Smug Mac lovers who point to Windows vulnerabilities now have something to worry about: A top security researcher claims that Windows Vista is more secure than Mac OS X.
Dino Dai Zovi recently won a $10,000 prize for hacking into a MacBook Pro, exploiting a security flaw in Apple’s Safari browser. He used the hole to open a back door and gain access to everything on the computer.
In an interview with Computerworld, Zovi said, “I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code.”
For years, Apple devotees have crowed that their operating system is far safer than Windows. If Zovi is to be believed, that’s no longer the case.
He’s not alone in his beliefs. Zovi won his prize at the CanSecWest security conference in Vancouver a few weeks ago, and other attendees echo his thoughts.
Dragos Ruiu, the principal organizer of security conferences including CanSecWest, told Computerworld, “I hear a lot of people bragging about how easy it is to break into Macs.”
And Theo de Raadt, OpenBSD project leader and an attendee at the conference said one reason that Mac exploits aren’t well publicized is that Apple is “extremely litigious when people do find stuff.”
I’ve long thought that one reason Apple has such a shiny reputation has nothing to do with its hardware, and everything to do with its masterful marketing. It may be that the myth of Mac security superiority is more about marketing and less about facts.
"resulted in fewer vulnerabilities in newly-written code"
So nothing about the legacy code in there and Vista is new enough that that statement cannot really be quantified.
I use a Mac and I will be the first to tell you it isn't "secure" because no OS is "secure".
"I hear a lot of people bragging about how easy it is to break into Macs."
I have not heard that at all and I have been part of the community (even on the development side) for a couple years now.
I guess the future will show us though and I believe no matter what OS you are on, it will only get better.
nonsense.
Pre-MacOSX, there were quite a few Mac only viruses running around. Proving that regardless of popularity there were evil people out there willing to cause harm. Did they just disappear? There is no reason to believe so. The only rational conclusion is that the job has been made far more difficult due to the inherently superior security of MacOSX.
What is interesting about the prize that Dino Dai Zovi received is that (a) it is not a Mac only flaw, but affects Windows as well and (b) the contest holders had to make it easier for people to exploit a flaw.
Furthermore, this flaw has already been fixed. So, what flaw can people point to now? I'm not aware of any on the Mac.
I am aware of many on Windows.
Personally, I hope that since these people (including you) have placed their own personal credibility on the line, that they will have to suffer the consequences for spreading misinformation.
If hacking Macs is so easy, how come the competition organizers had to first massively increase the prize in order to get anyone to even try. Then they had to loosen the rules to allow browser based attacks that required user-action to enable the exploit. They basicaly kept upping the reward and lowering the bar for success untill eventualy someone succeeded.
Put that way, it hardly looks like convincing evidence of overall insecurity in Macs, does it?
"Is Vista More Secure than Mac OS X?"
NO. Any claims to the contrary are just ignorant hogwash.
The day that a drive-by browser based stealth installation can put a piece of malware on an OS X box without any awareness or user intervention, I will agree.
The fact still remains that no such exploits exist in the wild. Will that remain the case forever? Likely not.
The question of whether or not the OS is secure is not terribly important, since as has been frequently reported malware authors are targeting applications rather than systems. As has already been pointed out, the flaw that was exploited here was a QuickTime flaw, NOT an OS X flaw, and the Windows version of QuickTime is just as vulnerable.
Thus, Mac OS X vs Vista is not really the issue here.
"I've long thought that one reason Apple has such a shiny reputation has nothing to do with its hardware, and everything to do with its masterful marketing"
And lo and behold, you have finally scraped together some data - however tenuous - to support your pre-established conclusion. Not only that, you can let yourself off the intellectual hook by claiming an attack from "Mac Zealots. Others have pointed out the flaws in the logic behind this post, so I'll just mention two things:
1) In the sciences, selecting and presenting only the data that supports your conclusion while suppressing/ignoring contrary data is generally frowned upon and can cost you your job. I seem to remember it *used* to be the same in reporting, but then again, I'm not sure reporting is what you do anyway.
2) I don't consider myself a "Mac Zealot" so much as an "Anti-public displays of stupidity zealot".
Obviously no. He's a security expert, right? Does he uses Windows? No. He reportedly said in an interview to John Grubber that his first, second and third machines are Macs...
He knows a thing or two about computers, but I'm afraid he cannot express himself clearly. That last interview you quote is nonsense.
Since Vista hasn't really been around long enough in the community, time will tell. Give it a year, and I'll bet they will find plenty of leaks. Only 2 million plus lines of code, someone will find a chink in the armour.
How long will it take Microsoft to release a update patch for their system? Not long I'll wager.
this makes sense. I mean, that's why people put ADT signs in their yard, to discourage. The burglar is going to move on to something that doesn't have one of those signs. My mother had a fake security camera for the longest time. it didn't work, it's sole purpose was to make the burglar uneasy and unconfident.
Macs are really good, but in the long it will be Microsoft that will have the upperhand because the more the exploits happen the better they will be fixed. Apple's point of attacking those who find exploits will backfire, because hackers won't divalge their findings. I own both an Apple and Vista machine, so my views are equal to both. But one thing is for sure, Apple's clever marketing is able to sell people boxes of fresh wyoming air if they wanted to.
Given a totally even playing field (both OSes were the same "level" of secure), I would argue Mac's would still appear to be more secure.
There are far more windows machines than Macs "in the wild". I'd venture a guess that the relative percentage of "smart and/or good" computer users in that smaller Mac population is higher than that in the much, much, much larger PC population.
Put that together, and you have a small population, with many savvy users experiencing fewer attacks/viruses/flaws. Does that make Macs more secure?
I find it comody that "MAC PEOPLE" can put down other products but can't be critisized themselves. It's like being at a party were the guy cracking the jokes and making fun of others is having a blast until the jokes on him!! LOL. The fact is regaurdless of what anyone has to say Microsoft offers a better platform hence all the software and harware supports Windows not MAC wich equals satisfied computer user. This is something that not any of my "RED FACED" MAC users can argue. PERIOD! Thanks MAC, but no thanks...LOL
One attack out of how many? I use Vista and OS X; dual boot with Boot Camp and Parallels. Both run OSs (PC and MAC) the latest Norton, both download updates from their associated creators...
Every other day I run Vista an I spend countless wasted time downloaded MS Updates to fend off security holes and vulnerabilities an almost always needing a reboot once the updates are complete... Norton 360 on Vista is always updating as well with a majority of the time requiring a reboot! OS X gets an update of Norton once a month if that! OS X updates come through about once every 3 weeks in average.
So one hole vs. how many? Come on folks, get your heads out of your asses... I've been hacking MAC OS's (6 and beyond), UNIX (AIX, Solaris, HP/UX, LINUX, etc.) AND WINDOWS (3.11 and beyond) for a long time. UNIX is the only OS that is truly enterprise ready. By the way, the article mentions nothing about if the data on OS X was encrypted! A feature native to OS X NOT that rinky dink OS known as Windows. So by my measure if the hole existed and the intruder gained access to the entire machine if the data was encrypted; who cares! The intruder couldn't do anything with the data.
Outside of two programs I use that aren't ported to OS x yet, I would have deep six'd Windows ages ago!
Nice FUD (Fear Uncertainty and Doubt) try... I think Preston Gralla should get a new career as a garbage man! LOL... Sling crap seems to be his forte!
Get out of the DOS age... OS X is waiting for you!
i think this is stupid
If there is such vulnerabilities on Macs and "how easy is to break into Macs" comments are true, how come there is no "real" antivirus, anti-spyware etc, etc, etc... for Macs? I honestly think that Mac OS Leopard is the greatest OS ever made... and is not expensive as Vista.
YES, not only more secure, but better in usability as well.
The fame around apple's products is nothing more than the result of a pathetic marketing done for pathetic people.
It's proven that VISTA is safer. Anyone screaming and saying the opposite can go and buy an iphone.