PC vs. Mac in Security: Experts Share Opinions

[necronic]

Cool soundbytes. Liked seeing the mention of ASLR. Seriously, next time someone talks about how much safer they are mention that. Then watch them stutter a couple times as they realize they have no idea what that is, and slowly realize they are out of their depth talking computer security, and then watch their headsplode. It WILL leave an apple shaped blood splatter.

I swear.

 

[razor512]

while malware is created by jerks, it takes a lot of word to create malware, more than making a legit program. It takes a lot of time, knowledge and skill and work to make malware because you are not only focused on making the app work, you need to work around not being detected by a virus scan or exploit the os and also exploit flaws in a wide range of security software so you can cause them to crash, allowing your malware to infect the system. I have seen source code for many different malware apps and they are very sophisticated.
No one wants to go through all of this work to target a small userbase as if there very few targets and considering that not every one of them will attempt to download the cracked software bound with the malware, ot head to the infected site so your potential infection rate is far too low for you to waste time with. also malware cant be made to be crossplatform using similar code as the malware is tailored around the security problems of the OS (unless it is a exploit for java or PDF or flash)

the main target will be windows

PS my college used macs and almost all of the macs in the college library are infected with malware, including rogue antivirus apps and adware/spyware

if you let enough idiots use any computer, it will get infected

 

[the_brute]

Quick poll.

Q1. How many of you have crack copies of windows and do not update?

Q2. How many of you "tech-people" dont have any anti-virus/malware protection because you "know what to avoid"?

Q3. How many dont have anti-virus/malware protection due to the fact you reload your OS often, or you can reload your OS easily?

 

[G-Systems]

[citation][nom]ThE_BrutE[/nom]Quick poll.Q1. How many of you have crack copies of windows and do not update?Q2. How many of you "tech-people" dont have any anti-virus/malware protection because you "know what to avoid"?Q3. How many dont have anti-virus/malware protection due to the fact you reload your OS often, or you can reload your OS easily?[/citation]

Q1: I don't update my oem Windows installation...the more updates I get, the less efficient Windows seems to run

Q2/Q3: (the same question for the most part) I don't believe that you are ever really safe. Anyone who doesn't have anti-malware/virus and a firewall (and hosts mods with sandboxing for serious surfing) is asking for trouble. I might be the only "tech-[person]" who responds because your questioning is ridiculous...

 

[solanis]

[citation][nom]Razor512[/nom]while malware is created by jerks, it takes a lot of word to create malware, more than making a legit program. It takes a lot of time, knowledge and skill and work to make malware because you are not only focused on making the app work, you need to work around not being detected by a virus scan or exploit the os and also exploit flaws in a wide range of security software so you can cause them to crash, allowing your malware to infect the system. I have seen source code for many different malware apps and they are very sophisticated.[/citation]

The problem isn't really the originators of the malware, it's the legions of little fscktards who download those apps and use them "cos i r uber1337 haxxor! haha pwned!"

[citation]No one wants to go through all of this work to target a small userbase as if there very few targets and considering that not every one of them will attempt to download the cracked software bound with the malware,
[/citation]

Most crackers would prefer the notoriety of achieving a significant "first". (Just look at how many forum posts on any forum on the Internet to get an idea of how many people think this is somehow an achievement, then apply that to the cracker community.)

[citation]also malware cant be made to be crossplatform using similar code as the malware is tailored around the security problems of the OS (unless it is a exploit for java or PDF or flash) the main target will be windows[/citation]

You undercut your own argument here. The current environment makes it more "productive" to use malware that is platform-agnostic.

 

[solanis]

[citation][nom]boredreader[/nom][citation] If I was gonna make an online money transfer for example I sure as hell wouldn't use Windows. I'd rather use a Mac. Or the best option of all, a Linux live-cd. [/citation]I don't see how you a think MAC or a Linux Live-CD would be more secure for an online transaction over Windows. I can guess you are not aware that performing online transaction requires a client software "browsers" that interacts with a server which will require authentication, certification, and other means of security measure that a particular service employs. I would assume that based on your chain of thoughts, it is more secure for you to shop newegg from a MAC than it is on a Windows PC?I think not![/citation]


Perhaps you might like to do some reading on the operations you are trying to argue about here. The issue is the unencrypted data being, for example, in a swap file on your system or in your browser's cache -- with a Linux Live-CD you aren't going to get that data written somewhere where malware can read it.

BTW MAC is the name for your NIC, not an operating system. The Mac hardware generally runs OSX as an operating system.

[Sent from a Linux box, so feel free to flame me as an Apple fanboy to make your self look more out of touch with reality.]

 

[solanis]

[citation][nom]Suncho[/nom]Ok. This is the second Tom's Hardware article in as many days where you guys say "his or her" instead of "their". It's a different author too...[/citation]

That's simple: "his or her" is grammatically correct, while "their" with a singular subject or object is not. A lot of people use "their" with a singular subject/object as there is no singular pronoun that covers both male and female sexes. This is why "he" is used in all legal documents to cover both sexes (and there's usually a note to that effect amongst the mumbo jumbo).

 

[Guest]

As the experts said, windows is better secured then Mac and with every mac sold, mac os is less secure but maybe it won't hit that critical point to make hackers worldwide target it (wait before bashing, there is reason to my madness). Mac OS is basically BSD UNIX with a nice polish on top. Lots of servers worldwide are UNIX and LINUX based and the companies that own them will invest millions of $$ in security development. This way linux and UNIX will always get better security in time and i'm sure that when needed, Jobs will do what he does best: poke around to see what those guys did and do the same for his OS. Windows, ironically, will always be alone on this because the feedback on the server side to improve security form companies will always be worse than with UNIX.

The other major aspect of security that people seem to ignore is that there is a lot of vulnerability in web browsers, not only the system itself. Is safari safer then IE? I'd like to think so because i use it but i don't have any hard proof of that. As far as i know, the safest is google chrome (my choice in browsers for windows) but we will see how log this last.

Whatever you choose, you should always bear in mind that artificial intelligence is no match for human stupidity. Should you buy a mac? Yes. Should you buy a PC? Yes. Is linux better than windwos? For you it may be, for others not. Should you keep bashing others for their choice? No...

Just be happy we grew out of windows '95 and ms-dos era and now we have choices.

 

[solanis]

[citation][nom]valy[/nom]As the experts said, windows is better secured then Mac and with every mac sold, mac os is less secure but maybe it won't hit that critical point to make hackers worldwide target it (wait before bashing, there is reason to my madness). Mac OS is basically BSD UNIX with a nice polish on top. Lots of servers worldwide are UNIX and LINUX based and the companies that own them will invest millions of $$ in security development. This way linux and UNIX will always get better security in time and i'm sure that when needed, Jobs will do what he does best: poke around to see what those guys did and do the same for his OS. Windows, ironically, will always be alone on this because the feedback on the server side to improve security form companies will always be worse than with UNIX.The other major aspect of security that people seem to ignore is that there is a lot of vulnerability in web browsers, not only the system itself. Is safari safer then IE? I'd like to think so because i use it but i don't have any hard proof of that. As far as i know, the safest is google chrome (my choice in browsers for windows) but we will see how log this last.Whatever you choose, you should always bear in mind that artificial intelligence is no match for human stupidity. Should you buy a mac? Yes. Should you buy a PC? Yes. Is linux better than windwos? For you it may be, for others not. Should you keep bashing others for their choice? No...Just be happy we grew out of windows '95 and ms-dos era and now we have choices.[/citation]

Nice post (if you ignore the first paragraph, which is full of unsubstantiated statements and misinformation -- e.g., might want to check where MS stole their TCP/IP stack from (and I use "stole" advisedly); Google "Copland"; re-read your second sentence and contrast it with your third and fourth [hint, it's a non-sequitur]).

Last two paras I wholeheartedly agree with (hence the Positive). Good to see there are still some people on Tom's who still engage brain before typing. Kinda disappointed with the quality of most comments -- haven't been reading stuff here for about two years and the average IQ seems to have dropped dramatically

However, I was impressed at Graham Cluley's take; Charlie Miller's is disingenuous (e.g., what Internet-connected Windows box doesn't have Flash installed?); Tyler Reguly -- "But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down. If you compare Windows 7 to Snow Leopard, then the simple winner is Windows 7." Hmm, perhaps he should read http://www.tomshardware.com/news/windows-7-vista-security-uac,9251.html -- the mindset doesn't seem quite so hardcore about security as he would have you believe, as that article makes it clear that MS wants to focus on ease-of-use over security.

I'm also a bit tired of the "the greatest marketshare OS is at the greatest risk" argument. Crackers are all looking to get a name for themselves, primarily in the cracker community. Garnering what's seen as an achievement in that community is by far easier to do by attacking what's seen as the most secure OS, because it's harder to do. If you modify it to be "the greatest risk is from script kiddies who use others' malware in an environment that's highly insecure" then perhaps I'd agree more.

However, most of the "professional" malware seems to be currently written to exploit x-browser weaknesses, such as Flash and other embedded content (and by "professional" I mean written by authors who are trying to steal data to use for gain). As such it's platform agnostic, so it doesn't care what OS you run, as long as it gets data that's wanted by whoever deployed it. So, harking back to Graham Cluley's point, the new target is uninformed and lazy users. Providing an OS that takes reasonable steps to balance ease-of-use and security and letting users know the potential consequences in circumstances where their actions may adversely affect their PC's security is what's a more secure OS. Unfortunately, MS seems to be doing all the wrong things after spending wads of money on massive security upgrades to the OS, only to make them totally worthless (and most people accuse Apple of abusing marketing hype?). Look at the Security news and you'll see at least 2 articles on how MS has made steps towards lessening security from Vista in Windows 7.

 

[razor512]

[citation][nom]solanis[/nom]The problem isn't really the originators of the malware, it's the legions of little fscktards who download those apps and use them "cos i r uber1337 haxxor! haha pwned!"[citation]No one wants to go through all of this work to target a small userbase as if there very few targets and considering that not every one of them will attempt to download the cracked software bound with the malware, [/citation]Most crackers would prefer the notoriety of achieving a significant "first". (Just look at how many forum posts on any forum on the Internet to get an idea of how many people think this is somehow an achievement, then apply that to the cracker community.) [citation]also malware cant be made to be crossplatform using similar code as the malware is tailored around the security problems of the OS (unless it is a exploit for java or PDF or flash) the main target will be windows[/citation]You undercut your own argument here. The current environment makes it more "productive" to use malware that is platform-agnostic.[/citation]


by cross platform I meant having the same malware with just a few minor tweaks, and having it work on the mac OS, kinda like how you would take the source code for a standard windows app and recompile it to work with windows mobile and make some tweaks to deal with the error messages and have it work. with malware, it is directly based on available exploits for the OS, a exploit for windows will not effect a mac because they have a different set of exploits, making the same malware for a different OS will require you to almost completely write a new app thats targeted at the mac os, which means a lot of work. (making malware that will actually install it's self into the OS and cause a lot of problems doesn't stop at exploiting the browser, the browser is just one of many things that needs to be exploited (but since in many cases it is often the first hurdle the malware has to get over before it can infect the system, a good secure browser will stop most malware

other than that, cross platform exploits that actually work with little to no additional work are exploits for programs that are already present in many different OS, for example flash or javascript (many of these exploits will target routers, a user heads to a page hosting the bad script, upon running it, it causes the browser to (invisible to the user) try to log into the router using a set of default user name and passwords, then change the DNS settings to that of a malicious one

No os is completely secure, the biggest security problem is any os is also one that the companies cant patch, and that is the user. if you put a user who is poor at security on the most secure OS on the planet, that os will no longer be secure. security is a job shared between the OS and the user.

 

[toastninja17]

"Dino Dai Zovi, independent researcher: "Neither. Consumers should see if Apple's iPad or the forthcoming devices based on Google's Chrome OS suit their needs because both are significantly more secure than any general-purpose desktop system, Linux, Mac, or PC."

Way to go in-depth.

 

[Guest]

At work, we set up a Vista machine. We did not install an antivirus program, and the machine was hit by a virus within a month, so bad that we had to rebuild the machine.

At home, I had Windows XP. I got a virus one hour before Norton issued the fix. The virus deleted all the JPEG files from my computer and did other mischief. I had to rebuild the machine.

At home, I've used Macs since 2005. At work, I use a MacBook Pro as my workstation. I have never installed any kind of anti-malware on my Macs. Over the last 5 years, I have had 0 incidents.

I have heard the security-by-obscurity argument a lot, but Macs aren't obscure. I have never heard a computer geek say, "Mac, what's that?" or "OS X, never heard of it." It's also a larger target than it appears: it is certified UNIX 03, along with HP-LUX, AIX, and Solaris 10. My theory is that OS X doesn't get malware, not because Macs are special, but because UNIX is. Even if a malevolent geek were ignorant of the Mac, anyone shooting at UNIX, and maybe even Linux, would hit Mac, too. (Most geeks have heard of Linux, by the way.)

Mac users as so delighted with their computers that they appear to be a religious cult to outsiders. It seems that if there is a computer geek somewhere out there who has heard of the Mac, who has malevolent intent, he would be highly motivated to write a virus just to wipe that smug smile off the Mac fanboys' faces.

That hasn't happened.

 

[JOSHSKORN]

Really. I wonder what would happen if all the hackers in the world gave up in Windows and all decided to hack MAC instead just for fun.

 

[solanis]

[citation][nom]JOSHSKORN[/nom]Really. I wonder what would happen if all the hackers in the world gave up in Windows and all decided to hack MAC instead just for fun.[/citation]

OS X has been certified to UNIX 03 specification (http://www.unix.org/what_is_unix/history_timeline.html). Good luck to the Windows monkeys who call themselves "hackers" having a go at cracking it (yes, I understand the difference between a hacker and a cracker -- most of the ignorant still use "hacker" when they mean "cracker").

To crack OS X, you need to understand the Unix basis that lies underneath OS X and use exploits to gain access to root. Root is by default disabled, although the user is in the sudoers group.

The easiest way to get into it would be via x-browser exploits, which is no different from Windows, although doing any serious damage is still more difficult.

I'm a network engineer, I use Solaris and and Linux mainly but recommend OS X to my clients/friends/family and I also make sure it has a MAC (kinda difficult not to have one, as all Apple's models have built-in Ethernet; oh wait, you just don't know the difference between a Mac and a MAC, sorry for your disability), would be hard to get access to the Internet without one.

I wish Tom's would implement an IQ test which would have to be passed before allowing people posting privileges. Or at the minimum a certified level of knowledge about computing systems both hardware and OSes. Then most users wouldn't have to read through 80% of the drivel that passes for comment here.

 

[Guest]

Guys should check out this new social network www.Formvote.com , it's pretty awesome, especially for these kinds of disputes! lol I'd go with Apple myself.