My Computer is More Secure than Yours, or Not- the PC vs. Mac Security Debate
With cyber exploits filling the news recently and more and more organizations experiencing cyber attacks, we are often left with the question of which computer platform provides better security? A survey conducted by ESET and released in November found the majority of computer users believe Macs are more secure than PCs.
However, the survey found Mac users are just as likely as PC users to be victims of cyber crime. Mac users also tend to lose more money in cyber crime than PC users, though the research did not suggest an adequate explanation for this trend.
A central reason for this parity between platforms is that the majority of cyber crime victims are now subjected to social engineering attacks, rather than more traditional viruses.
Elinor Mills, a writer with Cnet News, recently wrote an article in which she asked 32 cybersecurity experts which platform was the most secure. The majority of experts agree each of the platforms contain vulnerabilities, and neither is fundamentally more secure than the other.
Nevertheless, most experts also pointed to the threat landscape as a function of their vulnerabilities. More users throughout the world use PCs and as a result, criminals spend more energy and time attempting to exploit PCs.
Chris Wysopal, CTO with Veracode, said:
“I think the Mac is less risky, not more secure. The difference is in the threat environment. An analogy would be an unlocked house in an urban vs. rural environment. Both are insecure. One, the rural, is less risky.”
However, with some of the more recent software being developed by Microsoft, such as Windows 7, several security experts question the premise that Mac is better.
Tyler Reguly, a senior security research engineer with nCircle, said:
“If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down.”
The Mac platform is also generally built with more exploitable vulnerabilities already on a system when it is delivered.
“If you look at the number of published vulnerabilities in software and the number of users and compare Windows versus Mac OS you will discover that Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself,” said Eric Johanson, a security researcher.
A regular feature to most responses was also the person sitting behind the computer. The computer system is only as secure as its user.
Paul Kocher, president and chief scientist with Cryptography Research, said:
“The fair answer is that with the latest versions of each operating system there isn’t a compelling security reason to pick one or the other… Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit.”
As long as you practice good cyber hygiene, then either platform will be equally effective and safe. But if you open every attachment people send you and never run anti-virus programs, you are likely to be a victim of cyber attack, no matter what platform you use.
Great article. A nice unbiased review of the two major operating systems. I think Apple in some ways had a really good thing going, using the Unix based platform. All the changes that have been made there after have really opened up the door to cyber vandals. Look at how many programs open automatically by default with the Safari web browser! Also Apple hasn’t had to deal with the security issues that Microsoft has. Both platforms use mainly the same runtime enviroments, java, flash, adobe etc. I think as Apple gains in popularity, they will have a lot of work ahead of them to keep up in the race against malware / virii infection. Microsoft, well thats a daily job.
I agree, for a long time the percentage of Mac users especially in the United States was significantly smaller than PC users, perhaps giving less motivation to vandals. However, hacking is a business and seeing that currently there are over 75 million OS X users, its not going to be very long until the number of cyber attacks aimed at these users jumps drastically. The mac using public should understand that their platform is just as vulnerable as a PC.
Pingback: Mac OS X è meno sicuro di Windows, molti ricercatori concordano - Geekissimo
Pingback: Apple’s Mac OS X is less secure than Windows « NoticFresh Weblog
“Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself.” Yes, and what “the data says” is this: “published vulnerabilities per user” is an inconceivably stupid metric for security.
Does “3ric” really propose that simply adding more Mac users would make the OS more secure, or that reducing the number of Windows users would make that plaform less secure?
Perhaps the most interesting concept I found in researching this piece is that, like much of the general public, I have always viewed Macs as the more secure platform. However, I think the comments from the various experts points to a much less ‘cut and dried’ picture (namely that neither is more secure). Most importantly of course, the human behind the computer is ultimately the driving factor in security (on both sides). Individuals seeking to do harm via the Internet (hackers) commonly exploit ‘mistakes’ by users, such as not updating software, etc.
Carole Fennelly, of Tenable Network Security, had perhaps the best response, saying “the most secure system is the one that you know how to secure.”
As an aside Jeff, regarding 3ric’s comment, the metrics in that case are based as a percentage not in terms of total vulnerabilities published based on total number of users. Despite that, I do agree that published vulnerabilities doesn’t necessarily mean better security. I think that is a central problem in cyber security presently, finding adequate metrics to measure the effectiveness of security.
“As an aside Jeff, regarding 3ric’s comment, the metrics in that case are based as a percentage not in terms of total vulnerabilities published based on total number of users.”
I don’t understand what you’re trying to say here. 3ric said we should “look at the number of published vulnerabilities in software and the number of users”. In other words, if Mac OS had a million users and a thousand vulnerabilities, and Windows had a hundred million users and ten thousand vulnerabilities, he’s suggesting that would make Windows ten times as secure.
If he didn’t mean something this incredibly silly, I wish he (or you) could explain what he DID mean.
Pingback: wirefresh » Apple’s Mac OS X: “less secure than Windows”
I recently came across the following interview with Charlie Miller, winner of the Pwn2Own contest. He weighs in a bit on the mac v. pc security debate in the interview.
http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/
I am always looking for stuff about topics that I don’t know of. It is not an easy task to search things that you do not know about, because what do you look for?
Your blog is the type of thing I love to read about on something new to me. Awsome read! Thanks.
Thank you! That was very helpful, I just saved your site.