Mac OS X Security

Anonymous wrote the following in response to a completely unrelated Mac post…

http://www.theregister.co.uk/2007/11/20/leopard_reintroduces_security_vuln/

As I am new to Macs and stumbled across your site while Googling about, I wonder if you can clarify the above link. It is my understanding that Macs are immune to all viruses. That’s what is stated in the advertising and by my friends who are Mac users. Are they all liars? If so, I will remain using my PC and try Linux instead.

Assuming that this is in fact an honest question and not just a troll…

No, they are not liars. There is no such thing as a 100% secure platform. However, to equate the occasional vulnerability in Mac OS X (which generally gets taken care of pretty quickly) with the horrid track record of Windows (over 400,000 known viruses) is like comparing a dripping faucet with a torrential downpour.

Unix-based operating systems (such as Mac OS X) and Unix-like OS’es such as Linux are orders of magnitude less susceptible to malware, spyware and viruses due to the way they’re written. Windows was designed with security as an afterthought, and as such it has massive holes (RPC, ActiveX, VBScript, etc) that are comparatively easy to exploit. And despite the massive changes Microsoft has made in each successive release, much of that legacy code is still present, because to remove it would cause such massive amounts of incompatibility that people may as well switch platforms. It would remove one of Microsoft’s big hooks: “If you switch you’ll have to buy all new software.” Of course, they broke a load of stuff in Vista anyway, and it *still* sucks.

Some people generally attribute the deluge of Windows security hacks purely to the fact that it has a larger user base. While this *is* true that Windows has a much much larger piece of the pie, and that almost certainly has a bearing on the issue specifically as it relates to paid hackers who create botnets and the like, it doesn’t change that the basic designs of the operating systems have a lot to do with it.

It is just a lot harder to find ways to hack a Mac. Even though it’s not as financially rewarding to do so (botnets, etc), there are so many vocal and somewhat smarmy advocates of the Mac for precisely this reason (and yes, I include myself in that category) that you just *know* some hackers out there would love to stick it to them. And yet there still hasn’t been an actual viable Mac OS X virus released in the wild. It will probably happen at some point, but to insist that it’s simply due to lack of effort is stupid. Based on the relative market share, you’d expect that if Mac OS X is no more secure than Windows, there should be somewhere in the neighborhood of 10,000-40,000 known virus and exploits (being conservative). And there aren’t.

So, Mr. Anonymous, to answer your question: Macs are immune to Windows viruses. Unless you’re running Windows on your Intel-based Mac. 🙂 And there are currently no known Mac OS X viruses out there. There’s the occasional exploit that pops up, and those are patched by Apple pretty faithfully when they come up. Occasionally something might get reopened as code is changed (even the best code is only as perfect as the flawed human being who writes it, no matter how good they are), but Apple generally does a pretty good job in this area.

You could do a lot worse than migrating from Windows to just about *anything* else (FreeBSD, Linux, Mac OS X, Solaris, etc) but Mac OS X is really the only usable ‘Desktop’ operating system for normal human beings who want to actually get work done rather than futz around recompiling their kernal just because they can.

The bottom line is that no system is infallible. Not even the Mac. 🙂

However, Windows is the most porous, hackable, fragile desktop operating system you could use.