Friday, May 20, 2011

Macs suck too

If you're a Windows user who has ever been infected by malware, and you've posted about it on facebook, twitter, or a blog, some Apple fan-boi has likely told you "That wouldn't have happened if you used a Mac!" There is some truth to that, but the implication that Macs are inherently safer or more secure than Windows machines is simply false.

Please don't take any of this as a rant against Apple in general or Macs specifically, or believe that I think Windows is far safer than Mac OS X. I don't own a Mac, but I love my several-year-old iPod as well as my son's iPod Touch (way more than my wife's Walkman). I've used Macs a number of times in the past few years and damn, they're slick. Apple has by far the best visual design team in the world – things generally just work the way you expect them to and in some cases, even better.

I'm primarily a Windows developer, and I've written tons of software for Windows over the last twenty years. I am slightly less experienced when it comes to Macs, but I have plenty of experience on other unixes, and modern Macs aren't that different. I have done some Mac work in recent years, and in my previous job I worked on NeXTStep, which was essentially the predecessor to Mac OS X. If you're comparing the unix systems of the 90's with Windows 95 or 98, then yes, you can certainly say that the Windows operating system itself is less secure, because security just wasn't a consideration when those systems were created. Unix was built from the beginning to be a multi-user operating system, and so there had to be separation between different users on the same machine, and between normal uses and super users. But Windows was designed to be a single-user OS, so the assumption was that you were doing everything, and since this is your machine, you should have access to everything. Multiple users, administrative privileges, and even things like file permissions were added later and for a while, there were lots of things that just didn't support these features very well. But over the years, more and more software was changed to use the new security features, and Microsoft gradually deprecated and then completely disabled the old insecure methods of doing things. I know we at Sybase had to make changes to our software to deal with security-related changes when new versions of Windows were released.

Right now, when it comes to spyware, viruses, worms, or things like that, I can't really argue the fact that if you are using a Mac, you are less likely to get infected than if you are using a Windows machine. But the reasons for that have nothing to do with how safe the operating system is. There are two primary reasons:

  1. Macs are simply less popular than Windows. This doesn't mean that they're inferior, but if you look at market share, Windows machines make up almost 90% of all the machines out there. If you're going to write a virus that will take over a machine for use in your botnet or have it scan a machine and send you somebody's credit card information, why would you write your virus specifically for a computer that only 5% of all computers are running? You'd write it so that it could infect as many people as possible, and that means Windows. I know of no viruses (virii?) that affect the BeOS operating system, but is that because it's completely secure? No, it's because nobody uses it.
  2. Mac users are generally more computer-savvy than Windows users. We all have a brother or cousin or mom or Aunt Helen who knows nothing about computers but has one just for email and browsing facebook (and installing fifty browser toolbars). How many of those people own Macs?

Every year at the CanSecWest computer security show in Vancouver, they have a contest called "Pwn2Own" where contestants try to find and exploit security vulnerabilities in various pieces of software (usually browsers) on various platforms. The winner wins the hardware they broke (hence "Own" in the name) as well as cash. The contest began in 2007, and the only platform broken that year was the Mac, though it looks like it was a Mac-only thing at the time. Every year since, it's definitely been a multi-platform contest, and every year (2008, 2009, 2010, 2011) the Mac is one of the first platforms cracked. In 2011, it took five seconds. It shouldn't be surprising that Apple software developers are just as likely to write buggy software as the rest of us.

As the platform becomes more and more popular, people are indeed beginning to write viruses for the Mac. This one ironically poses as anti-malware software in order to get people to install it, just as many Windows malware programs do. This might be a good time to remind people that a web page cannot detect viruses on your computer. If you see a banner on a web site saying that your computer is infected (or your computer isn't running as fast as it could) and you should click here to install something that will fix it, they are lying.

I find it ironic that Mac people keep advising their friends to get Macs in order to be safer. If people keep doing this, two things will happen: Apple's market share will increase, and more and more non-techies will be using Macs. This will make Macs a bigger target, and more malware will end up being written for Macs. The act of telling people to use Macs for safety is actually making them less safe. So if you're an Apple person who's constantly telling all your friends that they should be using a Mac, it's really in your own best interest to shut the hell up.

2 comments:

Anonymous said...

I have a few issues with your blog. You state that Mac users are more computer savy than Windows users. What? Macs are sold as the "easy" computers that "just work." As such, a large portion of the Mac population is, or started as, computer newbies. Your analogy about the aunt is more related to someone who wanted a computer for simple use and a misguided friend or relative recommended a Windows machine to save them money. You don't know anyone like that with a Mac becasue Macs are so easy to use that the aunt never has those problems. Regarding popularity, Macs are more popular now than ever. However, they are still far safer than Windows. I've gone to some very questionalbe sites (that would normally kill a Windows maching) and my Mac was fine. Of course the only way to be 100% safe, regardless of platform, is to browse the net with a virtual machine running an OS that's cloud based (like Google Chromium). As someone who uses both Windows and Mac computers, and authored a book on the two (which I won't shamlessly plug here) I can tell you that Macs are far more secure than Windows machines. Why? Well there are currently no known viruses that can infect OSX. Also Malware is kept nearly completely out thanks to Macs archetecture and the built in XProtect. Don't get me wrong, their not 100% safe and there are some very smart trojans being written to break into Macs, but they are 1000 times more secure than any Windows machine. That being said, I'm not a total fanboy the Mac Kernal panics are just as frustrating as the Windows blue screen of death. In fact, the only truly elequant PC ever created was the Amiga by Jay Minor (a true genius - God rest his soul).

Graeme said...

Thanks for your comment. First off, my comment that people who use Macs are more computer-savvy than those who use Windows is based on my own experience. The only people I know that use Macs are either (a) computer-savvy, (b) graphic artists, or (c) both. Everyone I know who isn't computer-literate but has a computer (whether or not they have problems with it) uses Windows. Maybe that's not an accurate representation of the general public, but that's what I based it on.

Secondly, your statement that Macs "are still far safer than Windows" shows that you've missed the entire point of my article. Macs are not inherently safer than Windows, in that the architecture doesn't prevent viruses or other malware any more than the Windows architecture does. As I said in the article, the Mac has been the first platform hacked at Pwn2Own for each of the last four years. Macs do seem safer because there are fewer Mac-specific viruses, and that's because far fewer people use them than use Windows.

You stated that no known viruses can infect OSX, which is untrue - there's a link to a story about one in my article. And again, the reason that there are fewer viruses is because it's not as big of a target, not because it's inherently safer. But it is growing as a target, and as it does you will see more and more Mac-specific viruses.

"they are 1000 times more secure than any Windows machine" - this is meaningless hyperbole, and doesn't explain the Pwn2Own results.