — why are Windows users besieged with security exploits, while Mac users suffer none? — is that Windows is like a bad neighborhood, strewn with litter, mysterious odors, panhandlers, and untold dozens of petty annoyances. Many Windows users are simply resigned to the fact that their computers contain software that is not under their control. And if they’ll tolerate an annoying application that badgers them with pop-up ads, well, why not a spyware virus that logs every key you type, then sends them back to the creator? (That’s a real virus, by the way, Korgo, which hit Windows at the end of May and is spreading quickly.)
The Mac is like a good neighborhood, where the streets are clean and the crime rate low. You don’t need bars on your windows in a good neighborhood; you don’t need anti-virus software on the Mac.
Windows apologists have long argued that the only reason the Mac has been so strikingly free of security exploits is that it has such a smaller market share than Windows. This argument ignores numerous facts, such as that the Mac’s share of viruses is effectively zero; no matter how you peg the Mac’s overall market share, its share of viruses?/?worms?/?Trojans is significantly disproportionate. Or that the logical conclusion of this argument — that because of Windows’s monopoly market share, malfeasant hackers would logically only write software to attack Windows — would be to extend the argument to all software, malicious or not, and it’s quite easily disproven that “all software” is targeted only for Windows. Or that, despite the Mac’s relatively small market share, a successful virus?/?worm?/?Trojan attack against Mac OS X would likely garner significantly more notoriety and fame; considering the recent publicity given to non-exploited Mac OS X vulnerabilities, it’s reasonable to expect that an outright exploit would result in an avalanche of tech media hysteria.
The reason this argument is so popular with Windows apologists is that it’s a convenient bit of rhetoric. They say it’s so, we say it’s not. You can’t get past this argument, because it can’t be disproven without the Mac OS actually attaining a Windows-like market share.
So, let’s concede the point, just for the sake of argument: OK, fine, if the Mac had the same market share as Windows, the tables would be turned and there’d be just as many Mac security exploits as there are Windows exploits today.
Now what? Given that the Mac is never going to attain a monopoly share of the operating systems market — that merely expanding its share to, say, 10 percent would be universally hailed as an almost-too-good-to-be-true success — isn’t it thus only logical to conclude that the Mac is forever “doomed” to be significantly more secure than Windows?
While we’re conceding for the sake of argument, let’s address that other popular canard of Windows apologia — that on the whole, Windows XP is just as good, if not better, than Mac OS X. OK, fine. XP is as good as OS X; Windows Movie Maker is as good as iMovie; Photoshop Album is better than iPhoto; etc.
But is it fair to judge Mac-v.-Windows under factory-fresh conditions? Wouldn’t an accurate comparison be better made a few months down the road — after a nice sampling of the hundreds of new Windows viruses discovered each week get a chance to find a home on the Windows box? In the hands of a typical user, a six-month-old Mac is almost certainly in similar working condition as when it left the store; a six-month-old Windows PC, on the other hand, is likely to be infested with multiple instances of crapware. And if it’s not, it’s likely because the poor sap who bought it just got done reinstalling from scratch.
You can argue about why this is so, but you don’t need to. You can’t argue with the facts. Anti-virus software vendor Sophos reported yesterday that it found 959 new viruses, last month alone. How many of those do you think were for Mac OS X? Any at all?
Arguing that it’s technically possible that the Mac could suffer just as many security exploits as Windows is like arguing that a good neighborhood could suddenly find itself strewn with garbage and plagued by vandalism and serious crime. Possible, yes, but not likely. The security disparity between the Mac and Windows isn’t so much about technical possibilities as it is about what people will tolerate.
And Mac users don’t tolerate sh!t.
. . . Mac is like a good neighborhood, where the streets are clean and the crime rate low. You don’t need bars on your windows in a good neighborhood. . .
. . . Mac is like a good neighborhood, where the streets are clean and the crime rate low. You don’t need bars on your windows in a good neighborhood. . .
Mac PING LIST . . . interesting take on the security issues between Windows and Macintosh.
If you want to be included in the Macintosh Ping list, or removed from the list, please Freepmail me.
Interestingly, this is also the basis for the Giuliani Doctrine that turned New York City from a hellhole into the safest, cleanest big city in America in only a few years' time. Zero tolerance for "quality-of-life" crimes.
I don't think Microsoft planned for the internet, never considered what would happen with all these "features" on worldwide internetworked computers when they made key decisions on Windows development.
The solution to the spam/worm/virus/hacking disparity between Mac and Windows can simply be solved by getting more people to use Mac. Why bother to write a great virus which will only affect a handful of people when you can reach billions attacking Windows? And I would bet that there are quite a high percentage of the malicious types who believe that Microsoft has it coming anyways so its a political as well as an evil act.
A neighborhood without neighbors....
-----------------------------
So Witty
Friday, 11 Jun 2004
A brief postscript to the recent security-oriented coverage:
I don’t think anyone would dispute that Windows’s overwhelming market share is a significant factor as to why Windows is also the target of an overwhelming majority of security exploits. The question I’m interested in — and wrote about in “Broken Windows” — is whether this also explains why security exploits against Mac OS X are practically non-existent.
The idea — which is widely-enough held that it probably qualifies as conventional wisdom — is that with regard to attracting security exploits, it is inherent that a monopoly platform will attract virtually all of the exploits. E.g., even if Windows has only 90 percent market share, it somehow makes sense that Windows would attract upwards of 99 percent of all security exploits. And that conversely, the Mac’s 4 percent market share should not translate into a 4 percent share of exploits. The conclusion here being that just because Windows has a disproportionate share of security exploits, does not mean that it has disproportionately more vulnerabilities.
I certainly think there’s some truth here. I can believe that even if all platforms were assumed to be equally vulnerable, the 90-percent-share monopoly platform would suffer more than 90 percent of the exploits. But I don’t believe that this explains the extraordinarily disproportionate share of security exploits that Windows suffers.
For one thing, it doesn’t explain why the Mac previously suffered a number of serious viruses. The Mac’s overall market share has never been all that much higher than it is now. (Apple once had 16+% market share, but that was back in the Apple II era; to my knowledge, the Mac has never had double-digit market share.)
For another, it doesn’t explain the fact that some security exploits are aimed at extremely specific targets, including subsets of the Windows population that are much smaller than the overall Mac population. For example, the Witty worm, released in March this year, was specifically targetted only at Windows machines running specific versions of firewall software from Internet Security Systems.
From Bruce Schneier’s Witty analysis in Computerworld:
Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all — worldwide — in 45 minutes. It’s the first worm that quickly corrupted a small population.
(See also: “Reflections on Witty: Analyzing the Attacker” from the MITRE Institute and the International Computer Science Institute.)
My points here being:
> Despite the fact that Mac OS X is relatively secure, Mac OS X users should not grow complacent. Witty devastated a target population vastly smaller than the overall Mac OS X population.> There are factors other than market share that have led to the remarkable paucity of security exploits on Mac OS X. Maybe it’s superior engineering by Apple’s engineers; maybe it’s something along the lines of my “Broken Windows” theory; maybe it’s just dumb luck. My guess is it’s a combination of those three, more or less in that order. But it’s something.
Market Share at Google
Google’s Zeitgeist usually contains a chart listing the percentages of Google users broken down by OS. Their numbers for April 2004 show Windows with 92 percent market share; the Mac, 4 percent:
| % | |
|---|---|
| Windows XP | 49 |
| Windows 98 | 21 |
| Windows 2000 | 18 |
| Windows NT | 3 |
| Windows 95 | 1 |
| (Windows total) | 92 |
| Mac | 4 |
| Linux | 1 |
| Other | 3 |
| (Non-Windows total) | 8 |
But your house can suddenly crumple into rubble, without warning or apparent cause. I've had Macs destroy Zip disks, and I've seen a Mac crash so badly (for no reason) that the only way it was made functional again was by installing a new copy of the operating system. After that, the nice 2-button wheel mouse on that machine behaved like the idiot 1-button mouse that comes with Macs (its drivers wouldn't work any more).
You don’t need bars on your windows in a good neighborhood; you don’t need anti-virus software on the Mac.
Yeah, sure you don't. Where I used to work, EVERY computer had anti-virus software, whether it was Mac or PC. Anyone who surfs the Internet or uses multiple computers is taking a big chance if they don't use an anti-virus. Also, pop-up ads seem to be a problem on any computer, any browser. I don't know what this guy is using, if he's not being inundated with them.
This article seems to me more the opinion of a devout Mac user, rather than a presentation of facts. I've used both PC and Mac extensively, and still prefer PCs. JMHO.
Thanks for the additional information.
Even the Witty worm isn't a fair example as a fault of Windows. Witty worm attacked a third party's software not Windows. That third parties security hole was published making the it known to the attacker(s). It was then promptly exploited.
But your house can suddenly crumple into rubble, without warning or apparent cause. I've had Macs destroy Zip disks, and I've seen a Mac crash so badly (for no reason) that the only way it was made functional again was by installing a new copy of the operating system. After that, the nice 2-button wheel mouse on that machine behaved like the idiot 1-button mouse that comes with Macs (its drivers wouldn't work any more).
What you are describing is Mac OS 9 and lower. OS X has no need of installing seperate drivers for multibutton mouses, they are true plug and play. A "clean install" of the pre OS X operating system would provide exactly that: an installation of the Operating System exactly as released from Apple... sans any third party additions. Your experience is outdated.
Yeah, sure you don't. Where I used to work, EVERY computer had anti-virus software, whether it was Mac or PC. Anyone who surfs the Internet or uses multiple computers is taking a big chance if they don't use an anti-virus. Also, pop-up ads seem to be a problem on any computer, any browser. I don't know what this guy is using, if he's not being inundated with them.
Since there are currently NO OSX viruses, there is no need for an anti-virus software on an OS X system. While Symantec DOES sell a Mac Anti-virus package, it only detects and removes viruses that might be passed through in email to vulnerable Windows computers. Mac users who have it installed do so only as a courtesy to their Windows using friends.
Re: Pop-up Ads.
They are NOT a problem on Macintosh computers. I have not had a pop-up advertisement appear on my Mac since I installed OS X and began using Apple's provided browser, Safari. None, nada, zilch.
If I WANT to see them, I can uncheck the "Block Pop-up Windows" option in Safari and be just as inundated as Window's users. (Or I can use MIcrosoft Internet Explorer for Mac and be plagued with them as it doesn't offer the ability to turn them off!)
Might I suggest you try Mozzila, a Windows based browser that offers the same option? Also, Macintoshes are not as vulnerable to malware adware programs that can be installed on Windows computers without the knowledge of their users. If, however, a Mac user can be hoodwinked into downloading and running a ad-ware type program, we could be seeing similar problems. BUT getting rid of it is much simpler and straight forward and requires no "Spy/Adware" removal software to be certain all of it is removed.
I've used both PC and Mac extensively, and still prefer PCs. JMHO.,p> From your statements, I would say your "extensive" Mac experience was with the older Mac operating system. Give OS X a try.
%
Windows XP 49
Windows 98 21
Windows 2000 18
Windows NT 3
Windows 95 1
(Windows total) 92
LOL. Windows ME is down to 0%.
To a certain extent what you say is true... but when the Witty Worm got through the third party firewall it installed an self executing program on the Windows PC, assaulted the user's address book, and then sent copies of itself onward to infect other computers using the same firewall... each infected computer became a node of re-transmission of Witty and as a result hit EVERY ONE OF THE VULNERABLE COMPUTERS IN THE WORLD IN UNDER 45 MINUTES!
Without the flaws in Windows that allowed the exploit to utilize the computer AFTER penetration of the firewall, this could not have happened. Without those flaws, the WITTY exploit could only have been used for an active hacking into the vulnerable PC and done searches for known data in known locations or piecemeal destruction.... the automated process (which was actually pretty simple) would not have occurred.
Do you suppose it is because they finally self-destructed or the users tossed the computers out the window?
Actually, there are several web browsers that block pop-ups - including Apple's "Safari" browser.
This can only be by design. M$ must have all these wholes because they allow plausible deniability when other competing applications (such as those to their Office suite) are "sabotaged". !5 years from now, people will look back on this and say what a said waste of time it was. MicroSoft Windows is now where the Model T was in 1925. Enormously popular, and around for a long time afterwards, but the business model is becoming obsolete. Just my opinion.
ping
So sorry.
Relegated to a backwater of fanatics and graphics designers, who would bother to write viruses for it?
Windows does what I need it to. An operating sytstem that gets work done. Macs--and their software--were designed to impress interior decorators. The Queer Eye for the Computing Guy.
'Nuff said.
--Boris
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.