Security between OS makers, the truth please

T

tybert7

2[H]4U
Joined
Aug 23, 2007
Messages
2,763
I am not an ultra technical person, I know more than enough to solve most basic issues and understand some more advanced things, but I do NOT have any kind of in depth understanding of the insides of an OS or malware capability.


So I come to you, who will no doubt contain someone who knows about exactly this.


When the claim that OSX is inherently safer than say windows 7 (lets compare newest with newest), is that true?


Is there something fundamentally more secure about how the mac OS is put together? And if so why?

If that is not completely true, why not?

I have heard ghosts of responses over time regarded the legacy software burden windows carries, and that the user base of windows is just so much larger that it is simply a more enticing target for malicious software makers. Which seems reasonable and true.

The legacy concerns go to the core construction of the OS for windows, the larger user base and simply being attacked more says less about the weaker security of an OS and more about the number of attempts to infiltrate it.



If OSX and windows market share were reversed, would the incidence of malware be reversed as well?


I just want some truthful and full throated answers, not talking points from companies who have everything to gain.


I can accept some greater issues with windows security if the "greater burden" of legacy software is one of the main reasons, same with simply being a bigger target (that is not the OSs fault for being more popular). But more basic security flaws seem less likely to be tolerable. But then why would any company not deal with the low hanging fruit? Or have they already and the remaining is far harder to deal with?
 
tybert7 said:
When the claim that OSX is inherently safer than say windows 7 (lets compare newest with newest), is that true?
Click to expand...
'Security' and 'safety' are a little different. If you live in the middle of the desert whilst keeping your doors unlocked and windows open at all times, you're fairly safe, but not secure. If you live in suburbia, lock your doors and windows and are running some sort of security system, you're secure and, theoretically speaking, safe.

OS X is like living in the desert. Windows Vista+ is like living in a secured home in the suburbs. You're more prone to attacks on the latter, but you're able to better resist them.

Technologically speaking, Windows 7 is more secure than OS X 10.6. There are more fine-grained security features because Windows needs more fine-grained security features to thwart potential attacks and infection. OS X doesn't really need them, per se, but it could still stand to benefit from them.

tybert7 said:
Is there something fundamentally more secure about how the mac OS is put together?
Click to expand...
No. As far as I'm aware, OS X doesn't have any security-oriented features that Windows 7 does not.

tybert7 said:
If OSX and windows market share were reversed, would the incidence of malware be reversed as well?
Click to expand...
Most likely, yes. Apple would have to lock down OS X with security features similar to Windows if that were the case.

Still, OS X being UNIX at its core, using OS X in a safe and secure way isn't difficult. Run under a user account and pay attention to access authorization prompts (just as you should pay attention to UAC prompts). Enable the built-in firewall. Use safe browsing habits. Use safe downloading habits. That's all you need.
 
one of the main reasons there aren't as many viruses out there for the Mac OS, is due to the small percentage of market share.

what are viruses usually made for? ok, well malware/adware is made as a way of generating revenue. Of course some of it is just to piss you off.

since only what, 2% of the market share belongs to Apple? Since not all computers will get infected, that is a very very tiny piece. Even if they only got a 10% infection rate of all PCs, that would be more infections than the whole Apple market share (I'm sure my numbers are off, but it gets the point across).

If Mac and Windows had an equal percentage of market share, the number of vulnerabilities found, and amount of virus/malware/etc, would be pretty close to equal, also.
 
OSX is proabably MORE vunerable than MS due to having less market share (no one writes and no one patches) and Apple is typically slow to respond to security issues. MS used to be slow but thankfully reality taught them a hard learned lesson- and it will be the same if apple ever gets real market share.
 
YeuEmMaiMai said:
OSX is proabably MORE vunerable than MS due to having less market share (no one writes and no one patches) and Apple is typically slow to respond to security issues. MS used to be slow but thankfully reality taught them a hard learned lesson- and it will be the same if apple ever gets real market share.
Click to expand...

I'd say the single biggest thing that makes OSX vulnerable is Apple themselves. Their marketing, and the rhetoric dealt out by their fans, suggests that the OS is inherently secure and that you can't get viruses or other baddies on it. Patently untrue, and as a result most OSX installations are pretty vulnerable. Apple's marketing is really misleading in this respect; yes there are less issues in the wild, but on the whole, their OS is less secure than most others.

At the end of the day though it does come down to the user. Most malware today, even on Windows XP, requires some sort of user intervention to get there. It doesn't just appear out of thin air on your computer (major Windows vulnerabilities not withstanding...). That issue is never going to go away since users have a legitimate need to install software. They need to be trained to know when they should grant that permission and when they shouldn't.
 
People may love to bicker over the minute details of each OS's security policy, but in truth they are all very secure and modern operating systems. If you look at just the core OS technology, I would argue that OSX (BSD Unix) is more secure than Windows (Windows NT) due to native features like proper multiuser support and proper file permissions. However, microsoft has added many nice security extensions to the architecture over the years (due to pressure from malware) and the end result is that vista and higher are also very secure.

Remember, at the past several years' Pwn2OWn, none of the 3 OS's (vista, osx, ubuntu) were ever compromised directly. It always took a third party program (adobe being a typical culprit) to crack the systems. I think that says a lot. I think that any of the modern OS's are secure enough that we really have more to fear from third party applications than we do from the OS itself.
 
That's something few people remember in these debates. Most of the security incidents involve a third-party app, like Flash.

I'll add another point into the mix. If a security hole is found in Windows, it is patched rather quickly, and released...Patch Tuesdays, anyone? When one is discovered in OSX, there's usually a period of denial, followed by silence, and then a few months later, a patch is issued quietly. Microsoft rewrds people for finding and reporting holes. Apple rewards them with legal action and threats.
 
If you look at just the core OS technology, I would argue that OSX (BSD Unix) is more secure than Windows (Windows NT) due to native features like proper multiuser support and proper file permissions.
Click to expand...
Err....what? NT, from its very first inception (3.1), had more fine-grained file permissions than UNIX and had support for true multiuser. This was quite apparent in NT 3.1, NT4, and NT5 (2000). XP was a bit of a holdover from the "other" Windows kernel (1.0->ME) in that it was based on the NT kernel but aimed at consumers, and since it was a consumer OS it didn't have most of the true multiuser functions enabled. Vista introduced UAC to allow Consumers to work in a true multi-user environment.
 
Eva_Unit_0 said:
Remember, at the past several years' Pwn2OWn, none of the 3 OS's (vista, osx, ubuntu) were ever compromised directly. It always took a third party program (adobe being a typical culprit) to crack the systems. I think that says a lot. I think that any of the modern OS's are secure enough that we really have more to fear from third party applications than we do from the OS itself.
Click to expand...

In addition to what Arainach's comments on permissions and multi-user, you also are mistaken here, Safari was compromised at one of the pwn2owns (the one before the last one I believe) and IE8 was compromised at the last one, but the compromised IE8 was a beta version that allowed .NET in the internet zone, in the RTW/RTM version .NET was disabled in the internet zone, thereby eliminating the exploit totally.

As far as the OP's questions, Unix (mac os x) and NT are very much a like in many ways, they both allow you to open files, write to files, read data and so on, that's all a piece of malware needs in order to operate really, so claims that Mac OS X or unix are immune to malware are laughable. In addition, the first internet worm was a unix worm, the morris worm back in the 1980s infected several versions of unix and nearly shut the internet down. Since Windows has taken over the internet, in market share numbers, nearly all malware writers have switched to Windows. Recent versions of Windows on the whole, are at least as secure as Mac OS X and Linux and probably more secure than all but the most hardened linux distros and Windows may beat those as well, I haven't looked into it too deeply. Also Vista/7 run secure by default, unlike some other supposively secure OSes where you have to enable the optional security.

To see the effect of the security added to Vista, check out this chart:
http://news.softpedia.com/newsImage/Vista-SP1-Infection-Rate-60-6-Less-than-that-of-XP-SP3-3.jpg/

Unpatched Vista machines have half the infection rate of a patched XP.
Unpatched Vista machines are hardly more infested than patched Vista machines, showing that the OS is highly resilient against 0-day attacks unlike XP, whose unpatched versions have much higher infection rates.

You can read more on the changes to Vista to make Windows more secure here:
http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista
 
The weakest link in any os is between the keyboard and the chair. Surf for p0rn, warez, torrent anything that looks like either, etc is the best way to screw up a working PC.
 
You must log in or register to reply here.
Back
Top