The Inquirer-Home

Apple's Mac OS X is less secure than Windows

Analysis Exploding the marketing myth
Wed Feb 03 2010, 11:08

IF YOU BELIEVE Apple's marketing then you would think that the expensive fruity machines are more secure than PCs.

After all, most of the viruses out there are designed for the PC and Apple users hardly suffer from the problem. But this line of reasoning does not influence corporate IT managers who, were it true, would be trying to stave off hackers by installing shedloads of Apple gear.

However that's not the case. Most tell us that even if Apple gear was half the price it's just security by obscurity. A determined hacker who wanted to get into corporate systems would be though it like a knife through butter.

Tyler Reguly, a senior security research engineer with Ncircle told the newnewinternet that if you take a look at the two platforms, and the mindsets of the companies behind them, then the Windows PC wins hands down. He said that the Mac ships with more exploitable vulnerabilities already on a system when it is delivered. Further, Eric Johanson, a security researcher pointed out that the Mac OS X has far more published vulnerabilities per user than Windows.

However Apple is also actually more insecure because of the attitude of its customers. A computer's security, if it exists, is only as good as the user. Unfortunately in the case of the Mac the user is a smug, technologically illiterate person who believes they are invulnerable because they use a Mac. Such people randomly press buttons, visit sites that sensible people don't and download things carelessly because Apple's marketing tells them they are safe.

A recent Eset survey last year showed that when Apple users fell for phishing crime they tended to lose a lot more cash than a Windows PC user. The cynic in me thinks that if you spend a third more than you need to for your PC and think that the Ipad is a pretty neat idea then you are exactly the sort of mark that a phishing campaign is designed to reach.

The Eset survey said that the only safer Mac user was one who used both a Windows PC and an Apple Mac because they tended to be a bit more clever than your average fanboy.

Another reason why Apple PCs are so insecure is that it is incredibly slow at responding to news that flaws exist in its software. Microsoft has long ago realised that sitting on vulnerabilities without patching them is dead stupid. Most patches from Microsoft arrive comparatively quickly.

The cappuccino company's mindset, however, while reinforcing the myth of indestructibility of OS X, means that Apple users will be exposed much longer than Microsoft. A hacker can go to the web and find a list of vulnerabilities which are months old and be secure in the knowledge that they are less likely to be patched.

Unfortunately for Apple this philosophy is fast coming unstuck following the success of the Iphone. The gizmo is popular enough to become a target of hackers and malware distributors. It also can be used to store data worth stealing.

Alas for most Apple users, Jobs Mob is more keen on working out ways to stop people jailbreaking its Iphone than it is on protecting them from malware on the gear. However the Iphone is a toy computer and has all the vulnerabilities of a computer.

So what will it take for Apple to pull its socks up? One enterprising malware writer to pen an interesting bit of code that installs itself on a Mac, sniffs address books for friends with other Macs and works out the way to distribute itself to them too. It is not a huge technology challenge and when it is designed then Macs will fall over all over the world.

Only when this happens will Apple reach the same epiphany that Microsoft did over security and follow the Vole into more secure computing. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Apple announces the iPhone 6, iPhone 6 Plus and Apple Watch

Which of Apple's new products will you be buying?