If you spend any time working with computer support, you are going to hear zealots on either side of this issue championing their chosen operating system (OS) as the best/more secure/easiest to use, etc. Let me start by saying that I am a Windows guy. I've always used and supported it. I've had brief brushes with Macs, but not enough to consider myself an expert. While I don't know the intricate details of the MacOS, I do know the history. At any rate, both sides tend to lose sight of the history that shaped today's world. Regarding security, it helps to remember how each OS began life.
Apple chose to make Macs a closed or proprietary system meaning they produced the hardware and software exclusively while Microsoft chose to write a generic OS that would run on the new IBM PC hardware specification no matter who built it. This single initial choice by both companies dramatically defined their market share. Because Apple produced everything, they immediately limited how many computers could run their OS. Microsoft depended on the widespread adoption of the PC platform and inking licensing deals with the hardware producers thereby providing a huge potential market. It's the traditional quality versus quantity question.
Thus Apple's penetration of the personal computing market was minuscule compared to Microsoft from the start. Now, if you are going to market a new product to the computing masses with your primary goal being profit, most people would choose the market segment that has the potential to maximize returns. Hackers think the same way. Whether it is for shear pleasure, learning experience or outright criminal activity, they picked the segment that would have the most impact. In this case, that was the Windows OS (actually DOS first, then Windows).
So hackers have spent the majority of their time writing to hack Windows due to its huge market share. Once they began writing for it and sharing code with one another, it became a snow ball that grew and grew. More code is released, more hackers enter the market. New exploits are added to existing code to increase effectiveness. And all this time the installed base of Windows computers continued to grow at a phenomenal pace. As a result, vendors popped up offering security software for Windows and a secondary market was created. Security software was bundled with the OS by hardware manufacturers, but were usually trials which expired. Too many people didn't realize they needed to purchase anything after the trial expired if they even remembered it was a trial at all. With the advent of wide scale Internet access, Microsoft knew it had to address security issues in Windows and began slowly adding the pieces needed, but by that time, the problem was huge.
Contrast that to the small footprint of Macs until the last few years. Even now, it is a small fraction of the computers out there. It has simply been too small a percentage to worry with. That is changing. If the percentage of Macs continue to grow in the market, the numbers will reach critical mass and hackers will begin to attack. Once the assault begins, it will happen so fast Apple may not be able to respond any better than Microsoft. Hopefully they can use recent history as a guide and be proactive to prevent the horrors stories Windows users have experienced. There is already an indication Apple is heading in this direction. But it would be unfair to think Apple is smarter since they have the advantage of watching Microsoft's mistakes. If Apple doesn't get ahead of the curve on security, then they've only themselves to blame.
Many people say, "MacOS is more secure because it was built on Unix.". Well, Microsoft hired some of the people who wrote Unix to write Windows NT which is the basis for modern Windows versions. So Windows is probably as much like Unix as MacOS is built on it. Every OS has security holes because it was written by humans. Windows' problems have been exposed early and often due to the number of computers that run it. The MacOS has many security problems as well, and if it's market share continues to grow, we will begin hearing about them too. They already regularly release patches to address security issues.
So if you own a Mac, what do you do? You can 1) hope that you were about the last person on earth to buy one (not likely) or 2) monitor your system and start shopping for security applications. In the Windows world, they are a number of free security applications to protect you. Since Mac users pay substantially more for a comparable hardware system, you'd better hope programmers do the same for MacOS.
1 comment:
Good write-up, Tim.
I agree that Windows' huge market share has made them the big target for malware-writers for the last decade and a half.
However, in the history of Windows, it starting out as a single-user non-networked OS has had huge security ramifications, I think. (Whereas UNIX started as multi-user, networked, built with that in mind.) Windows 95 was a security nightmare because it had all this legacy code that was designed without the thought of it one day being exposed to a hostile network where attackers would probe and exploit its vulnerabilities.
Windows NT was designed differently, of course, and has had a better track record as a result. Still, it has some of those same underpinnings that caused the "home" branch of Windows (3.11, 95, 98, ME) to be so unstable and insecure, and we've felt that with Windows XP and even in Vista (although Vista's security measures have helped dramatically to address those problems). The biggest problem historically has been user accounts by default having administrative rights. Vista and 7's UAC is helping to enforce developers' compliance with the principle of least privilege (http://en.wikipedia.org/wiki/Principle_of_least_privilege), but that was one of the biggest reasons Windows was so vulnerable to malware for so long. I think once XP dies off and the Windows world is mainly comprised of Vista and 7, malware will not be as big of a problem. People will still manage to infect themselves in some cases, but it shouldn't be the epidemic problem it has been under pre-Vista Windows.
And while MS had some UNIX programmers help design NT, I disagree that it is as similar to UNIX as Mac OS X is. Mac OS X's kernel is a modified BSD (Mach) kernel. Mac OS X is fully POSIX-certified (http://en.wikipedia.org/wiki/POSIX), meaning it literally is a UNIX. But prior to Mac OS X, Mac OS had as little in common with UNIX as Windows. Pre-OS X, Mac OS was a completely different OS (and OS X's ability to run OS 9 apps is done via emulation).
I believe OS X's design as a multi-user networked OS from the beginning will help it weather malware problems if malware's development for Mac OS X ever picks up. Also, how it runs with user accounts being standard accounts (not root or admin) will help big-time.
The same goes for linux.
Post a Comment