Thread: OS Security: Windows vs. OS X

An interesting article

Charlie Miller to reveal 20 zero day security holes in Mac OS X -- Engadget

Charlie Miller, who seem to know a thing or two about security, says

Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.

The Inquirer is more
blunt

the attack surface of OS X is so wide you can land a 747 on it, sideways.

Whether this line of thought is true we might know shortly

http://arstechnica.com/apple/news/20...n2own-2010.ars



In this case the iPhone takes the role of Windows as the most popular (and by extension - targeted) device in its market...

Diogen.

yet no malware in the wild for OSX has ever shown up.

Originally Posted by lparsons21

yet no malware in the wild for OSX has ever shown up.

Hardly true. But since it is rarer you don't hear about it as much.

I spoke too soon, there has been a couple of minor things. Available only from the porn sites, and I believe one pirate site. Both required the user to put on the "I'm really stupid" hat to install.

And I believe that there is at least one malware scanning/removal software that isn't just looking for Windows malware to remove.

I've been running OSX since it first came on the market and have yet to get a single piece of malware and my experience follows that of my friends that also have Macs. At the moment, buying anti-malware software is just throwing money into someone else's pocket with little return for the buyer, except possibly peace of mind. This is usually done by those coming over from Windows.

When/if it becomes an issue for OSX, then I'll do something about it. At the moment, it is all 'proof of concept' with no actual in the wild infections. Well, other than those that love to pirate software and look at porn...

Originally Posted by lparsons21

At the moment, it is all 'proof of concept' with no actual in the wild infections...

Very true.

The question is: is this due to genetics or something else?

The quoted article claims what many were saying for years and Apple faithful denying:
an OS' security is inversely proportional to the attention it gets from the hacker community.

In other words OS X is not clean from malware/viruses/trojans etc. because it can't be infected but because nobody bothers trying this.

iPhone is locked up much more than OSX but plays Windows' role in the smartphone market. Hence, getting much more attention.
We will see whether it can escape Windows' fate...

Diogen.

Originally Posted by diogen

In other words OS X is not clean from malware/viruses/trojans etc. because it can't be infected but because nobody bothers trying this.

Bingo, We have a winner.

Why try to do something to an OS that has such a small market share. People that write malware and viruses what the biggest bang for their buck, which is targeting Windows.

(From
Infosecurity (USA) - Security and malware threats to Mac and Apple products are on the rise

)

A deluge of security threats were aimed at the Mac OS X in 2009, especially when compared with previous years. While the Intego report admits that the Mac OS X is “more secure than Windows,” the company cautioned that the Mac OS contains a number of flaws that required Apple to issue numerous security updates throughout the year. Among the 2009 patches: flaws in web browser Safari’s handling of RSS feeds, among 50 other Safari security problems fixed during the year; patches for PDF vulnerabilities; patches for an iTunes security threat in March and September; numerous patches for QuickTime flaws/bugs in June and September; and an August security update for the Apple GarageBand program.

This series of security threats – combined with the fact that Apple products are being increasingly targeted by malware authors due to its increasing market share – led Apple to break with its claims that malware presents no real threat to Mac operating systems. Mac products now include a security disclaimer acknowledging that “no system can be 100 percent immune from every threat,” and that “antivirus software may offer additional protection.”

RE: Security of walled gardens

iPhone SMS database hacked in 20 seconds, news at 11 -- Engadget

Courtesy of "the best browser in the world" Safari...

And this despite being locked up more than any OS including their own OS X...

Morale: If you are popular, you are vulnerable even if Saint Jobs says you are not...

Diogen.

And just so iPhone doesn't feel too lonely, OS X was hacked, too. By the same Charlie Miller (see first post above).

Researcher Charlie Miller, principal security analyst at Independent Security Evaluators, quickly exploited a vulnerability in the desktop version of Safari running on Mac OS X. He won $10,000 for the exploit, which was one of 20 zero-day bugs that Apple fanbois deny exist in OS X.
Miller's exploit opened up a remote shell, which he accessed and was able to run any malicious code he wanted. We guess it just worked!

http://www.theinquirer.net/inquirer/...rashed-hackers

The most secure setup: Chrome running on Windows 7.

Diogen.