Both Peter Vreugdenhil of the Netherlands and a German who called himself Nils succeeded in exploiting a fully updated 64-bit version of Windows 7 by disabling DEP and ASLR, two of the most important security measures in the operating system, during the annual hacking contest in Vancouver, British Columbia

Vreugdenhil, a freelance vulnerability researcher, who used Internet Explorer 8, only needed a couple of minutes to gain control over the computer. Approximately half-hour later, Nils, a computer science student who last year nabbed Pwn2Own’s $15,000 cash prize by exploiting Firefox, Safari and IE8, circumvented the same defensive mechanisms to exploit Mozilla’s Firefox 3.6.

Both hackers were awarded with the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this summer.

TippingPoint, one of the sponsors of the contest, bought the rights to the attack codes and vulnerabilities used by Vreugdenhil and Nils. The information will be handed over to Microsoft and Mozilla.

However, the survey found Mac users are just as likely as PC users to be victims of cyber crime. Mac users also tend to lose more money in cyber crime than PC users, though the research did not suggest an adequate explanation for this trend.

A central reason for this parity between platforms is that the majority of cyber crime victims are now subjected to social engineering attacks, rather than more traditional viruses.

Elinor Mills, a writer with Cnet News, recently wrote an article in which she asked 32 cybersecurity experts which platform was the most secure. The majority of experts agree each of the platforms contain vulnerabilities, and neither is fundamentally more secure than the other.

Nevertheless, most experts also pointed to the threat landscape as a function of their vulnerabilities. More users throughout the world use PCs and as a result, criminals spend more energy and time attempting to exploit PCs.

Chris Wysopal, CTO with Veracode, said:

“I think the Mac is less risky, not more secure. The difference is in the threat environment. An analogy would be an unlocked house in an urban vs. rural environment. Both are insecure. One, the rural, is less risky.”

However, with some of the more recent software being developed by Microsoft, such as Windows 7, several security experts question the premise that Mac is better.

Tyler Reguly, a senior security research engineer with nCircle, said:

“If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down.”

The Mac platform is also generally built with more exploitable vulnerabilities already on a system when it is delivered.

“If you look at the number of published vulnerabilities in software and the number of users and compare Windows versus Mac OS you will discover that Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself,” said Eric Johanson, a security researcher.

A regular feature to most responses was also the person sitting behind the computer. The computer system is only as secure as its user.

Paul Kocher, president and chief scientist with Cryptography Research, said:

“The fair answer is that with the latest versions of each operating system there isn’t a compelling security reason to pick one or the other… Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit.”

As long as you practice good cyber hygiene, then either platform will be equally effective and safe. But if you open every attachment people send you and never run anti-virus programs, you are likely to be a victim of cyber attack, no matter what platform you use.