Combs Spouts Off

"It's my opinion and it's very true."

  • Calendar

    June 2024
    S M T W T F S
  • Recent Posts

  • Tag Cloud

  • Archives

Macs aren’t secure, just overlooked

Posted by Richard on February 3, 2006

This story didn’t really surprise me, but hey — anything that gives those arrogant Mac-heads a little poke in the eye is worth passing along:

OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple’s increasingly popular platform.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems, regarding security vulnerabilities," said Archibald.

I’ve long believed that the terrible security record of Windows compared to other OSes is largely due to two factors unrelated to the actual code. The first is a fundamental design problem that stems from Windows originally being designed for a single user on a standalone PC: unless you’re in a strictly-controlled corporate network, the user account that you use to log into Windows probably has full administrative control over your PC. That is, you can install and remove software, delete or replace system files, change configuration and security settings — anything. So anyone who logs in as you or gains access to your PC as you (or as any ordinary user) or tricks you into installing something can wreak havoc.

UNIX-based OSes (including Linux and OS X) are much more secure from the get-go because they began life as a networked, multi-user OS with much tighter security built right into the file system. System files and directories can’t be changed or deleted by ordinary users, for instance, and ordinary users can’t "execute" (run) many processes and programs. Only the special administrative login, "root," has total control of the system. And you’re strongly discouraged — by design, documentation, and culture — from using the "root" login for ordinary day-to-day use of the system.

This vulnerability can be overcome in recent versions of Windows (2000 and XP) by limiting the rights of your ordinary user login(s) and requiring a special administrator login for access to system files, installing applications, etc. But setting things up properly isn’t easy, and it requires long-time Windows users to change their habits and ways of working. Maybe Vista will make it easier, but I’m not holding my breath.

The second major vulnerability problem for Windows is simply its market share. The scum who get their kicks disseminating viruses, trojans, and other malware aren’t much interested in targeting a single-digit percentage of PCs. They’re going after the other 90%. Besides, they most likely have an Intel PC running Windows (even if they have Linux on one partition, they probably have Windows on another), so that’s what they know and can study and learn to exploit.

It’s a simplistic analogy, but I think of malware versus security as akin to artillery versus armor: there will always be a struggle between them that see-saws back and forth. You improve your armor until you can fend off all the known means of attack. The next thing you know, someone has come up with a stronger weapon that can defeat your defenses. So you begin strengthening your armor again, and the process repeats itself. The only way to avoid this never-ending struggle is to hide from the artillery so that they don’t target you.

So, the only alternative to relentlessly improving Windows’ "armor" is one that the folks in Redmond won’t exactly embrace: lose lots of market share so that the bad guys start targeting someone else. 😉

Subscribe To Site:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.