Apple MacBook Review: Part 2

Security

Macs are NOT hack-proof. They are not inherently more secure than Windows PCs. In real-world use, however, OS X is more secure. Why is that so?

Myth #1: The average Mac OS user may be more tech savvy than the average Windows user and less likely to succumb to social engineering.

This may actually be true. Before you fire off that email to complain, keep in mind that the Tom’s Hardware audience isn’t the average Windows user. You’re at the upper echelon of the group that builds PCs, keeps up with the latest technology trends, and does its own research before making a tech purchase. I’m not saying that Mac users are smarter than Windows users. Just the averages. If you think about the ubiquity of computers in North America, Europe, and Asia, then the average Windows user should in fact be close to the 50 percentile for the global population. If you think you’re better than 50 percentile, then you, too, are better than the average.

If you look at the market, it makes sense. US Census data has long shown the association between level of education and household income. Since Macs are inherently more expensive, it would follow that the average income of a Mac owner should be higher than the average income of a Windows owner, and along those lines, the average education of a Mac owner should be higher than that of a Windows user. That bears out in large surveys. About 70% of Mac users have a college education whereas only 54% of Windows users have a college education according to a 2002 Nielsen study.

Ultimately, it’s not the “average” that matters--it’s the least tech savvy in any group that ruins it for the rest of us.  Take spam for example.  Recent work from UC Berkeley and UCSD determined that out of 350 million pharmaceutical spam messages sent via the Storm botnet, 10,522 users visited the site and 28 people tried to actually make a purchase. It’s those users that make spam profitable and make it a problem for the rest of us.

At another level, there is some truth to this claim because Mac owners have to be consciously making a switch to the Mac. Either they’re technically savvy users who are comfortable dealing with cross-platform issues or they're technical neophytes who are still smart enough to know that they don’t know anything and therefore choose the Mac as their one method of trying to stay safe. It’s the Windows users who don’t know even know that they’re vulnerable who drive the statistics up.

This myth is true if you consider the statistics; the myth is unimportant.

Myth #2: Mac OS X have a superior design

In theory, Vista should be the better-designed operating system. Microsoft actively invests in extensive security capabilities and the Address Space Layout Randomization in Windows Vista and recent security analyses comparing number of risks and “days at risk” show that Windows Vista users actually fare better than Mac OS X users.

The problem is that these analyses are limited to “security holes we know about” and get patched. Suppose two operating systems have 1000 holes in them. If one manufacturer patches 400 of them, and the other only patches 40, which is the more secure system?

The answer is neither. It only takes one hole to compromise the entire system.

Myth #3: Macs are targeted less frequently.

Malware is profit-driven. Since there are fewer Macs on the market, the hypothesis is that commercial malware operators will not target the Mac until they reach a critical threshold market share. At some point, Macs will reach critical mass and it will be as big of a target at Windows.

An analysis performed by the Director of Emerging Technologies at Cloudmark and published in the IEEE Security and Privacy has an interesting hypothesis. Using game theory, he predicts that Macs will become an economically-feasible target once the platform breaks 16% market share. Even with the success of the Mac, we don’t see Apple reaching that level for a few years (if that). Then, once the Mac reaches that level of market share, the assumption has to be that developing malware for that Mac costs the same as developing malware for the PC, and this may not be the case.

In 2008, there were 1.5 million different pieces of malware targeting Windows machines. There are less than 200 pieces of malware targeting the Mac.

Myth #4: Pwn2Own

This one comes from the comments section of our State of the Personal Computer piece from late last year.

The story about the Pwn2Own contest is that a hacking contest was held to see if Windows Vista, Ubuntu, or Mac OS X was more secure. Hack the machine, and you win the computer. The MacBook Air fell 2 minutes after the start of the contest. Windows Vista fell the next day. Ubuntu remained unhacked for the entire 3 day competition. Therefore, Macs are the least secure, followed by Windows Vista, followed by Ubuntu Linux.

That’s how the story goes.

The details are where things get interesting. It’s easy to imagine Pwn2Own as this free-for-all death match with hundreds of hackers going at it for glory and fame. In fact, Pwn2Own was a contest with very rigid rules. You had to wait in line to attack a target. Only one team had an opportunity to hack a machine at any time. Each opportunity was 30 minutes, and if you are unsuccessful, you have to go back to the end of the line and wait your turn. You can only wait in one line at a time, and you can only win the contest once. First come, first serve.

Only four teams participated.

Day 1: Win the notebook if you can do a true remote execution attack. No attempt was made.

Day 2: Web browsers and mail application will now be allowed. The organizers of the competition will visit a Web site or receive an email. The winner of the MacBook Air knew that he had a previously undescribed flaw in Safari that would win the competition. He was the first in line that day. Hacked in 2 minutes.

The two minute story makes for a great story and lots of publicity for both the conference and the security researcher, but no one really talks about the time spent BEFORE the contest to discover the exploit.

Day 3: Common plug-ins are now installed. The Vista notebook is hacked via an Adobe Flash exploit.

The two-man team that took down Vista did so with their personal MacBook Pro notebooks. Although the Vista notebook wasn’t the first to go that morning, the Flash exploit that affected Windows Vista also affected the Ubuntu Linux machine that had Adobe Flash installed. The contestants just weren’t interested in trying to win the Ubuntu machine. No one signed up to try to hack the Ubuntu Linux notebook according to the organizers.

So, when you read an article talking about Pwn2own, the fact still remains that OS X has not been the target of active remote execution exploits or browser holes in real-life. Current OS X malware exists only in the form of Trojans in which the user is willingly installing software and willingly entering the administrator password.

Create a new thread in the US Reviews comments forum about this subject
This thread is closed for comments
145 comments
Comment from the forums
    Your comment
    Top Comments
  • pereira5375
    While I was wrighting the follwing on the Part 1 of this article Part 2 was posted. After reading part 2 I think what I wrote holds true. Here it is:

    I believe this is an advertisement. Whether the author knows that or not is debatable, but certainly the big whigs at Tom's HARDWARE know it.

    Apple seems to have a very good stealth advertising campaign. To expand their market they have developed a very good stealth campaign. They advertise on Rush and Fox both, but stealthily. They have to. Their very tolerant hippie base wouldn't tolerate otherwise.

    BTW this is Tom's HARDWARE. I build my own PC. If I want to read fan boy praises of Apple there are a million other sites I can go to and read that. Why am I reading it here? When I can build my own McIntosh I'll appreciate fan boy articles like this.
  • pereira5375
    Again I feel a need to point out I am a hardware enthusiast because I build my own computer. This is Tom's HARDWARE. There are three feature articles on the homepage. Usually there is a new one about each week day. Currently there are two Apple feature articles up there. Add one more and this site will officially be useless to me.
  • Inneandar
    more or less the same sentiment here. The first article, although also heavily debated, at least tried to focus on the hardware and was informative to some extent. But this... I dont see any need to throw up endless fanboy discussions, and other than that, I fail to see anything this article will achieve. Frankly, who is interested in why os X is better because the hacked version runs the CPU slower - common.
    I extremely liked the part on 'MAC users are smarter' though. I one fell swoop you boost your ego, try to insult me, and put the amount of trustworthy information in this article on the same level as a london tabloid.
  • Other Comments
  • pereira5375
    While I was wrighting the follwing on the Part 1 of this article Part 2 was posted. After reading part 2 I think what I wrote holds true. Here it is:

    I believe this is an advertisement. Whether the author knows that or not is debatable, but certainly the big whigs at Tom's HARDWARE know it.

    Apple seems to have a very good stealth advertising campaign. To expand their market they have developed a very good stealth campaign. They advertise on Rush and Fox both, but stealthily. They have to. Their very tolerant hippie base wouldn't tolerate otherwise.

    BTW this is Tom's HARDWARE. I build my own PC. If I want to read fan boy praises of Apple there are a million other sites I can go to and read that. Why am I reading it here? When I can build my own McIntosh I'll appreciate fan boy articles like this.
  • pereira5375
    Whoops: writing.
  • pereira5375
    Again I feel a need to point out I am a hardware enthusiast because I build my own computer. This is Tom's HARDWARE. There are three feature articles on the homepage. Usually there is a new one about each week day. Currently there are two Apple feature articles up there. Add one more and this site will officially be useless to me.
  • Inneandar
    more or less the same sentiment here. The first article, although also heavily debated, at least tried to focus on the hardware and was informative to some extent. But this... I dont see any need to throw up endless fanboy discussions, and other than that, I fail to see anything this article will achieve. Frankly, who is interested in why os X is better because the hacked version runs the CPU slower - common.
    I extremely liked the part on 'MAC users are smarter' though. I one fell swoop you boost your ego, try to insult me, and put the amount of trustworthy information in this article on the same level as a london tabloid.
  • BertrumPantyshield
    Myth 2 on page 2 seems completely stupid. Yes it only takes one hole for a system to be compromised, however, there are still 960 possible holes on one and 600 on the other. This reduces the chance of a hole being found, and thus, exploited. For example: a system has 1,000,000 holes the other has 1. Both are equally secure? Its far easier to find 1 hole in million, than the only hole in the system.
  • bachok83
    @pereira5375
    OMG, you are right. I havent realized about this fact until i read your comment. Mac OS X accounts for less than 10% of users and yet 90% of the news these days are about Apple.

    I admit Apple has created so much technical advancements over the years, but they cant even display things right:
    http://www.scavey.com/index.php/should-i-migrate-to-mac-os-knowing-renderers/

    hmm.. so, let's all read about Windows 7 then.. i read it's working :)
  • ravenware
    Quote:
    About 70% of Mac users have a college education whereas only 54% of Windows users have a college education according to a 2002 Nielsen study.


    A college education is only as useful as the person who obtains it.
    I work with several college educated people who don't appear to have enough intelligence or knowledge to be considered high school educated.

    Security wise, the computers operating system is only as secure as the person who uses it.

    My home machine had been uninfected for nearly 3 years, no crashes nothing. As soon as my sister starts using my machine on myspace BAM! Reformat city. :)

    Anyway, I would like to see a video review of the Mac OSX done by THG.
    There is just not enough information in this article or the one from Tuan Nguyen about the OS.

    If not I will have to hack one on to my machine, if it is even possible with an AMD CPU. I am not going to shell out an ass load of money for something that I may not even want.

    Hey apple there is an idea! You want more users to switch to your OS? Release some sort of PC capable demo OS for users to try.
  • bachok83
    ravenwareHey apple there is an idea! You want more users to switch to your OS? Release some sort of PC capable demo OS for users to try.


    I dont think Apple cares as much as how many people are using their OS. Otherwise they wouldnt even care creating BootCamp software to run windows on Mac machines.

    The only major concern from Apple is how many people buying their hardware. Apple has been a hardware company and always has been. Little that they know that they could be a great software company.... wait...

    Nahh, they dont care about that either since they are moving pass that to a service oriented company. Does iTunes, MobileMe, Apps Store ring any bells, anyone?
  • ravenware
    bachok83I dont think Apple cares as much as how many people are using their OS. Otherwise they wouldnt even care creating BootCamp software to run windows on Mac machines. The only major concern from Apple is how many people buying their hardware. Apple has been a hardware company and always has been. Little that they know that they could be a great software company.... wait...Nahh, they dont care about that either since they are moving pass that to a service oriented company. Does iTunes, MobileMe, Apps Store ring any bells, anyone?


    Hence the usage of the word "demo". Why would someone buy an apple computer if they didn't like their operating system?

    Release a demo on the PC to convince users to by their machine.
  • justjc
    @Author Alan Dang:
    It's all good and well that you like you new toy, the Macbook, I had a simular feel when I got my ASUS notebook. Not that it was faster than my desktop, it just felt better because it was the new one. For me that feeling lasted more than two months, so perhaps it's the same thing that makes you say you'll by Apple again.

    That aside you mention the reason for switching to the Mac is that you'll be able to run Adobe Creative Suite and Microsoft Office on it. Yet here at the software part, of your article, you fail to mention how that part of the switch went.
    It's no secret that there have been compatibility issues between PC and Mac versions of the same programs in the past, have you had any?
    How does it feel to work with the usual programs in their new enviroment?
    Do you still instinctively right click to get the right click menu, or do you use Ctrl + left key?
    A couple of benchmarks on those programs wouldn't be bad either.

    Thanks for the articles, hope to see one on the needed programs as well ;)
  • decoppel
    Oh my, like I totally need a mac now, because some guy on the interwebs once again used some pretty sketchy baselines, man oh man I can't believe what I have been missing, so much...

    So...TH is becoming a joke, can I write an article?
  • bachok83
    woo... flames everywhere...

    Mac's lover love confession gone wrong in TH. Wrong crowd i guess? :)
  • decoppel
    P.S to whoever is giving a negative review to all the posts calling out this chubstain, QQ?
  • bachok83
    @decoppel,
    I never gave bad reviews about the article. I just gave my opinions about:
    1. i admit Mac OS has some cool features
    2. i hate the way they render their graphics, fonts, videos

    And, gave my opinions about Apple not caring how many people use their OS, they just care if u buy their hardware. Which is the reasons that they want to tie Mac OS X to Mac machines.

    Just in case some ppl love Mac OS X, they definitely have to buy a Mac. But Apple is saying, "hey windows guys, buy our machines too, we can run Windows too.. we want to be your friend too.. pretty please..." :)
  • decoppel
    bachok I wasn't talking to you, I was talking to the guy running up and down putting negative reviews to peoples posts.
  • justkevin7
    I think its funny you talk about the percentage of college educated people who use Macs vs. PC's. In my 14 years of doing technical support, by far the most idiotic and users are at Ph.D level. Absolute complete morons.
  • eodeo
    Interesting article. Still, I find it very to believe that Mac OS is faster than... anything on the same hardware system.

    Maybe iTunes and other iApps are written better for the MacOS, but for us, Windows users, these are malware programs that you install willingly. They use 500% memory of regular applications, boot with the OS, and run even when turned off.

    I could be wrong, but I always imagined Mac as lair for "legal" malware- software fighting each other for memory access and computer crippling itself to crawl before user even touched the mouse.

    Maybe on Apple Mac, these same iApps use 80% regular memory need of the program in its class, and shuts down when not used, and doesnt start with the OS, but I really cant tell. Ifthat is the case on Mac, maybe Apple should try harder to do the same for us poor Windows users. If iCrapp suddenly started to be better than competition, I even might be inclined to try Hackingtosh, and maybe even get a regular Mac after that.

    Not to mention that if iJobs got his ihead out of his irear, he might notice that OpenGL is horridly slow and also hacked for major pro visualizations apps to run better on “professional” cards like Quadro and FireGL. DirectX has been clean from such artificial intrusions from the start, and is now faster than OpenGL, even when the latter isn’t hacked by SpecCheatTests and other poor OpenGL-only programs... And lets not talk about games.. I don’t want to feel like a complete dick here.
  • mystvearn
    Hmm, I think I know where bachok83 is coming from (really I know where he is from:P). Well demographically, macs are expansive in bachok83's country. People will get the most out of their money, and as the review mentioned earlier, macs are for those who have more cash to spend-well educated.

    I have a friend who keeps renewing her 2002 mac notebook (the entry level mac notebook, not the pro one. Forgive me, I am mac clueless which are the models) warranty yearly. That is the reality of mac users from the country, most mac adopters cannnot afford to change a computer every 3-5 years. What happens to those people who have macs is that they say its more secure and stable, but I am a lot like the reviewer of the article, I think if I had that spare cash lying around I would buy a mac, but then I don't, so buy a powerfull WinXP notebook, use it for ~7 years, or until Windows 7 comes out, then buy that. Then wait two more Win OS generations to come out and buy that.
  • biometricsguy
    I used to be such a big fan of this site, it was the premiere place to get top notch, unbiased reviews of hardware that could help me make informed decisions when purchasing.

    Long gone are the glory days of Tom's hardware. All we get now are worthless, long winded rants on why the "authors" (if you can really call them that) loves "x".

    There was a time when I would have thought comments like pereira's first one here were purely cynical. Now, I think there may be some truth to it.

    Is it possible that tom's is selling out to sleazy advertising campaigns? It certainly wouldn't be unheard of for companies with questionable ethics such as Apple to attempt such things.

    I think that this really is becoming a "shape up or ship out" situation. Tom's certainly isn't the only hardware site out there...
  • Anonymous
    I am sorry but this article does NOT belong on this website.... a very poorly written article to say the least. OS X and Apple products are for people who are too dumb to use a PC. And for people who don't mind overpaying for their lesser quality hardware, forget how Apple always censors anything negative about any of their products in the forum. There was even an article about this on tomshardware about their communist style censorship. I've dumped thousands of dollars on apple hardware, and regretted it.