Is a Mac more secure than a PC running Windows?

Recently an article (http://news.bbc.co.uk/2/hi/technology/5150508.stm) quoted a security vendor as advising users to consider switching to Mac for better security. Are Macs inherently safer? The real answer is that there is no scientific data to support a claim that the Mac OS is a safer OS than Windows, and the truth is that it really is not the issue.

I have a friend, “M”. M does not stand for Mac, M really is my friend’s initial. M is not what I would call a “great driver”. I also have another friend, “K”. K really knows how to drive a car. If you put M in a Mercedes or a Volvo, or some other car known for being really safe, and put K in a compact car, even an old Ford Pinto (with the explode-on-impact gas tanks) and want to get somewhere safely, I have to say you should ride with K. Now, we can take M and move him to the outskirts of town where there is less traffic. M will be safer there, but he isn’t a better driver for moving. When the city grows and the traffic comes to M, does M run (or drive) away in fear and move again? Does M just quit driving?

Sure, today Macs are less attacked, but switching from a Mac to a PC doesn’t make you a safer user. If you want to be secure online you will have to learn to make good choices about the web sites you visit, the software you install, and the attachments you open. Phishing attacks are equally effective on Macs. Social engineering – tricks that make people run bad programs – work well on Macs.

You can run away to a Mac today and probably be safer *today*, but if the traffic comes to you then the same risks will come with the traffic. If you become a safer user then you don’t have to run from Windows to Mac, to whatever when the traffic heads your way. Use the operating system *you* like and be a safe user in the environment of your choice. If you choose Linux or Windows then ESET has some really cool safety equipment for your operating system, but you still have to look both ways, steer, and sometimes apply the brakes as you navigate the internet.

Incidentally, K is what the insurance companies would tend to rate a high risk driver. K drives fast. One time K got a speeding ticket and went to “driving school”. K went to the school to prevent his insurance premiums from being raised. My friend M was the instructor! Scary, huh?

Randy Abrams

Director of Technical Education

Author ESET Research, ESET

  • PSchuetz

    Hey,

    lol, there is an funny mistake in the text (typo).
    You wrote: “…, but switching from a Mac to a PC doesn’t make you a safer user.” :D
    Maybe correct, but I’m sure you would write: “…, but switching from a PC to a Mac doesn’t make you a safer user.” ;-)

    best regards,

    PSchuetz

  • Randy Abrams

    You are quite right, although at least the mistake didn’t result in something that wasn’t also true!

    Cheers!

    Randy

  • mj

    I just purchased a Mac and installed Windows XP on it I will be installing your program that machine to protect the xp partition.

    Are you going to make an antivirus program for Mac’s?

    mj

  • Randy Abrams

    I am sure our developers are considering a Mac product, but I do not believe a decision has been made yet.

    Randy Abrams
    Director of Technical Education

  • Skip Dobrin

    March 19, 2009, 07:42 PM — IDG News Service —

    Two well-known Mac hackers are updating a widely used hacking toolkit, making it easier to take control of a Macintosh computer.

    Over the past few days, the researchers have been quietly adding new software to the Metasploit toolkit, used by security researchers and criminals alike. Metasploit already supported Mac attacks, but until recently the Mac code hadn’t been as good as Metasploit’s Windows and Linux tools, said Dino Dai Zovi, an independent security researcher who talked about the new tools with his collaborator Charlie Miller at the CanSecWest conference Friday. “Our goal was to make Mac OS X a first-class target for Metasploit.”

    Metasploit is an open-source toolkit that makes it easy for hackers to launch a barrage of attacks against a computer system.

    Miller and Dai Zovi earned fame in previous years for hacking Macintosh computers at CanSecWest’s annual Pwn2Own hacking contest. On Wednesday, Miller, a researcher with Independent Security Evaluators, won US$5,000 and a Mac laptop by using a previously unknown Safari vulnerability to hack into a Mac system.

    The hack was done before contest organizers. In an interview, Miller said he had hoped to demonstrate it before an audience at CanSecWest, but was prevented from doing so because of Pwn2Own contest rules, which prohibit public discussion of bugs exploited in the contest.

    Miller and Dai Zovi say their work is designed to bring attention to serious security problems in the Mac platform, which has largely avoided the wide-scale attacks that have plagued Windows for years. Dai Zovi said he considers the Mac safe, but not secure. “There’s a difference between safety and security,” he said. “It’s like leaving your door unlocked. … Leaving your door unlocked is always insecure, but it may or may not be safe.”

    At the show, the researchers demonstrated several payload programs they have developed for Metasploit, including one called “Pic the Vic,” which can be used to snap a photograph of a Mac user who has been hacked, using the computer’s camera.

    They have also ported a Windows tool, called Meterpreter, to the Mac. Meterpreter is a stealth tool that can be used to gain information from and import more software onto a hacked computer.

    In the next few days they plan to add exploit code to Metasploit for a handful of previously patched Mac software bugs. Exploit code must be used to first hack into the computer before any payload software can be installed.

    Although there are still many more exploits available for Windows software than for Macs, the new payload code means there is now “more or less the same functionality if you want to target a Mac box or a Windows box,” Miller said.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
11 Jul 2006
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.