Yes
Virginia, Macs really are more secure. By design
by Alan Zisman (c) 2005 First published in
Performance
PC Canada date
For this security-themed issue, I was asked to review security software
for Macs. I can think of lots of such programs for Windows-users:
anti-virus applications, firewalls, spyware scanners, and more. Any
Windows user ignores them at his (or her) peril. For Mac? Well there
are a few anti-virus programs, but many Mac owners don't bother. Mac
owners install anti-virus software to avoid accidentally spreading
Windows viruses.
Macs aren't perfect. Apple, just like Microsoft, releases operating
system updates from time to time, aimed at patching security holes as
they are discovered.
And Mac-owners running that platform's version of Microsoft Office are
in danger from Word and Excel macro-viruses, just like users of the
Windows MS Office version. Macro-viruses were widespread a decade ago,
but they are very rare today. Instead, the virus targets of choice are
Microsoft Outlook and Outlook Express, Windows-only applications.
Spyware, arguably causing more distress these days amongst computer
owners than viruses, is also Windows-only. In 2004, there was some
discussion about a theoretical way to write Mac OS X viruses, but there
are currently no Mac viruses ‘in the wild'.
One reason Mac-owners get off easy is the relatively small number of
Macs. Graham Cluley, of anti-virus software firm Sophos said:
"…
virus writers appear motivated by a desire to cause widespread havoc
and so have concentrated on the market leader."
But that's only part of the story. Microsoft has made a series of
design decisions that have made Windows systems easy targets. Microsoft
turns on system services by default, leaving them running in the
background in case they are needed. Unused, these services eat up
system resources and leave back doors unlocked when a computer is
online. (For example, most users only discover the Windows Messaging
service—not to be confused with instant messaging like MSN
Messenger—when it gets used by adware programs to pop up ads
on
their desktop). Programs such as Outlook or Outlook Express can run
scripts which can harvest email addresses, change computer settings, or
install software.
Microsoft correctly designed the multi-user Windows 2000 and XP with
users designated as system administrators or as limited users with less
power to change the system. But on the mass-market Windows XP Home,
this is hidden; the default user has full administrator power and lacks
the protection from inadvertent software installs that they would have
if they were running as a limited user.
In moving to its Unix-based OS X operating system, Apple made choices
that result in better security. Unused services are turned off by
default. The all-powerful Root user account is hidden; serious geeks
who need Root access can get it, but the rest of us are protected from
self-inflicted damage. While any Windows application can install files
into the \Windows\System folders, Mac software—including
Apple's
own software updates-- cannot make changes to the operating system
without explicit administrator-level user permission. At worst, malware
could muck up an individual user's setup, but not mess up the computer
over-all.
The end-result: the bad guys target Windows both because of the large
number of people using it and because it's easy to get results. That's
no guarantee that there will never be a successful mass attack on Mac
(or Linux) users, but for now—and for the foreseeable
future— you'll be far safer computing on a Mac than on a
Windows
system.