PC vs. Mac in Security: Experts Share Opinions
The eternal debate in the hands of experts, most of whom share the same opinion.
Those notorious "I'm a Mac" TV commercials from Apple always paint the picture that Macs are nearly impervious to malware – but that's not the truth. For the most part, it all comes down to the user base that malicious hackers choose to target.
Regardless, the subject of which platform is more secure – the PC with Windows or the Mac with OS X – is constantly debated by rabid fanboys from both sides.
CNet's Elinor Mills decided to get the experts' opinions on the subject by polling no less than 32 security gurus on his or her take on PC vs. Mac security. Here are a handful of what the experts had to say:
Paul Kocher, president and chief scientist at Cryptography Research: "The fair answer is that with the latest versions of each operating system there isn't a compelling security reason to pick one or the other. It used to be that Apple was doing a better job, but with Windows 7 Microsoft has caught up. There are some differences; Windows has a better security ecosystem. On the other hand, Apple tends to have more expensive hardware and has a smaller market share, so it attracts fewer malware writers. Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit."
Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.
"This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."
Rich Mogull, CEO at Securosis: "It depends on which version of Windows we're talking about. Clearly there are major differences between Windows XP and Windows 7. Second is, are we talking about safety versus security? Microsoft has done more in terms of its inherent security features than Apple has in the operating system. All of that said, Microsoft gets attacked a lot more than Apple does. Right now your odds of being infected as a Mac user by malicious software are quite a bit lower than a Windows user, unless you do stupid things, such as download free versions of commercial software. And some of the pornography sites on the Internet, the dark corners of the Internet have stuff that will hurt a Mac.
"But I want to give Microsoft credit because the more advanced features they put into their operating system are superior to what Apple has done. It's really a balance because there's little motivation for Apple to do more at this time. The Mac OS has got some holes in there that Microsoft has closed down. But since it's attacked less there is less motivation for Apple to close the gap."
Tyler Reguly, senior security research engineer at nCircle: "If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down. If you compare Windows 7 to Snow Leopard, then the simple winner is Windows 7. Microsoft brought in teams of security professionals to look at their code and find problems leading to a more secure product while Apple is often criticized for ignoring issues.
"The idea of the consumer being protected due to lack of market share is fairly obtuse, as more people buy into the product and market share grows, targeted attacks will grow as well. You also have to consider that Microsoft has a patch program in place that provides patches and updates on a more regular basis than Apple, this is something that the consumer should care about, as should they care about the plethora of PC security products that exist.
"The big risk is client side attacks and most of that could be prevented by using adequate software on the desktop, along with common sense while surfing. Until consumers can learn to do this on a regular basis it won't matter if they are running a Mac or a PC...they'll be at risk."
Joe Stewart, director of malware research at SecureWorks: "The answer is 'for the average user, at this moment in time it is less risky to use Mac OS than Windows.' The paradox is, by promoting that idea we've just made Macs a little less safe, since we are potentially increasing Apple's market share by a tiny fraction, making it more of a viable target over time. Fundamentally Mac and Windows suffer from the same weakness--human programmers make mistakes and users are easily social-engineered. Whichever platform has the most users is ultimately the riskiest to use."
Graham Cluley, senior technology consultant at Sophos: "They're both mature operating systems from the security point of view, and as good as each other. But, crucially, it's not about the operating system that is being run on the computer, it's the fleshy human sitting in front of it...I would argue that an Apple Mac user wanting to watch the 'Erin Andrews Peephole Video' is just as likely to download a bogus browser plug-in to help them do that, as a Windows user. And it doesn't matter that Mac OS X will ask them to enter their username and password to install the plug-in--they want to watch the video, they will enter their username and password. Social engineering is the unifying threat that puts all computer users at risk, regardless of operating system. And that's what most threats exploit.
"So, the next question is--when people ask me what kind of computer should they buy for home, which one do I recommend? Well, I recommend Apple Macs to my friends. Compared to Windows (where we see 50,000 new malware samples every day) malware for Mac is still a novelty. Mac malware is becoming more common, is in-the-wild, and is financially motivated...You can still get hit--but there are a lot less arrows being thrown at Mac users...I do tell my friends that they should run antivirus on their Macs, just like I do on the Macs my wife and I use at home."
Dino Dai Zovi, independent researcher: "Neither. Consumers should see if Apple's iPad or the forthcoming devices based on Google's Chrome OS suit their needs because both are significantly more secure than any general-purpose desktop system, Linux, Mac, or PC."
Read the full article here, which includes a response from Microsoft.
Please post your cookie file, we would like to know which p**n site you visited to get these 135 spywares.
Window$!
Yes, the one guy is right, sometimes it depends on who is sitting between the monitor and the chair.
There is always some way to hack something.
The only reason Windows is considered "less" secure is because more people use it. Thus, "less" secure has nothing to do with the operating system itself.
in the same way that you are safer in a safe city even with all your doors and windows unlocked than you are in a problem city with all the security in the world...
HOWEVER, it's a bit rich to use this as a SELLING TOOL, the irony being the more you sell with the "Macs are more safe" line, the less true that line becomes...
It wont be long until something serious happens to OS X and people realize that the false advertising is in fact false. That said, it wont be long after that Apple will catch up to that and so nothing will likely change except for the people's opinion on the matter.
I found this kind of humorous. How is Windows going to pick up more market share when they have over 90% of the market share now. Apple is at about 5%. It's going to be difficult for both to have increasing market share.
Owning a Pc is like living in a big city, more crime but more police
Owning a Mac is like living in a little city, you can leave your doors unlock but that just makes you more vulnerable should something happen.
Please post your cookie file, we would like to know which p**n site you visited to get these 135 spywares.
Typically Window's OS exploits can easily net you $15,000-$30,000 or more depending on what the exploit does precisely. For example a up to date unpatched Java exploit, or Flash could easily net you a very healthy sum of cash on your pocket a majority of websites use one or the other.
OSX exploits I believe were going from a few hundred to couple thousand if you got anyone to bite.
Well said! +9000
+1. IIRC Apple was the first to fall in the PWN2OWN contest a few years ago.
The PC market is controlled by Microsoft software. Thus Windows will run on anything. In fact Windows runs better on Intel Macs, as Apple has done an excellent job with windows drivers. However, until windows rewrite Windows from the ground up (they are carrying at least 10 years of legacy code), thereby getting rid of the Active desktop, the registry and .dll files, Windows will continue to have the same problems.
So it is unwise compare McDonald's (Windows PCs) to Dave and Buster's (Mac). The business models are different.
I love computers in general and I have built my own PCs and Hackintoshes. The Mac OS runs better, faster and more stable than Windows XP and Vista. The jury is still out on Windows 7, but I have already experienced several blue screens of death. The fact that viruses are or aren't being targeted towards Apple isn't relevant. The fact is I don't get viruses on my Macs, Linux or Ubuntu machines. These are the facts, so unless these security experts are taking notarized statements form hackers whom claim they don't target Macs because of market share, it's just an opinion not backed up with facts.
Besides the problems with Flash and MS Office, macs are pretty stable.
PCs can be stable as well, if you learn the truth about them (and Microsoft).
The fact is PCs don't come out of the box stable and secured, users have to take additional steps and if they're smart spend additional money on security. Plus you still have to be careful on wireless networks and websites (which is why it is recommended to avoid IE).
I'm no expert. I believe you in using what works best for you. Whether it's a PC or a Mac. You don't need an expert to make your decision. Use the internet and research for yourself. If you an Apple store close to you, pay the a visit. If you have a Microcenter close to you it is a great place to visit for PC stuff.
System admin for 15 years and you haven't realized the only hardware Apple makes might be the stickers they put on the computers? Please read up on OEM's for Apple. Even the enclosures (unibody/Mac Pro) are made by OEMs. To actually manufacture a computer down from screws all the way up to the motherboard would easily be a multi billion dollar investment, with very annoyed stock holders. Sure they design the enclosures but that's about it as far as hardware is concerned.
Windows does not run better on a Mac. First off Apple does not make their own Windows drivers. Most companies who are OEM for Apple make most of the drivers possible on both Mac/Windows because guess what? It's the same hardware -gasp- I know shocking huh? Mac's are plagued by Bootcamp instability, and sometimes issues with compatibility with certain hardware which does not run well with Bootcamps OS loader.
Last time I checked don't Mac's need updates out of the box?
Wireless networks are secure if you put a WPA2 password. Only way to get around this is to have remote access to a computer which means you were compromised by malware or spyware and or rootkits/malware combinations.
The facts are hackers will not spend as much time on a OSX exploit as much as they will on a windows simply because the market for exploits are much higher on a Windows OS vs a OSX exploit. See my post above to see what I am talking about.