A Response to “Mac Elitism and Snobbery”

I'm a security professional and I use a Mac. I like OS X for its usability and for its aesthetics. But I don't confuse those with stability or security. For my money, XP is just as stable and secure, and Vista is more secure, though buggy third-party drivers kill its stability (from what I hear V64 is pretty stable).

I have programs crash or hang on both platforms, and both OS X and Windows seem to have problems with sleep mode. But I am not going to focus on stability, more on security.

I would agree that a well tweaked OS X can be more secure than XP or Vista out of the box, but that's not a very fair comparison. Putting the same care into a Windows platform would result in a more secure OS than Apple provides. And comparing default to default, I'd say Vista wins hands down (ASLR, firewall, LUA), then OS X (LUA), then XP (firewall). (This is assuming the latest version and service pack, and that patches are applied.)

It seems like most people who talk about OS X being more secure use two arguments, either that the lack of viruses or the fact that it is built on BSD. Neither of those arguments as most people present them make much sense.

Many people argue that the lack of viruses is evidence of a more secure design or platform. However, these arguments inappropriately attribute causality. It is more likely that the low number of viruses can be attributed to a lack of financial motivation, technical expertise, and interest for writing viruses for OS X. I would ask these arguers if they would concede that all operating systems with no viruses are more secure than OS X.

Some would say that the lack of viruses makes OS X a safer environment for general users. And this is a good point, but what happens if and when Mac viruses start being released in greater numbers? Hopefully the operating system will have become more secure.

Quite a few people believe that OS X's BSD subsystem gives it a great advantage in security. But that is not necessarily the case. There are many flaws found in BSD and in the open source packages which run on that platform. Apple incorporates many of these packages into its OS and products. So an insecurity in one of the packages creates an insecurity in OS X.

When a vulnerability is discovered in BSD or in an open source BSD package, a patched version is usually quickly released. Those packages can then be updated by anyone using BSD. Apple applies these patches too, in most cases. However, these updates can be delayed for quite a while. The one that comes to mind here is the libtiff vulnerability that allowed for easy iPhone hacking. The details of the vulnerability and patches had been posted online about a year before the iPhone was released. Apple themselves fixed it in OS X but it was still present in Safari.

Windows has its problems, but Microsoft has been working on improving their security with much better results than Apple so far. [/$0.02&]

Daniel,

I've been using both platforms for about five years. I'm a desktop Support Technician and I only have Windows now because I have to.

Vista is a flop, we still use XP. Honestly, I actually like XP, but I wouldn't have it if I didn't have too.

I have been our anti virus guy for the last two years, and it's not just the platform, the products are insecure as well. IE is just plain awful at security. I have a PC on the bench right now that has been horribly violated by Smitfraud and Vundo.

If I could have everyone use Firefox we'd be better off. But we have too many applications that use ActiveX or are BHOs and they require IE.

I have never had to rebuild any of my Macs from failures, just because I felt I needed to or I was changing a hard drive configuration. I have to rebuild MS PCs all the time.

Other MS PC issues: Corrupted profiles (My home PC profile corrupted itself this morning), corrupted Winsock Providers (happening frequently), MALWARE, malware, malware. I spend a lot of my day cleaning up malware.

I know that people say there are more viruses for Windows because it's much more widespread, but it's like MS doesn't even try to stop it.

That said, I am not a Mac fanboy. They do plenty to irritate me, especially lately. But, I do think you get your money's worth for Macs.

Well, I'm not getting into that right now, it's a long drawn out argument and there have been so many flame wars.

Also, I have to say I am more than pleased with Linux now and use that as well.

Windows is just something that I'm probably always going to have to know and support.

I have been using both platforms for about 20 years now, and use the PC environment at work more than the Mac environment. I now use a Mac exclusively @ home, even though I have both a PC and a small Windows 2003 server box. When Apple switched to a Unix based OS, Macs greatly improved. Switching to Intel based hardware clinched it for me.

I am a Systems Engineer working in a 90% MS environment @ work, and if I had all the money in the world as well as the power, I would mandate a change to Mac for everything, for the following reasons:

1) Security. Mac is Unix with a powerful GUI, and dealing with security is a breeze. Microsoft cannot touch this, not even on their Server OS. Many, many times MS products are difficult to configure, and information is difficult to obtain in a useable format. I cannot tell you how many hours we spend trying to deal with MS security, but I would guess it is probably at least 10% of our devel time. When the monthly patches are released from MS, we must then re-evaluate, as nothing can get implemented in our environment without testing and security creditation.

Security is easier with Mac. Unix is very solid, and inherently more secure. Most security flaws are well known, and easily addressed. Apple's security patches are probably 1/10 as frequent (taking a wild guess here) as MS, and are usually less critical. Creditation is faster. This greatly speeds implementation of system changes and new applications.

2) Useability. There is a fundamental philosophy behind the Apple corporation, and that is that usability and the computing experience is of prime importance. Everything they do is manufactured from this perspective. From the OS to the system, useability has been integrated extremely well, but there is a price to pay. The desktop clients are more expensive than equivalent PC Desktop components by about 10%, but they work, and we do not have hardware compatibility problems with them. The extra 10% actually is offset by the reduction of support needs for Macs. On our Mac systems, we have NEVER experienced the equivalent of a BSOD, and our Mac users come up to speed much faster than our PC users, when new applications are released. The Mac users also contact our helpdesk about 35% less frequently than the PC users, and the nature of the calls are more related to software "how to" as opposed to unexpected system behavior.

Mac servers are comparably priced to other server products, and we do run some Mac servers for some large scale web applications. I personally believe we should run Mac servers for everything, but Corporate doesn't want to do that.

3) Programming: MUCH easier in the Mac environment. The OS has a compiler that comes with it, and there are many tools available from Apple. For free, and well documented. Compiled code is easier to test and implement in the Mac world as well, since the basic framework has tighter boundaries. We are much less likely to experience the equivalent of "DLL Hell" on Macs. We program in Cocoa and Java for the Mac. Objective-C is also an option.

4) The Mac community. the Mac community is similar to other types of GNU communities. People readily share information, and respond. Apple responds quickly. Apple is better at providing support than Microsoft.