Monday, April 18, 2011

Guest Post - Michael Senatore

Intern:  Michael Senatore
Topic:  Mac OS vs. PC

Viruses and malware infecting Apple computers are on the rise and becoming increasingly problematic, leaving many asking the question, “Are Mac’s really more secure than PC’s?”

Internship Outline:  #2
Version 1.0
Date:  05 March 2011

For years there has been an ongoing debate between not only Mac and PC users, but security analysts alike about which platform is more safe and secure.  Up until the past few years 99.9% of people would have said hands down, it was Mac that was the safest.  However over the last three to four years, the tides have changed to say the least.  Many would now argue that PC’s have surpassed the Mac in terms of security.  Naturally, the truth of the matter lies somewhere in the middle, as Macs are more safe but PCs are more secure.  Never the less, the debate continues to rage on.

For starters I think it is necessary to establish exactly what the difference is between safety and security.  Most people would think there wasn’t one; that the two go hand in hand, which actually is true.  However at the same time, there is a discernible difference.  The easiest way to examine the difference is to give an example.  What is more secure, a Honda Accord or an Army tank?  Obviously the Army tank is more secure in every way imaginable.  But what is safer, a Honda Accord driving through Nowhere Town, USA or an Army tank in the midst of a battle in Afghanistan?  In this instance you can forget about the security of the tank because undoubtedly the Honda Accord is the safer of the two vehicles.  In both examples, the Honda is the Mac and the tank is the PC.
This issue is currently at the forefront of the internet securities field, which is why I feel it is a pertinent matter to discuss.  With the current success of Apple and their products, the debate between Mac and PC continues to pick up steam.  As a consumer, the ability of an operating system to protect itself is a major topic of concern.  It is also one of the major selling points when a person is deciding to buy a computer.  For the casual home computer, the customer wants a secure platform that will help them to avoid the constant headaches of malware and other infectious viruses.

-According to Charlie Miller, a principle analyst at Independent Security Evaluators, “Technologically speaking, PCs are a little more secure than Macs.  Macs have a larger attack surface out of the box.  This means Macs have more vulnerabilities, and it’s easier to turn a vulnerability into an exploit on the platform.  Despite the fact it is less secure, paradoxically, Macs are actually safe to use for most people.”
-Due to their insufficient security protocols compared to Microsoft, Apple products may show their vulnerability in the upcoming years.
-Where Microsoft has been lauded for their concerted efforts towards improved security, Apple is often criticized for ignoring these issues.

Thanks to the fact that Macs still lack some anti-exploitation technologies found in PCs, like full ASLR (Address Space Layout Randomizaton), they are not quite as secure.  ASLR randomizes the location where system executables are loaded into memory, which prevents malware looking for certain files in specific memory locations from being able to run its exploit.  This is just one example of a vulnerability of the Mac OS X, and to a hacker, vulnerabilities are almost like an invitation.  Microsoft has simply done more in terms of inherent security features than Apple.  Also, in the development of Internet Explorer 8, Microsoft is showing an extremely diligent commitment to security.  They have brought in teams of security professionals to look at their codes, leading to a more secure product.
Furthermore, the Mac OS X has a large attack surface consisting of open source components, closed source third party components, and closed source Apple components.  Viruses and bugs in any of these areas can lead to remote compromise.  Charlie Miller claims, “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”  Once again there is a very fine line between the ultimate successes of these two operating systems when it comes to warding off security issues.

-57% of Mac users feel they can safely navigate the web without a need for anti virus protection.
-According to an ESET (Essential Security against Evolving Threats) survey, both Mac and PC users perceive Macs to be a more secure operating system.
-The same ESET survey showed that Mac users are victims of cyber crime just as frequently as PC.
- Although the Mac OS may be safer to use at the present time, this mentality is very problematic and will most likely fester into a bigger problem for Mac users in the next three to five years.
-If you gave a teenager a Mac for a week and a PC for a week, most likely the PC would come back with more security issues.  This is an example of why the most influential contributor to this issue is the person using the computer.

-The bottom line is that although PC’s may be more secure, Mac’s are currently the safer platform when it comes to surfing the web.
-PC operating systems have utilized ahead of the curve technologies such as ASLR to make their platform more secure.
-PC has made a concerted effort in the fight against malware by hiring outside security consulting firms to test their codes and systems for vulnerabilities.

-The safest way to navigate the web is to play it safe and use common sense.  Do not download programs and files from unknown sources.
-Stay educated on the issue of operating system security. Knowledge of the signs of unsafe internet sites will go a long way.  Being able to recognize these signs is another key aspect of keeping your operating system clean.
-Keep your computer up to date with security protocols and anti virus programming.  Take advantage of the updates that your operating system will provide for you.


“In their own words:  Experts weigh in on Mac vs. PC security.”  Elinor Mills.  February 1, 2011.

“Mac OS X backdoor Trojan, now in beta?”  Chester Wiesnewski.  February 26, 2011.

“Mac OS X:  ‘safer, but less secure.’”  Dave Courbanou.  March 18, 2010.

No comments:

Post a Comment