The debate of which is more secure among a Mac and PC has been going on since their inception. Now this debate has been revived again due to the recent news regarding the spread of MacDefender and MacGuard Trojans. Similar to the Fake Security Essentials for Windows, the Mac Defender makes the user believe that his system has been infected and persuades the user to download a Trojan masquerading as an antivirus.
Now this brings us back to our question – Is Mac a more secure OS than Windows?
While Mac supporters vociferously point at the fact that Macs have far less malware than Windows, Windows users attribute that to the wider usage of Windows which makes it a more profitable target by the hackers. Windows OS becomes a very attractive target by virtue of the sheer large number of Windows users.
But is the number of malware the only criteria of an operating system being more secure?
There might be less overall probability of a Mac getting infected than Windows but it does not mean that Mac is more secure. In fact Mac has been hacked in less than a minute in Pwn2Own and Charlie Miller (who hacked the MacBook Air in Pwn2Own) claims that OS X Snow Leopard is more vulnerable to attack than Microsoft Windows for lacking full Address Space Layout Randomization (ASLR) which is present in Windows since Vista. ASLR defends against the buffer overrun exploits. Each time you boot Windows, the system code is loaded into different locations of the memory. This seemingly simple change thwarts a class of well-known attacks in which the exploit code attempts to call a system function from a known location.
Since both of their underlying code is written by humans there will always be bugs and vulnerabilities that the hackers will take advantage of. Since PC is the most used OS it is more prone to attacks and that necessarily doesn’t mean that it is less secure. The fact is Microsoft has always been more serious about security than Apple or at least they have to. This can be seen clearly from how they react to such vulnerabilities. While Microsoft reacts quickly and releases updates every month with faster releases for emergency updates, Apple took a more colder approach with the response that the underlying UNIX is not prone to viruses. Apple had allegedly asked their support reps not to acknowledge or help customers remove the Mac Defender malware. But they indeed released an update against the Mac Defender, but only after a big backlash from blogosphere. Albeit late, Apple is also recommending that Mac users use an antivirus now.
If you ask me, security of an Operating System is relative. It depends on the user and his usage pattern. The Windows ecosystem is open, unlike the Mac which is closed, as a result of which there are a lot of freeware available for Windows. Consequently the chances of installing rogues tend to increase. A normal less tech savvy user who visits all sorts of sites and downloads and installs everything without checking its authenticity, whether he uses a Windows PC or Mac is more susceptible of getting infected than a more tech savvy user with good computing behaviour/habits.
Still today, in many parts of the world, people use un-patched pirated Windows… and when they their machine gets infected, they blame Windows. This does not happen for a Mac!
Now what exactly is a good computing behaviour?
The term has a scope of large number of interpretations. But generally speaking it includes but is not limited to using a good and updated security solution, keeping your OS and other software up to date, verifying authenticity of a program before installing (a simple Google search will do) and of course browsing safely.
Now this doesn’t make you immune to malware as you can be infected by just visiting a code injected but otherwise straightforward webpage. But it gives you an added layer of security irrespective of the platform you are using.
Both Windows and Mac have their respective security features such as the UAC, DEP etc. But it is up to the end user to make sure that he/she stays safe using the provided features. Unless the user takes initiative to stay safe, no Operating System can guarantee a secure environment.
To sum up what I’m saying is that it isn’t the underlying architecture that is the most important factor (although it is important) affecting security but it is the user behaviour that is the most important factor in deciding whether you are secure or not.
What do you – the Windows or the Mac user – think of this!?