Apple’s Security Issues

Rixstep is one of the most intelligently critical Mac-centric (well, originally NeXT-centric) websites around. Here’s their latest commentary on Apple’s security issues — an issue they’ve been railing about for years.

Now, I’m not about to switch to Windows for the superior security of Vista (which, if anything, is more vulnerable to social engineering attacks, which are by far the biggest threat*), but it would be nice if Apple closed some of the glaring holes before there actually are some real world exploits.

Note: * all the remote attacks to which Mac OS X is vulnerable are in essence going to require a social engineering approach to work in the first place. Whether it’s getting a user to visit a web page with a specially crafted QuickTime movie, or getting a user to download a trojan, the point is getting the user to do something. Vista screws up its warnings by crying wolf so often that the chance of a user inadvertently clicking “yes” at a critical juncture is much higher, and this is something CanWest et al don’t measure.

Windows vs. Mac Security. One of these operating systems has a destructive virus built in

Oh the irony. So here I am watching the last Steve Jobs keynote (the aluminum iMac introduction) on my Dell Windows Vista laptop (the one I use for testing the software I write, and incidentally use to surf the web when in bed) and Windows logs out on me without warning.

Why? Well to update Windows of course.

It’s funny how Windows thinks that it’s OK to shut down my computer without so much as a by your leave in order to patch itself, since — presumably — the reason you patch your computer is to fix security problems and bugs, each of which could potentially cause your system to crash without warning or corrupt your data.

In contrast to this, when my Mac patches itself, its updater patiently waits for me to restart.

I’ll take the OS without malware built in by design, thanks.

Windows Vista: the most secure Operating System

Disclaimer: I use Vista for testing and casual web browsing and Mac OS X for web and software development. I use both nearly every day. I’ve had no security issues with either. That said, Vista’s “allow or deny” behavior is probably about as annoying as spam or popups.

Various sites (e.g. ZD-net and Engadget) are essentially regurgitating some Microsoft press release (complete with graphs, it appears) on a Microsoft-funded “research” project which shows Vista to be the most secure OS ever released (with XP coming in second — which kind of screams credibility right there).

Secunia is my favorite (well, least loathed) security site for two reasons. First, even though like most security companies it has a vested interest in promoting Microsoft (since almost every Microsoft user pays for some form of virus protection and almost no-one else does) it seems to be relatively impartial. Scandinavian sensibilities, perhaps. Second, it gives you pretty nice graphs.

Apparently, according to Secunia, Mac OS X (versions 10.0 Public Beta thru 10.4, client and server) is one product while, say, Windows Vista is one product (and, more interestingly, Windows XP Professional is one product). This means that when you look for security problem statistics, Windows Vista is in its own separate category, while Tiger is lumped in with the 10 or so other versions of OS X. Secunia also tends to downplay the severity of Windows issues and overstate the severity of Mac OS X issues (yes, if you download a malicious script file, run it, and type in your admin password when asked, it can take over your system) — but we’ll let all that slide (especially since I’ve ranted about it in the past).

Here’s the story in pictures:

The gorey details are here.

And here is all of Mac OS X since 2003 or so for comparison:

The gorey details are here.

And finally, to give you a good laugh, here’s what this “research” claimed was the second most secure OS:

The gorey details are here.

This data is live — so it may change after I finish this post. But right now as I look at it, Mac OS X has a better record historically, and fewer issues since Vista’s release than Vista. And XP — which according to this same “research” comes in second to Vista and ahead of OS X — has a track record based on these statistics (and much personal experience) which is simply embarrassing.