Windows is IE, OS X is Firefox


Many are wondering how OS X will fare against malware once it becomes a serious target. We won’t have to wait long; OS X is taking off and we’re going to see major efforts focused on it starting this year.

Some say it’ll be shown to be an open wound as soon as it’s given attention, while others think it’s inherently more secure than Windows and will handle the pressure fine.

I think we have a decent model to evaluate — Firefox.

A very similar debate existed prior to Firefox making it big, and what was the outcome? The answer is rather complex, but I think most will agree it reduces to something like this.

Firefox ended up having a significant number of vulnerabilities — far more than its fanboys ever imagined. But even after having its aura of invulnerability stripped away it still comes out far better than Internet Explorer in terms of relative risk to a user.

That’s my opinion, of course, but I think it’s an impartial and informed one. I’ve triaged upteen kagillion Windows systems that have been owned by malware, but I can’t recall a single one where the only browser used was Firefox. True, we need to take into account the kind of user that employs Firefox exclusively, i.e. an advanced one, but still.

My point is very simply that I expect the same kind of result from OS X.

It will take a massive thrashing starting in 2008 as its marketshare grows, and there will be an eruption of articles and blog posts exclaiming, “OS X just as vulnerable as Windows afterall!”.

But in the end, once things have stabilized and we have time to look back, the vulnerability numbers (and more importantly the relative impact) will show that OS X is far more secure than Windows. Not secure, not even almost secure, but much better than Windows.

