Hacker says Windows is more secure than Mac; calls Apple fans "ignorant"

Lifehacker pointed to an interesting piece over at CNet. In a Q and A interview by Elinor Mills, hacker extraordinaire, Marc Maiffret, has said what no one before him dare say--Windows is more secure than Mac OS. While Apple likes to claim a higher security standard than their rival Microsoft, Maiffret, who is now the Chief Security Architect at FireEye, begs to differ.

When asked about the current state of security in Microsoft products, Maiffret responded:

"Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say"

In a follow up question, Maiffret was asked if he feels Apple is taking security seriously. In his response, Maiffret calls out Apple and its "ignorant" community saying:

"It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is"

Marc Maiffret began hacking as a teenager. He was a lad of 17 when he started eEye--a company focused on product development and vulnerability research. Since then, Maiffret has become a revered expert in the world of software security.

Report a problem with article
Previous Story

New screenshots and features of Wave 4 Hotmail

Next Story

Apple may start using AMD processors

189 Comments

Commenting is disabled on this article.

Interesting Article.
15% interesting posts and quite informative
75% fanboys cruelty
(7% of my time scrolling to reach this text box and submit my comment)
2% To fill in the text box and submit this comment
7% Time remaining because of the 'end' button

Now that alot more people have started using Apple's products, they will have to beef up the security. Hackers prior to this didnt see a point to hacking OSX. Now, they do. lol

As I am no computer expert I can only speculate but it makes sense to me that hackers would create undetectable exploits for Apple many corporate people use it for data and corporate information is as much or more valuable than personal.
Not to mention no VS or Firewall present you would hardly notice anything.

You people that b***h about people's spelling and what the title "suggests" and stuff are totally irritating. This whole thread should be deleted.

To each his own on what OS they want to use.

Apple's main vulerability is the level of complacency in its userbase. Imagine sending off warning letters to the owners of infected machines on your network, only to get replies back saying that "No, you must be wrong about my computer being infected, I own a Mac."

Not all folks who enjoy using Macs are ignorant nor rich. I live on a fixed income yet I can still buy a Mac. I just save my money until I have enough to buy one. I also practice safe computing through using antivirus software that I keep updated and using Lil Snitch to watch outgoing messages from third party software I try out from time to time. I really think this war between Mac users and Windows users is really silly and a waste of time. We should be working together to combat the real problem which is the creeps out there trying to victimize society.

Mac777 said,
I live on a fixed income yet I can still buy a Mac.
What has a fixed income got to do with it? Do you mean low income?

I'll be the first to say it here. (meabe not, I didn't read every single post), but I wish to God someone would write a virus that would really put the hurt on Apple. Just once will someone please show the world the arrogance of Jobs and his followers?

Obviously the misery and cost to innocent users guilty only of ignorance and naivety is well worth getting one over on someone. *rolls eyes*

I think its high time for someone to make a virus to take advantage of all the apply fan boys bank accounts though. I mean, they obviously have money to pay such high prices for their equipment, might as well take the rest with one good undetectable virus.
Of course, there already are virus and malware against macs, just how many who are infected don't know about it due to the lack of security?

my experience with apple leads me to say, "it's more relaxed in terms of security because there's a low risk in usage." it's safer of course, but i've tested visiting infected pages and have had "no damage or infection."

windows is in truth, "more secure" because it has to be. visiting that same page lead me to get infected as it even bypassed UAC. so in blunt, it's more secure, but higher risk.

i still favor windows though, it's just that it feels like "home" to me...

I'm tempted to suggest comment rating (at least a like or dislike button) so the most relevant or most community approved comments can be at the top and the rest can kind of float around.

i say do it, why dont they put their money where their mouth is? The mac market is so easy to hack why not just do it, they will get a lot of exposure as being one of the first to hack the platform.

REM2000 said,
i say do it, why dont they put their money where their mouth is? The mac market is so easy to hack why not just do it, they will get a lot of exposure as being one of the first to hack the platform.

They do, all the time.

Did you read the story? They don't release a virus or some sort of Malware that targets Apple products because they don't want to break the law, cause trouble and cost people money.

These are security professionals, not simply h4x0rs who hack whatever has the most market share.

I've been saying the same thing for years.... The reason Mac is "more secure" is because hackers don't want to bother taking out "hundreds of thousands" of Macs, or maybe "several million" Macs.... THey are looking for numbers in the TENS of millions. It's much more "impressive" and FAR more inconvenient to compromise MILLIONS of PCs than it is to take out a much lower number of Macs.... Windows hacking provides greater bragging rights.

Now, if the trend of Macs gaining marketshare continues, or even multiplies faster than it is currently, hackers will definitely start working the exploits. But until then, whoever is on top will always be the biggest target.

Apple has knowingly lulled its users into a false sense of security. Many of their users do in fact have malware on their machines it's just that they have no idea what to look for so they never realize it and therefore never report it.

Apple users are, in effect, just as ignorant as Apple itself.

"The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is"
Thats what i say to my mac lover pals, exactly the same thing.

Security through obscurity / not a "big" target may make you safe in some cases, it doesn't however make your system "more secure" however.

etempest said,
Security through obscurity / not a "big" target may make you safe in some cases, it doesn't however make your system "more secure" however.

I agree! If I were to make on operating system and be the only person to use it, would that make my operating system the most secure since its never been hacked? Of course not! Just because there aren't enough Mac users to make it worth hackers time doesn't make the OS more secure, but it might make the users safer.

And here I was thinking that being on an Open Source base means there is more chance for people to find a whole.

Also I take issue with his "hacking contest" .. getting some user to click yes, or enter their password, or whatever isn't hacking.

techbeck said,
What I have been saying for years. Apples arrogance/ignorance will get the best of them in the end.

Yep. Just like Microsoft, Apple will get what's coming to them at some point. And again, like Microsoft, they'll bounce back from their mistakes and move on.

So so true, the majority of people who were sheep to the mac ethos are people who were fools on windows pc's before. They were the types that click the link for a *free* copy of office and get malware. The more morons on Mac os the more secure windows becomes as we are only left with the people who know better
Its quite good in a way, get all the fools onto mac os that way might leave windows alone more.

And it still remains that the number 1 Threat to any OS is the dumbass sitting in front of the monitor clicking yes/ok to anything and everything

but i had to laugh the other day i was out at Harvey Normans (local household everything store) just wondering round the computer section when i happened to overhear the sales guy trying to sell a MAC to this erstwhile housewife and when asked if it needed any antivirus software and is it safe for the kids to use, the sales guy turns round and blatantly tells her you wont need an AV suite Mame as there are no virus's or malware that affect Apple Mac's ... you could of heard a pin drop if it wasn't for me laughing so loud that everybody in the shop was looking I spun round on the dopey rep and let him have a few home truths about there being viri/malware just for crapple Macs so yes she will need an AV suite and it all went quiet as here son looked at the poor ****** and said in as loud a voice as he could " YOUR A LIER" i damn near wet myself laughing all be it i'm now serving a 6mth ban from the store but hey it was worth it

I don't think you need AV for the Mac just YET. Problem is by the time you do it will be to late.

Edited by warwagon, Apr 16 2010, 5:11pm :

Athlonite said,
And it still remains that the number 1 Threat to any OS is the dumbass sitting in front of the monitor clicking yes/ok to anything and everything

but i had to laugh the other day i was out at Harvey Normans (local household everything store) just wondering round the computer section when i happened to overhear the sales guy trying to sell a MAC to this erstwhile housewife and when asked if it needed any antivirus software and is it safe for the kids to use, the sales guy turns round and blatantly tells her you wont need an AV suite Mame as there are no virus's or malware that affect Apple Mac's ... you could of heard a pin drop if it wasn't for me laughing so loud that everybody in the shop was looking I spun round on the dopey rep and let him have a few home truths about there being viri/malware just for crapple Macs so yes she will need an AV suite and it all went quiet as here son looked at the poor ****** and said in as loud a voice as he could " YOUR A LIER" i damn near wet myself laughing all be it i'm now serving a 6mth ban from the store but hey it was worth it

Ya know, you can correct the misinformed without being a jerk.

I'd like you to try that same stunt in Apple stores. Walk right in and laugh openly in the faces of sales people who are trying to do their job, regardless if they really mean what they say.

They always say Hackers attack windows because that is where all the market share is. Why go after 5% when you can go after 95%. This is True. But why not go after the 5% and become famous by creating a fast spreading Mac Virus. That would be awesome.

warwagon said,
... But why not go after the 5% and become famous by creating a fast spreading Mac Virus. That would be awesome....

Indeed, but who cares about Mac fan boys?

warwagon said,
They always say Hackers attack windows because that is where all the market share is. Why go after 5% when you can go after 95%. This is True. But why not go after the 5% and become famous by creating a fast spreading Mac Virus. That would be awesome.

Because that's not the point. You don't want to be famous, you want to be rich. An exploit in Windows is worth 10x more than one in OS X. Besides, this is illegal. When you're doing illegal things, you don't want to draw attention to yourself.

well obviously. Microsoft is putting a lot of effort into securing Windows because of how many viruses are out there and how easy it is for a novice computer user to get one. Apple however does care about security, but their mindset is different. Theres is more based around the fact that less Macs are targeted with viruses. Some day in the near future Macs will be targeted and Apple will have to secure OSX better, but for now there really isn't a major need.

Anyone think that this guy is lying? Every expert I've talked to agrees with me that the solid UNIX structure behind OS X is much more secure than any Windows edition.

We also don't know if he's referring to any special version of OS X. Leopard, Tiger, Snow Leopard, or which.

There will never be a major hack on Macs because they will never have the market share of Windows...or at least not in my lifetime...and that's how I want it to be.

njn007 said,
Anyone think that this guy is lying? Every expert I've talked to agrees with me that the solid UNIX structure behind OS X is much more secure than any Windows edition.

We also don't know if he's referring to any special version of OS X. Leopard, Tiger, Snow Leopard, or which.

Nope, Windows Vista and Windows 7 are more secure than any version of OS X (in theory). The simple fact is that the security technology that exsists in Windows does not exsist in OS X.

For the same reason, Internet Explorer 8 and Google Chrome are the most secure web browsers.

Apple fans are ignorant for the most part but ONLY because Apple has given them a false sense of security. They lead their customers to think OS x is flawless and that Mac users are now and forever immune to any sort of security flaw. If they were a little more realistic and stopped stamping "world's best" on everything their customers might have a more realistic mindset.

I really don't think they are quite that extreme though they like to boast of being above Windows on the matter.

I think most computer users are ignorant, regardless of what OS they choose.

As usual it comes down to how dumb/ignorant an user is.
I don't use any Antivirus and only use Windows built-in firewall and has been doing so for 10+ years, and I've not once had any malware on any of my PCs. I don't visit porn or warez sites, and I'd bet that alone stops 90-95% of even the chance of malware creeping unto my pc.

Frankenchrist said,
As usual it comes down to how dumb/ignorant an user is.
I don't use any Antivirus and only use Windows built-in firewall and has been doing so for 10+ years, and I've not once had any malware on any of my PCs. I don't visit porn or warez sites, and I'd bet that alone stops 90-95% of even the chance of malware creeping unto my pc.
At this point it's always fun to ask: if you don't have AV, how do you know you don't have malware?

Kirkburn said,
At this point it's always fun to ask: if you don't have AV, how do you know you don't have malware?

Haha, exactly what I was thinking. If a keylogger gets installed in order to steal various passwords and accounts .. it wants to be on there for as long as possible. It's not going to advertise itself and will probably actively hide.

The article is dead on accurate. No system is 100% secure but while Windows is battle-hardened and tested, OS X hasn't had to face the same kinds of risks and therefore isn't as secure. It's like living without an immune system and the slightest cold comes along that the rest of the world brushes off, but utterly decimates you.

OS X is the bubble boy of the computer security world.

The true is that most of the windows viruses are obsolete, and the very few active are just a variant of a virus.
The real problem is not the virus but the trojan, a trojan can exist in almost every single operating system.

I like this comment he makes on the state of AV`s and there worth. Some form of IPS is required nowadays to be more secure.

Just by writing your own run-of-the-mill simple malware, as long as it's a brand new piece of malware, antivirus software completely misses it because there is no known signature.

Apple fans are ignorant about a wide range of aspect, not only about security. They are stuck to 1998 both in their ideological view and knowledge of the IT world.
I definitely agree with Miaffret claims.

DaveGreen said,
Apple fans are ignorant about a wide range of aspect, not only about security. They are stuck to 1998 both in their ideological view and knowledge of the IT world.
I definitely agree with Miaffret claims.

Because nobody could seriously think that Snow Leopard is just better than Windows 7, right?

DaveGreen said,
Apple fans are ignorant about a wide range of aspect, not only about security. They are stuck to 1998 both in their ideological view and knowledge of the IT world.
I definitely agree with Miaffret claims.

Wow what a stupid statement

Mac may not be as secure but its certainly safer than Windows. The lack of virus, spyware, whatever makes it so. Although that will change over time, but until then they aren't really lying when they say you don't have to worry virus'. I'd be interested in the ratio of PC threats compared to Mac threats.

Xero said,
Mac may not be as secure but its certainly safer than Windows. The lack of virus, spyware, whatever makes it so.

Uhhh...No.... not even close. A very inexperienced Mac user could easily install malware not knowing what they were doing. A knowledgeable Windows user on the other hand may never have a malware issue if they are aware of what they are doing. It doesn't matter what the virus count is, what matters is between the keyboard and chair. A computer is only as safe as the person using it.

Xero said,
Mac may not be as secure but its certainly safer than Windows. The lack of virus, spyware, whatever makes it so. Although that will change over time, but until then they aren't really lying when they say you don't have to worry virus'. I'd be interested in the ratio of PC threats compared to Mac threats.

Security: the state of being free from danger or injury; the degree of protection against danger, loss, and criminals.

Now, as a GREAT example.... Say I live in middleofnowhere USA. My house has no locks. No one else lives within a mile. Does that make me secure? No, I have no FEATURES of security on my home for if someone came to invade.

And just because I live in the middle of no where w/ no locks doesn't mean I'm any SAFER than someone who lives in a city with locks. The potential threats are the same (robbery in this case), but saftey comes from what is there to protect from it.

Apple is "less secure" because it lacks the protections for threats such as widespread use of AV, ASLR, DEP, etc.

^ I didn't say it was more secure, I said it was safer. Living in the middle of no where with no locks does make you safer than in the city with locks. People can pick locks. If no one is around, it doesn't matter if you have locks or not. My point was, there are next to no mac threats currently. Whether someone is smart or dumb they aren't going to accidentally install something that doesn't exist. Now when/if there are mac threats, my point will stay the same. Mac may not be more secure but its a hell of a lot safer because theres no/less threats compared to Windows which has millions. Whose safer? The cop with a vest getting constantly shot, or the cop who can't get shot?

C_Guy said,
Uhhh...No.... not even close. A very inexperienced Mac user could easily install malware not knowing what they were doing. A knowledgeable Windows user on the other hand may never have a malware issue if they are aware of what they are doing.
So your saying a dumb person can accidentally install malware, and a smart person won't? Amazing argument..

Xero said,
^ I didn't say it was more secure, I said it was safer. Living in the middle of no where with no locks does make you safer than in the city with locks. People can pick locks. If no one is around, it doesn't matter if you have locks or not.
Indeed, it is a good analogy. The problem begins if people start to move in to your area - people start to take notice.

Kirkburn said,
Indeed, it is a good analogy. The problem begins if people start to move in to your area - people start to take notice.
For sure, the honeymoon won't last forever, but until then, lean back, kick up your feet and have a cold one

The security competitions are irrelevant because hackers know the holes before the day even starts. They don't find them at the competition. Also, who cares. I like both OS but I just get bored on Windows. I installed Team Foundation Server today and it's over complicated. Microsoft can't ever keep things pretty or simple. They have to make it look all Microsoft. They require you to buy addition Microsoft products just to make one of their server products work. Why does all of their software fill the DVD to the brim and require service pack? Why are there 10000 viruses? UAC is so annoying!! SharePoint is the slowest, most bloated product ever made.

AND MOST OF ALL, if it weren't for Apple beating up on PC security, Microsoft wouldn't have even made Windows 7 so secure... So it's thanks to Apple anyway. This has to be the dumbest article I have ever read.

crazyfish said,
Why does all of their software fill the DVD to the brim and require service pack? Why are there 10000 viruses? UAC is so annoying!!...
AND MOST OF ALL, if it weren't for Apple beating up on PC security, Microsoft wouldn't have even made Windows 7 so secure... So it's thanks to Apple anyway.

Why does OS X fill a DVD and require Service Packs? Why does OS X require a password to make admin-level changes? It is equally annoying! (Actually it's not annoying at all and neither is UAC if you know how to use it)

If you think Microsoft improved security only because of a 30-second advertisement from Apple then you really have no clue how software is designed.

C_Guy said,

If you think Microsoft improved security only because of a 30-second advertisement from Apple then you really have no clue how software is designed.

Considering that I was installing Team Foundtion Server, you could probably assume that I do know how software gets designed. I think the 30 second commercials did a lot to push Microsoft. Why did it take them 2 years to even come back with their own I'm a PC commercials? I use Microsoft software every day. Im just tired of how friggin complicated their server software is. Have you ever tried intalling MS Office SharePoint?? It's overkill, engineered to keep a company glued to Microsoft for life. I could build a hackintosh from scratch and code up 10 iPhone apps in objective-c in less time.

crazyfish said,
Have you ever tried intalling MS Office SharePoint?? It's overkill, engineered to keep a company glued to Microsoft for life.
Have you ever installed Oracle? Sometimes software is complex to install, configure and use because it solves complex problems. The real problem is people often think they need this complex software, when much simpler packages will work much better for their purposes. I doubt many companies with less than 150 users really need Sharepoint Server, and most would be better off with either a wiki-style website or, if they must use Microsoft software, Windows Sharepoint Services.

Edited by ckitching, Apr 16 2010, 6:29pm :

crazyfish said,

Considering that I was installing Team Foundtion Server, you could probably assume that I do know how software gets designed. I think the 30 second commercials did a lot to push Microsoft. Why did it take them 2 years to even come back with their own I'm a PC commercials? I use Microsoft software every day. Im just tired of how friggin complicated their server software is. Have you ever tried intalling MS Office SharePoint?? It's overkill, engineered to keep a company glued to Microsoft for life. I could build a hackintosh from scratch and code up 10 iPhone apps in objective-c in less time.

Based on your above comments that you must work for a very large corporation to need both Team Foundation Server or Sharepoint Server. If so, then your ignorance pertaining to Software Development practices should have had you fired from that company some time ago.

An iPhone app is significantly less complicated than anything even coming close to *any* commercial software. This shows you as being even MORE clueless than the last reply to your post.

Quit while you're ahead.

crazyfish said,
AND MOST OF ALL, if it weren't for Apple beating up on PC security, Microsoft wouldn't have even made Windows 7 so secure... So it's thanks to Apple anyway. This has to be the dumbest article I have ever read.

Um, I really don't give Apple credit for this, as even the early versions of OS X less secure than XP of the same time frame. The whole 'compatibility' over enforcing NT security that MS chose for XP when moving the Win9x users to the NT platform was bad and they realized it too late.

Competition does create incentives, but also user outrage and a company response to bad decisions they made are just as important.

As for looking to who or what moved Microsoft to the revamp and security restructuring that occurred between XP and Windows Server 2003 and XP SP2, the biggest competitor would be the OSS world with Linux and the real OpenBSD hitting Microsoft in the server markets.

OS X is a great product for Microsoft, more Mac users buy Microsoft products by % of owners than traditional PC owners. Mac users by % buy Microsoft Office more than Windows users and a majority of Mac users are now also buying copies of Windows for BootCamp. (Apple isn't a competitor to Microsoft, Microsoft is a competitor to Apple.)

Edited by thenetavenger, Apr 17 2010, 4:51am :

tooshpz said,
Because even a hacker cannot "mass deploy" on "such a low user base".

LOL. Nice one. Couldn't agree more.

tooshpz said,
Because even a hacker cannot "mass deploy" on "such a low user base".

Back in the day, the Amiga had a wide variety of viruses in the wild, and it had a much smaller user base than current Macs. And that was BEFORE internet use was widespread. And before OS X, there were tons of viruses for the Classic MacOS. Again, that had a smaller user base that current Macs as well.

Edited by roadwarrior, Apr 16 2010, 4:40pm :

tooshpz said,
Because even a hacker cannot "mass deploy" on "such a low user base".

Just because they can't mass deploy the virus doesn't aid in the argument that Mac is more secure than windows.

roadwarrior said,

Back in the day, the Amiga had a wide variety of viruses in the wild, and it had a much smaller user base than current Macs. And that was BEFORE internet use was widespread. And before OS X, there were tons of viruses for the Classic MacOS. Again, that had a smaller user base that current Macs as well.

That was when viruses were written as a joke or a prank, not as a tool for organized (and even un-organized) crime as it is mostly used today.

Please. Microsoft's idea of security is to cripple the developers access. Look at Office (macros), IE and Vista's unsuccessful Security Alerts. LiveMail's approach to Spam filtering is to only allow emails from people in your contact list. Now that's useful. Common argument is, "Apple is more secure because there is less of them attitude." No, Apple is a bigger target because owners of an Apple Computer are more likely to have iTunes accounts that pose a real value besides some malware that captures key strokes. You hack an iTunes account and you can go on a shopping spree.

WillGonz said,
Please. Microsoft's idea of security is to cripple the developers access. Look at Office (macros), IE and Vista's unsuccessful Security Alerts. LiveMail's approach to Spam filtering is to only allow emails from people in your contact list. Now that's useful. Common argument is, "Apple is more secure because there is less of them attitude." No, Apple is a bigger target because owners of an Apple Computer are more likely to have iTunes accounts that pose a real value besides some malware that captures key strokes. You hack an iTunes account and you can go on a shopping spree.

What can you buy with an iTunes account? Music, Movies and Apps; a hacker could get those without needing a hacked account...

WillGonz said,
Please. Microsoft's idea of security is to cripple the developers access. Look at Office (macros), IE and Vista's unsuccessful Security Alerts. LiveMail's approach to Spam filtering is to only allow emails from people in your contact list. Now that's useful. Common argument is, "Apple is more secure because there is less of them attitude." No, Apple is a bigger target because owners of an Apple Computer are more likely to have iTunes accounts that pose a real value besides some malware that captures key strokes. You hack an iTunes account and you can go on a shopping spree.

Fail... just fail....

WillGonz said,
You hack an iTunes account and you can go on a shopping spree.
What can a hacker get on iTunes that he couldn't get from torrents? If don't care about the illegality of breaking into someone's system, why would you care about the illegality of infringing copyrights? On the other hand, if they steal MMO passwords, or credit card numbers, they can turn those into real cash.

Edited by ckitching, Apr 16 2010, 6:57pm :

WillGonz said,
Please. Microsoft's idea of security is to cripple the developers access. Look at Office (macros), IE and Vista's unsuccessful Security Alerts. LiveMail's approach to Spam filtering is to only allow emails from people in your contact list. Now that's useful. Common argument is, "Apple is more secure because there is less of them attitude." No, Apple is a bigger target because owners of an Apple Computer are more likely to have iTunes accounts that pose a real value besides some malware that captures key strokes. You hack an iTunes account and you can go on a shopping spree.

Ignorance piled upon ignorance.

Hackers that want to infect computers are not looking for iTunes info - they want passwords, Credit Card & Bank info, anything they can use to gain income and then SELL it on the Information Black Market. They arent' hacking to buy music from iTunes, Wilbur!

OS X isn't a hacking target because they aren't large enough targets based on installed base share - I'm sorry if you can't wrap your head around that fact.

WillGonz said,
Please. Microsoft's idea of security is to cripple the developers access. Look at Office (macros), IE and Vista's unsuccessful Security Alerts. LiveMail's approach to Spam filtering is to only allow emails from people in your contact list. Now that's useful. Common argument is, "Apple is more secure because there is less of them attitude." No, Apple is a bigger target because owners of an Apple Computer are more likely to have iTunes accounts that pose a real value besides some malware that captures key strokes. You hack an iTunes account and you can go on a shopping spree.

Another vote from the 'not a clue' crowd. This is what he means when he says their fans are ignorant.

I could mention things from the token based object security model of NT to the protected mode of IE8 running on the desktop and 1000 items inbetween that has nothing to do with restricting developers or code execution.

Sadly these type of technical details are lost on people like this, and they won't even listen when experts do stand up and go, wait it is more complex that what you know and Apple intentionally is misleading you.

Here's the thing they keep claiming Mac OS isn't targeted because of the fact it has such a low user base. I find that reason to be partially BS what hacker wouldn't want to take the crown of being the first to mass deploy a Virus to Mac OS X Users to shut them up? That just seems like a major stickler in all these complaints that the Mac isn't secure at all.

MioTheGreat said,
A worm or virus can't propagate in the wild if there isn't a large enough base to support it.

BS! Computers can scan for exploits faster than lightning. There are plenty of Macs out there with no firewalls, no antivirus, running old versions of Mac OS. The market share thing might have more to do with more hackers run Windows....

MioTheGreat said,
A worm or virus can't propagate in the wild if there isn't a large enough base to support it.

Before OS X (Mac 7, 8, 9...) there were viruses for MacOS. Why aren't there any for OS X? Mac OS X is 10yrs old and yet, no virus! So, that argument is just plain BS. (Is that the one and only argument that desperate Windows users can think of?). Like it was said before here, "what hacker wouldn't want to take the crown of being the first to mass deploy a virus to Mac OS X Users to shut them up?"

ian said,
Like it was said before here, "what hacker wouldn't want to take the crown of being the first to mass deploy a virus to Mac OS X Users to shut them up?"

How about the fact that virus and worm writing has changed from simple trouble-making and bragging rights to stealing bank account data, credit card numbers, MMO game passwords, and anything else that can be sold for a profit? Things have changed.

Ten years ago, if someone got a virus, I'd clean it, and forget about it. Today, if someone gets a virus, I usually have to wipe the system, and I tell them to change their bank passwords and credit card numbers.

ian said,

Before OS X (Mac 7, 8, 9...) there were viruses for MacOS. Why aren't there any for OS X? Mac OS X is 10yrs old and yet, no virus! So, that argument is just plain BS. (Is that the one and only argument that desperate Windows users can think of?). Like it was said before here, "what hacker wouldn't want to take the crown of being the first to mass deploy a virus to Mac OS X Users to shut them up?"

There are viruses; rather malware which is worse.

http://www.iantivirus.com/threats/

alfaaqua said,
There are viruses; rather malware which is worse.

http://www.iantivirus.com/threats/

Unfortunately there are idiots on Neowin who don't know the difference between malware and a virus. For most people these days malware is the primary cause of problems as you noted in the above link - and Apple is vulnerable especially given the number of idiots out there who run Mac OS X and have this cavalier attitude to security; download stuff off any old site then complaining when all hell breaks loose.

alfaaqua said,

There are viruses; rather malware which is worse.

http://www.iantivirus.com/threats/


Malware such as spyware and trojans exists in every platform. But viruses... well, I guess it's a Windows exclusive feature. And that says a LOT about how it works (not to mention registry crap and so on.).

Edrick Smith said,
Here's the thing they keep claiming Mac OS isn't targeted because of the fact it has such a low user base. I find that reason to be partially BS what hacker wouldn't want to take the crown of being the first to mass deploy a Virus to Mac OS X Users to shut them up? That just seems like a major stickler in all these complaints that the Mac isn't secure at all.

There's less money in getting some leet hack set up for OS X than there is for Windows, that is all.

Number of exploits identified and fixed in Microsoft is only one factor in determining how secure a software is. But the fact that Microsoft is a lot more widely used, can throw the equation completely off balance. He's making a superfluous statement which detracts from the essence of this article.

Apple needs to ramp up their security initiatives as it becomes more widely adopted. He used fanatical rhetoric, and that reduced the overall value of his words.

Fulcrum said,
Number of exploits identified and fixed in Microsoft is only one factor in determining how secure a software is. But the fact that Microsoft is a lot more widely used, can throw the equation completely off balance. He's making a superfluous statement which detracts from the essence of this article.

Apple needs to ramp up their security initiatives as it becomes more widely adopted. He used fanatical rhetoric, and that reduced the overall value of his words.

Yet we all sit by as OS X and even iPhones are being hacked all the time because Apple either believes their own marketing or doesn't care.

And sadly the iPhone market is growing and a major platform now, yet doesn't have the security or maturity of even an unknown cell phone OS. People are still using stuff as benign as browser exploits and SMS to hack iPhones, something that sounds as insane as it is.

Apple is now playing with the grown ups, yet they still don't take security seriously or understand their ripped off XNU kernel model enough to keep it safe let alone secure it against the upper level OS X layers.

Fulcrum said,
Number of exploits identified and fixed in Microsoft is only one factor in determining how secure a software is. But the fact that Microsoft is a lot more widely used, can throw the equation completely off balance. He's making a superfluous statement which detracts from the essence of this article.

Apple needs to ramp up their security initiatives as it becomes more widely adopted. He used fanatical rhetoric, and that reduced the overall value of his words.

I think you're reading into what he said. He never said that he was basing this opinion on the number of vulnerabilities Microsoft has fixed... Being a bit of a hacker, it would seem more likely that he would be referring to Microsoft's security model in Windows, not how active they are in patching...

thenetavenger said,

Yet we all sit by as OS X and even iPhones are being hacked all the time because Apple either believes their own marketing or doesn't care.

And sadly the iPhone market is growing and a major platform now, yet doesn't have the security or maturity of even an unknown cell phone OS. People are still using stuff as benign as browser exploits and SMS to hack iPhones, something that sounds as insane as it is.

Apple is now playing with the grown ups, yet they still don't take security seriously or understand their ripped off XNU kernel model enough to keep it safe let alone secure it against the upper level OS X layers.

I didn't know any of that about the iPhone platform being hacked so easily... That's rather scary...

"deliberately pulling the wool over the rest of the worlds eyes. Are you nuts? We are doing the best we can." That's what you get for slapping Apple's face! LOL

Glad he lumps all Apple fans into the "they don't know their system is less secure" category. I know OS X's security isn't the best out there (though I really don't think it's worse than Window's). I don't care. I use OS X because I like it more. I learned safe habits from being on Windows for 8 years. I still use those safe habits, even on OS X, to this day.

At the end of, being careful is the best anyone can do, no matter what system they use. No OS is going to stop somebody from grabbing or deleting your personal data.

Elliott said,

At the end of, being careful is the best anyone can do, no matter what system they use. No OS is going to stop somebody from grabbing or deleting your personal data.

This post just illustrates that Apple fans think being careful is the best anyone can do. Unfortunately, with modern exploits, being careful isn't enough.

I fondly remember the time I connected to my friends "Secure" Air Port and browsed the web for several minutes while he looked for the SSID.

Neb Okla said,
I fondly remember the time I connected to my friends "Secure" Air Port and browsed the web for several minutes while he looked for the SSID.

Cracking WEP and/or finding the unbroadcasted SSID is far from Apple's fault. To anyone that does not know, WEP can be cracked in minutes (any router's standard implementation) and unbroadcasted SSID (the wireless network name) can be snooped in seconds; there is software to do both.

I'm not being an Apple fanboy (note my post near the top), but that is not Apple's fault.

pickypg said,

Cracking WEP and/or finding the unbroadcasted SSID is far from Apple's fault. To anyone that does not know, WEP can be cracked in minutes (any router's standard implementation) and unbroadcasted SSID (the wireless network name) can be snooped in seconds; there is software to do both.

The point was that not only was his SSID broadcast, but his connection was totally insecure. I just walked into his house and connected - while he busily looked for the SSID and WEP key so I could sign in to his "Secure" wireless network.

I prefer the Apple fans who admit they don't know anything to the ones who, as Reagan put it "know so much that isn't so".

Elliott said,

At the end of, being careful is the best anyone can do, no matter what system they use. No OS is going to stop somebody from grabbing or deleting your personal data.

From the article, regarding the approach of "just being careful":

Maiffret said,

I don't even know of a way right now, with the various types of attacks, how to explain to my mom what not to click on and what not to do because just through the normal browsing attacks are going to be coming at her. It's so low-level and behind the scenes. You just happen to click on a news link and a flash link off to the side that you're not even interacting with compromises you. The potential of educating users is going away quickly. It means we have to be better as technology people and security companies at preventing these things.

artfuldodga said,
its is actually far worse than Windows ;P

Windows only recently gained DEP and ASLR, and they've both been cracked (through IE no less). While they're good steps forward, nothing is impenetrable. I'm not saying system vendors should be lazy, but really, being cautious is the best action anyone can take.

Be wary of social engineering, because it can always happen. A widespread attack can happen well before security suite vendors can update their definitions and get people to download them. Doesn't take much for a person to get a truly ignorant person to download a file and run it. Said executable wouldn't even need administrative privileges to do serious damage.

Elliott said,

Windows only recently gained DEP and ASLR, and they've both been cracked (through IE no less). While they're good steps forward, nothing is impenetrable. I'm not saying system vendors should be lazy, but really, being cautious is the best action anyone can take.

I will make a simple analogy.

Someone wearing body armour; it will stop him being killed by light arms, but if he is hit by a Barrett sniper rifle, the armour will not stop it. What is the likely hood of him being shot by a barrett sniper rifle compared to the small arms?

Defending against the really strong attacks is always going to be hard, but they won't happen as often, so you might as well implement things which stop the more common hacks and exploits

And quite simply, the caution argument doesn't work, because a lot of computer users are very ignorant about the equipment they are using!

Edited by Minimoose, Apr 16 2010, 4:01pm :

Elliott said,
Glad he lumps all Apple fans into the "they don't know their system is less secure" category.

Well Elliot you are a tiny minority in an already tiny market. It is perfectly valid to lump most Apple fans into that category because it is Apple that gives their cusotmers a false sense of invincibility. If they didn't, I'm sure Apple's fans overall would be a little less ignorant.

Elliott said,
Glad he lumps all Apple fans into the "they don't know their system is less secure" category.
I think the key word there is "fans". Not users. He's probably targeting the rabid fanboys online who worship at the alter of Apple and will constantly spout the same jaded rhetoric about it's superiority to Windows and mankind itself. It's because of them that Apple get away with all the crap other people highlight including the lax approach to security.

Elliott said,

Windows only recently gained DEP and ASLR, and they've both been cracked (through IE no less). While they're good steps forward, nothing is impenetrable. I'm not saying system vendors should be lazy, but really, being cautious is the best action anyone can take.

Be wary of social engineering, because it can always happen. A widespread attack can happen well before security suite vendors can update their definitions and get people to download them. Doesn't take much for a person to get a truly ignorant person to download a file and run it. Said executable wouldn't even need administrative privileges to do serious damage.

This isn't just about ALSR and DEP, these are a tiny piece of the security model. OS X is is sitting on a XNU kernel model that Apple itself doesn't seem to understand well enough to engineer the security needed to keep it safe nor deep it safe the the OS X upper layers of the OS.

It is a strange world when BSD servers are being hacked, and OS X is significantly less secure, and Apple and their fans are still believing that they are safe because they think OS X is secure and its BSD kernel(which is technically not correct) helps make it more secure.

Being socially responsible does help, but when your OS and Browser can let code run on your system without YOUR INTERACTION, there is a major problem that has been unaddresses by Apple for several years now in several layers of OS X.

Neb Okla said,
The point was that not only was his SSID broadcast, but his connection was totally insecure. I just walked into his house and connected - while he busily looked for the SSID and WEP key so I could sign in to his "Secure" wireless network.

I prefer the Apple fans who admit they don't know anything to the ones who, as Reagan put it "know so much that isn't so".

So it is apparently Apple's fault that your idiotic friend didn't set up the network with WPA2 on his airport? So please explain to me, why is it Apple's fault because your friend is a moron? its as bad as blaming Microsoft because some idiot is click happy with his browser and gets infected with something.

Neb Okla said,

The point was that not only was his SSID broadcast, but his connection was totally insecure. I just walked into his house and connected - while he busily looked for the SSID and WEP key so I could sign in to his "Secure" wireless network.

I prefer the Apple fans who admit they don't know anything to the ones who, as Reagan put it "know so much that isn't so".

You make a very good point, and it works for users on both platforms... The amount they don't know, but think they do is very scary. I STILL (YEARS LATER) have to argue with people on staff that antivirus software is important... And it isn't that they have a basis to counter my insistence (As if it would matter), they just KNOW that it's unnecessary. Security isn't important, etc. I mean, a year or so ago someone connected to an unencrypted network at Barnes & Noble I believe and stole customer's credit card data... Clearly their admin just THOUGHT they knew what they were doing...

protocol7 said,
I think the key word there is "fans". Not users. He's probably targeting the rabid fanboys online who worship at the alter of Apple and will constantly spout the same jaded rhetoric about it's superiority to Windows and mankind itself. It's because of them that Apple get away with all the crap other people highlight including the lax approach to security.

I thought it meant fans rather than users. If it meant users it would be a) incredibly offensive and b) completely untrue.

I do know a few noobish Mac users who think that Apple produce special hardware that magically runs Windows faster just because it's in a Mac Pro case. However, most of the Mac users I know are actually very competent and safe users.

plasmarox said,
How about "police continue to target offenders"?


Yeah, that doesn't really work with "the sun is hot." Maybe where you live the police are perfect.

Nowhere in the article does Maiffret say that Windows is more secure. He says that Microsoft puts more effort into security than Apple.

And the guy looks exactly like I would expect him to.

boogerjones said,
Nowhere in the article does Maiffret say that Windows is more secure. He says that Microsoft puts more effort into security than Apple.

And the guy looks exactly like I would expect him to.

With all due respect, please read before commenting...


"If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."

Edited by Benjamin Rubenstein, Apr 16 2010, 3:02pm :

boogerjones said,
Nowhere in the article does Maiffret say that Windows is more secure. He says that Microsoft puts more effort into security than Apple.

And the guy looks exactly like I would expect him to.

What does anyones look have to do with anything?

Benjamin Rubenstein said,
With all due respect, please read before commenting...


"If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."

Saying something is not more secure doesn't imply is it less secure.

The best you can imply is they are equal.

Benjamin Rubenstein said,
With all due respect, please read before commenting...


"If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."

with all due respect, he says Microsoft is more secure than Apple, not Windows.
now, i do believe Windows and its safeguards are much much more secure than OS X
its been stated time again at Pwn2Own, etc, even IE8 is the most protected browser according to every hacker at that contest, dispite it being hacked, it has the most protection, yes, more than Chrome.

the title of this article needs to change, its pure flamebait really, you can't really deny that, can you?

i'll say it again, he states Microsoft is more secure than Apple, meaning, Microsoft does more to protect its OS than any other

Security doesn't always equate safety

signed Happy Windows Vista/7 user ;P

Edited by dingl_, Apr 16 2010, 4:40pm :

Chuck Boots said,

What does anyones look have to do with anything?


Well what do you expect?
The guy's name implies that his level of intelligence is exactly what i expect it to be.

every one forgive boogerjones he is ignorant.

"And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple."

boogerjones said,
Nowhere in the article does Maiffret say that Windows is more secure. He says that Microsoft puts more effort into security than Apple.

And the guy looks exactly like I would expect him to.

crapy comment.. read first..

Benjamin Rubenstein said,
With all due respect, please read before commenting...


"If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."

To be honest, Mr. Maiffret does not specifically mention Windows being more secure than OS X, which was what this article's title was getting at. It could very well be a comparison between Safari and Internet Explorer - but irrelevant as Maiffret was just referring to the attitudes of the companies themselves.

I could be wrong, but that's what I gathered by quickly skimming through the article.

Edited by Denis W., Apr 16 2010, 4:54pm :

boogerjones said,

And the guy looks exactly like I would expect him to.

Whats that supposed to mean? Sounds like you think the way he looks effects his credibility?

rm20010 said,

To be honest, Mr. Maiffret does not specifically mention Windows being more secure than OS X, which was what this article's title was getting at. It could very well be a comparison between Safari and Internet Explorer - but irrelevant as Maiffret was just referring to the attitudes of the companies themselves.

I could be wrong, but that's what I gathered by quickly skimming through the article.


Alright, for those who said that he didnt say that windows is better than OSx read this one more time.

"If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not." VERY MUCH NOT

here more secure actually refers to Windows and OS X

"It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc"

boogerjones said,
Nowhere in the article does Maiffret say that Windows is more secure. He says that Microsoft puts more effort into security than Apple.

"they wouldn't claim to be more secure than Microsoft because they are very much not."
fan boys are easy to pwn... they have no logic and low IQ's... don't feel bad. the ave IQ in America is 95.

Ad Man Gamer said,

"they wouldn't claim to be more secure than Microsoft because they are very much not."
fan boys are easy to pwn... they have no logic and low IQ's... don't feel bad. the ave IQ in America is 95.


Really? IQ comments coming from someone who thinks the abbreviation for "average" is "ave". FYI "ave" is short for "avenue", not "average". Nice try but you fail.

Ad Man Gamer said,
the ave IQ in America is 95.
The average IQ, by definition, is 100. If the measured average is below 100, then the test is flawed.

It's fairly obvious MS and Apple are generally synonymous with Windows and OSX. You don't generally talk about security for other items.

Tim Dawg said,
Really? IQ comments coming from someone who thinks the abbreviation for "average" is "ave". FYI "ave" is short for "avenue", not "average". Nice try but you fail.
Let's just not continue this foolish conversation, eh?

ckitching said,
The average IQ, by definition, is 100. If the measured average is below 100, then the test is flawed.
Over the entire world population. Samples can quite easily be lower. (I don't think it's necessarily true though for the US)

Edited by Kirkburn, Apr 16 2010, 8:50pm :

Tim Dawg said,

Really? IQ comments coming from someone who thinks the abbreviation for "average" is "ave". FYI "ave" is short for "avenue", not "average". Nice try but you fail.

give me a brake, i'm dyslexic. FYI. IQ is not determined by knowledge of abbreviations, its to do with how fast your brain can process visual and numeral problems at different complexities, and if it can process them at all. knowledge of spelling don't come in to it.

O... And this link begs to differ. http://www.all-acronyms.com/avg/average/18916

ckitching said,
The average IQ, by definition, is 100. If the measured average is below 100, then the test is flawed.

100, is the global avg. but there is consideration in looking in to this, due to the alarming drop in IQ over the years.

http://w-uh.com/images/world_IQ_over_time.gif

this shows the correlation between population and avg IQ. this says America is 98. but most studies have found it hard to push America past double digits.
not all Americans are dumb, but an alarming amount are. but its mainly the hick states, that run down your numbers.

LaP said,
Saying something is not more secure doesn't imply is it less secure.

But saying something is "very much" not more secure does imply that it is less secure.

Ad Man Gamer said,
100, is the global avg. but there is consideration in looking in to this, due to the alarming drop in IQ over the years.

http://w-uh.com/images/world_IQ_over_time.gif

I /seriously/ doubt that graph. It has no sources attached, for one.

Anyway, http://en.wikipedia.org/wiki/Intelligence_quotient should end any conversations about what IQ is and isn't. It does not supply that kind of graph, because real graphs of that kind likely do not exist.

Edited by Kirkburn, Apr 16 2010, 9:58pm :

Ad Man Gamer said,

100, is the global avg. but there is consideration in looking in to this, due to the alarming drop in IQ over the years.

http://w-uh.com/images/world_IQ_over_time.gif

this shows the correlation between population and avg IQ. this says America is 98. but most studies have found it hard to push America past double digits.
not all Americans are dumb, but an alarming amount are. but its mainly the hick states, that run down your numbers.

Interesting, because our test scores would show that if anything our problem areas are the urban areas...

Having read through your posts, I can clearly see that you really have no idea what you're talking about at all... I hesitate to bring up the numerous grammatical errors you've made, since you're such a genius...

M_Lyons10 said,
since you're such a genius...

I didn't say I'm a genius.

M_Lyons10 said,
I hesitate to bring up the numerous grammatical errors you've made,

I'm dyslexic (i recall you saying... "Having read through your posts"... Yer. If you sifted threw them properly, you would of seen that.)

M_Lyons10 said,
Interesting, because our test scores would show that if anything our problem areas are the urban areas...

That is true. But it depends on what kind of tests. (I.Q. or knowledgeable). Tests on what you know, are not a reflection on your I.Q.

Apples security is lower because they think they dont need to have protection in there OS - since they believe there isn't a need for it.

Windows meanwhile had thousands of viruses, and Microsoft has addressed that with new features such as BitLocker and UAC, although i will admit UAC wasn't all it should of been in Vista (like many of its features) in Windows 7 the security features are quite nice.

c3ntury said,
Windows meanwhile had thousands of viruses, and Microsoft has addressed that with new features such as BitLocker and UAC, although i will admit UAC wasn't all it should of been in Vista (like many of its features) in Windows 7 the security features are quite nice.
Just to be clear, BitLocker is there to encrypt your data and UAC is to stop users from being stupid related to social engineering attacks (most viruses are installed willingly by the user, and UAC is there to help stop the user). This is actually related to how Unix/Linux/(and even Mac as a result of the first one) handle privilege elevation requests, and was a very good thing to copy. Just to be clear, Apple got this for free by taking BSD/Mach and writing OS X on top of it.

The real, serious security in Windows is the "Address space layout randomization" (ASLR). This turns predictable attacks into hard to implement attacks. Apple, through the current release of OS X Service Pack 6 (Snow Leopard) has yet to implement a good form of ASLR; they do have a weak version that randomizes libraries that are loaded, which is not to be brushed off as insignificant, but it's nothing like a complete implementation.

Microsoft also uses Data Execution Prevention (DEP) to prevent code execution where there isn't code (memory that is marked to say "hey, I'm code, so you can execute me" and "hey, I should be data, so don't execute me" (one part of real hacking happens by tricking the OS into thinking that you have code in the data area, and then _pointing_ to it as the "next" code to execute; this is easier to implement on the stack than it is on the heap, but it can happen in either)). Apple has a similar system that they implemented in Leopard, but only fully apply to 64 bit applications--most applications are still not 64 bit. They have some support for 32 bit applications, but they do not protect the heap (where most data is written/stored and consequently read from). I can't find documentation stating this changed in Snow Leopard.

Edited by pickypg, Apr 16 2010, 4:24pm :

Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

I beg to differ. Hackintosh's can be built for ~$200 nowadays. If the baddies really wanted to target Macs they could and cost really isn't in the way anymore.

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

wow, talk about ignorant

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

lmao... that's your reasoning? haha ok... I'll leave it at that...

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

I work at a major electronics store in Canada which sells Mac's along-side PC's, and everytime I get asked to go to that counter, this is the kind of stupidity I encounter. Very typical, brainwashed, ignorant, stupid, Apple fanboy.

-=MagMan=- said,

I work at a major electronics store in Canada which sells Mac's along-side PC's, and everytime I get asked to go to that counter, this is the kind of stupidity I encounter. Very typical, brainwashed, ignorant, stupid, Apple fanboy.

Me? i am not a Apple fan boy in any way. don't even own any of their products.

Sebianoti said,

Me? i am not a Apple fan boy in any way. don't even own any of their products.

I can tell. Dont talk about stuff you have no idea about.

c3ntury said,

I can tell. Dont talk about stuff you have no idea about.

To have idea about the price go to apple.com as simple as a click away.

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

ha ha ha... way to drink Stevy's kool aid... if someone was a hacker. don't you think they would just hack OSX to run on there pc... derrr.

i'm very concerned on the matter, that common since is rapidly going out the window.

Ad Man Gamer said,
way to drink Stevy's kool aid
Guys, he's obviously not a fanboy of Apple. He's just saying they're expensive. Fanboys don't generally point out their platform's weakness >_<
That said, I don't agree with the reasoning. If you're going to hack "properly", you're probably going to have monetary backing.

Edited by Kirkburn, Apr 16 2010, 8:59pm :

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

OK my friend this is why what you say is clueless.

Hackers can and do easily build their own OS X boxes or run OS X emulation software. So they don't even have to invest in new hardware like the average user world.

Additionally, Macs are not that expensive and even the most anti-Mac people often pick up a Mac for testing when they deal with development, security and testing for business reasons or if they have moved from their parents basement.

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

This is going to come as a huge shock to you, but from personal experience I have found that most professional hackers use Macs and OS X as their primary OS and multiboot with Linux and Windows for security work. I don't know, maybe it's just because it's not as easy to run OS X on a Hackintosh than it is to run Windows on Mac. Script kiddies, Islamic terrorists and Asian and Eastern European cybercriminals tend to use Windows because they don't pay for it. I would qualify as a part-time script kiddie. Just for the knowledge really, I don't commit crimes, unlike Goldman Sachs.

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

That makes absolutely no-sense what so ever.

Apple is living on borrowed time and the issue that security experts such as the person being interview have is that when more market-share is gained - can Apple lift their game and address the security issues when required?

The worst part for me as a Mac user is the fact that there are technologies already in place but not properly utilised, ASLR for example isn't fully taken advantage of, SandBox'ing for example is only used for a couple of services, Safari still auto-runs stuff that is downloaded - which is simply a stupid thing to do.

Honestly, I've never been hacked, cracked or infected when running Mac or Windows but if Apple keep up this mickey mouse half baked half assed security then I'll be forced to move to Windows; clearly Apple doesn't give a crap as so far as securing their operating system only instead to maintain an RDF over its user base.

pickypg said,
Just to be clear, BitLocker is there to encrypt your data and UAC is to stop users from being stupid related to social engineering attacks (most viruses are installed willingly by the user, and UAC is there to help stop the user). This is actually related to how Unix/Linux/(and even Mac as a result of the first one) handle privilege elevation requests, and was a very good thing to copy. Just to be clear, Apple got this for free by taking BSD/Mach and writing OS X on top of it.

The real, serious security in Windows is the "Address space layout randomization" (ASLR). This turns predictable attacks into hard to implement attacks. Apple, through the current release of OS X Service Pack 6 (Snow Leopard) has yet to implement a good form of ASLR; they do have a weak version that randomizes libraries that are loaded, which is not to be brushed off as insignificant, but it's nothing like a complete implementation.

Microsoft also uses Data Execution Prevention (DEP) to prevent code execution where there isn't code (memory that is marked to say "hey, I'm code, so you can execute me" and "hey, I should be data, so don't execute me" (one part of real hacking happens by tricking the OS into thinking that you have code in the data area, and then _pointing_ to it as the "next" code to execute; this is easier to implement on the stack than it is on the heap, but it can happen in either)). Apple has a similar system that they implemented in Leopard, but only fully apply to 64 bit applications--most applications are still not 64 bit. They have some support for 32 bit applications, but they do not protect the heap (where most data is written/stored and consequently read from). I can't find documentation stating this changed in Snow Leopard.

Very good post. I was not familiar with Apple's security model, but found your post very interesting.

Sebianoti said,
Not really, Apple is Less secure because its more expensive and not every hacker can afford way higher prices than a Cheap PC...

I doubt this would be the case. The reason people get involved in computer crime is because there is a lot of money to be made from it. If a targetting OS X would generate large income people would attack it, and they would certainly make the effort to own a Mac/Hackintosh PC.

As it stands, Macs have a lower market share (which could indeed be due to cost since average users won't/can't pay that much). Lower market share means you get less return for the effort and cost in finding exploits. It's much better to spread your virus/whatever on Windows, which has a very very high market share.

c3ntury said,
Apples security is lower because....

Because some teenagers dont know what a OS is and security means, they see its apple product and steve is selling it, they are really nuts.

If you want to know about a OS try win7