Sign in with
Sign up | Sign in

PC vs. Mac in Security: Experts Share Opinions

By - Source: Tom's Hardware US | B 89 comments

The eternal debate in the hands of experts, most of whom share the same opinion.

Those notorious "I'm a Mac" TV commercials from Apple always paint the picture that Macs are nearly impervious to malware – but that's not the truth. For the most part, it all comes down to the user base that malicious hackers choose to target.

Regardless, the subject of which platform is more secure – the PC with Windows or the Mac with OS X – is constantly debated by rabid fanboys from both sides.

CNet's Elinor Mills decided to get the experts' opinions on the subject by polling no less than 32 security gurus on his or her take on PC vs. Mac security. Here are a handful of what the experts had to say:

Paul Kocher, president and chief scientist at Cryptography Research: "The fair answer is that with the latest versions of each operating system there isn't a compelling security reason to pick one or the other. It used to be that Apple was doing a better job, but with Windows 7 Microsoft has caught up. There are some differences; Windows has a better security ecosystem. On the other hand, Apple tends to have more expensive hardware and has a smaller market share, so it attracts fewer malware writers. Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit."

Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.

"This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."

Rich Mogull, CEO at Securosis: "It depends on which version of Windows we're talking about. Clearly there are major differences between Windows XP and Windows 7. Second is, are we talking about safety versus security? Microsoft has done more in terms of its inherent security features than Apple has in the operating system. All of that said, Microsoft gets attacked a lot more than Apple does. Right now your odds of being infected as a Mac user by malicious software are quite a bit lower than a Windows user, unless you do stupid things, such as download free versions of commercial software. And some of the pornography sites on the Internet, the dark corners of the Internet have stuff that will hurt a Mac.

"But I want to give Microsoft credit because the more advanced features they put into their operating system are superior to what Apple has done. It's really a balance because there's little motivation for Apple to do more at this time. The Mac OS has got some holes in there that Microsoft has closed down. But since it's attacked less there is less motivation for Apple to close the gap."

Tyler Reguly, senior security research engineer at nCircle: "If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down. If you compare Windows 7 to Snow Leopard, then the simple winner is Windows 7. Microsoft brought in teams of security professionals to look at their code and find problems leading to a more secure product while Apple is often criticized for ignoring issues.

"The idea of the consumer being protected due to lack of market share is fairly obtuse, as more people buy into the product and market share grows, targeted attacks will grow as well. You also have to consider that Microsoft has a patch program in place that provides patches and updates on a more regular basis than Apple, this is something that the consumer should care about, as should they care about the plethora of PC security products that exist.

"The big risk is client side attacks and most of that could be prevented by using adequate software on the desktop, along with common sense while surfing. Until consumers can learn to do this on a regular basis it won't matter if they are running a Mac or a PC...they'll be at risk."

Joe Stewart, director of malware research at SecureWorks: "The answer is 'for the average user, at this moment in time it is less risky to use Mac OS than Windows.' The paradox is, by promoting that idea we've just made Macs a little less safe, since we are potentially increasing Apple's market share by a tiny fraction, making it more of a viable target over time. Fundamentally Mac and Windows suffer from the same weakness--human programmers make mistakes and users are easily social-engineered. Whichever platform has the most users is ultimately the riskiest to use."

Graham Cluley, senior technology consultant at Sophos: "They're both mature operating systems from the security point of view, and as good as each other. But, crucially, it's not about the operating system that is being run on the computer, it's the fleshy human sitting in front of it...I would argue that an Apple Mac user wanting to watch the 'Erin Andrews Peephole Video' is just as likely to download a bogus browser plug-in to help them do that, as a Windows user. And it doesn't matter that Mac OS X will ask them to enter their username and password to install the plug-in--they want to watch the video, they will enter their username and password. Social engineering is the unifying threat that puts all computer users at risk, regardless of operating system. And that's what most threats exploit.

"So, the next question is--when people ask me what kind of computer should they buy for home, which one do I recommend? Well, I recommend Apple Macs to my friends. Compared to Windows (where we see 50,000 new malware samples every day) malware for Mac is still a novelty. Mac malware is becoming more common, is in-the-wild, and is financially motivated...You can still get hit--but there are a lot less arrows being thrown at Mac users...I do tell my friends that they should run antivirus on their Macs, just like I do on the Macs my wife and I use at home."

Dino Dai Zovi, independent researcher: "Neither. Consumers should see if Apple's iPad or the forthcoming devices based on Google's Chrome OS suit their needs because both are significantly more secure than any general-purpose desktop system, Linux, Mac, or PC."

Read the full article here, which includes a response from Microsoft.

Discuss
Display all 89 comments.
This thread is closed for comments
Top Comments
  • 48 Hide
    burnley14 , February 1, 2010 10:28 PM
    I really wish some hackers would go after Macs just so we could get rid of the stupid "I'm impervious to viruses and malware" slogans. I have nothing against Apple, I just hate false advertising.
  • 34 Hide
    amabhy , February 1, 2010 10:26 PM
    BTW macs suck.
  • 31 Hide
    twu , February 1, 2010 11:14 PM
    bustaprMac will always be safer because they dont have a big market for hackers to fk up. HAckers however abuse furiously of windows. I bought my laptop 1 month ago and it has already picked up 2 worms and 135 spywares, ending in a win7 reinstallation.


    Please post your cookie file, we would like to know which p**n site you visited to get these 135 spywares. :) 
Other Comments
  • 28 Hide
    dwave , February 1, 2010 10:19 PM
    Maybe it boils down to the fact that there are more Window$ systems out there than Apple so the hacker and virus makers are going to target who?

    Window$!

    Yes, the one guy is right, sometimes it depends on who is sitting between the monitor and the chair.
  • 13 Hide
    amabhy , February 1, 2010 10:26 PM
    Just as there is no such thing as perfection, there is no such thing as perfect security.

    There is always some way to hack something.

    The only reason Windows is considered "less" secure is because more people use it. Thus, "less" secure has nothing to do with the operating system itself.
  • 34 Hide
    amabhy , February 1, 2010 10:26 PM
    BTW macs suck.
  • 48 Hide
    burnley14 , February 1, 2010 10:28 PM
    I really wish some hackers would go after Macs just so we could get rid of the stupid "I'm impervious to viruses and malware" slogans. I have nothing against Apple, I just hate false advertising.
  • 13 Hide
    christop , February 1, 2010 10:37 PM
    90 percent of the world uses windows the rest might use mac so there is the reason windows is attacked more...
  • 11 Hide
    matt87_50 , February 1, 2010 10:47 PM
    yeah, what we have been saying for years, fact of the matter remains tho, despite the principle of the thing, you are safer on a Mac.

    in the same way that you are safer in a safe city even with all your doors and windows unlocked than you are in a problem city with all the security in the world...

    HOWEVER, it's a bit rich to use this as a SELLING TOOL, the irony being the more you sell with the "Macs are more safe" line, the less true that line becomes...
  • 7 Hide
    Bluescreendeath , February 1, 2010 10:49 PM
    So only reason why macs are safer from viruses is because it's less popular so coders don't want to write viruses for it... lawl

  • -2 Hide
    AMW1011 , February 1, 2010 10:50 PM
    Mac market share is ever increasing, and at a faster rate than Windows. Mac will never hold much of the market, but as the market share, interest, and publicity of Macs increase so will the malware written for it. The difference? OS X isn't prepared as well as Windows for it.

    It wont be long until something serious happens to OS X and people realize that the false advertising is in fact false. That said, it wont be long after that Apple will catch up to that and so nothing will likely change except for the people's opinion on the matter.
  • 21 Hide
    bystander , February 1, 2010 11:03 PM
    AMW1011Mac market share is ever increasing, and at a faster rate than Windows.

    I found this kind of humorous. How is Windows going to pick up more market share when they have over 90% of the market share now. Apple is at about 5%. It's going to be difficult for both to have increasing market share.
  • 25 Hide
    sceen311 , February 1, 2010 11:06 PM
    Analogy:
    Owning a Pc is like living in a big city, more crime but more police
    Owning a Mac is like living in a little city, you can leave your doors unlock but that just makes you more vulnerable should something happen.
  • 31 Hide
    twu , February 1, 2010 11:14 PM
    bustaprMac will always be safer because they dont have a big market for hackers to fk up. HAckers however abuse furiously of windows. I bought my laptop 1 month ago and it has already picked up 2 worms and 135 spywares, ending in a win7 reinstallation.


    Please post your cookie file, we would like to know which p**n site you visited to get these 135 spywares. :) 
  • 9 Hide
    jsc , February 1, 2010 11:15 PM
    There's really nothing new here. What the security experts said is what a lot of us have been saying for years.
  • 3 Hide
    AsAnAtheist , February 1, 2010 11:15 PM
    Also has to do with the fact that in black market exploits, I forgot the name of the well known exploit selling website. Basically you post your exploit, and people offer you $ or buy the exploit.
    Typically Window's OS exploits can easily net you $15,000-$30,000 or more depending on what the exploit does precisely. For example a up to date unpatched Java exploit, or Flash could easily net you a very healthy sum of cash on your pocket a majority of websites use one or the other.

    OSX exploits I believe were going from a few hundred to couple thousand if you got anyone to bite.
  • 8 Hide
    Shadow703793 , February 1, 2010 11:19 PM
    Quote:
    But, crucially, it's not about the operating system that is being run on the computer, it's the fleshy human sitting in front of it..

    Well said! +9000
  • 18 Hide
    Shadow703793 , February 1, 2010 11:20 PM
    burnley14I really wish some hackers would go after Macs just so we could get rid of the stupid "I'm impervious to viruses and malware" slogans. I have nothing against Apple, I just hate false advertising.

    +1. IIRC Apple was the first to fall in the PWN2OWN contest a few years ago.
  • 7 Hide
    opmopadop , February 1, 2010 11:49 PM
    Dino Dai Zovi, the independent researcher, is lame. So is his answer.
  • 17 Hide
    AsAnAtheist , February 2, 2010 12:12 AM
    ninerblitz

    System admin for 15 years and you haven't realized the only hardware Apple makes might be the stickers they put on the computers? Please read up on OEM's for Apple. Even the enclosures (unibody/Mac Pro) are made by OEMs. To actually manufacture a computer down from screws all the way up to the motherboard would easily be a multi billion dollar investment, with very annoyed stock holders. Sure they design the enclosures but that's about it as far as hardware is concerned.
    Windows does not run better on a Mac. First off Apple does not make their own Windows drivers. Most companies who are OEM for Apple make most of the drivers possible on both Mac/Windows because guess what? It's the same hardware -gasp- I know shocking huh? Mac's are plagued by Bootcamp instability, and sometimes issues with compatibility with certain hardware which does not run well with Bootcamps OS loader.
    Last time I checked don't Mac's need updates out of the box?
    Wireless networks are secure if you put a WPA2 password. Only way to get around this is to have remote access to a computer which means you were compromised by malware or spyware and or rootkits/malware combinations.
    The facts are hackers will not spend as much time on a OSX exploit as much as they will on a windows simply because the market for exploits are much higher on a Windows OS vs a OSX exploit. See my post above to see what I am talking about.
Display more comments