Yes Virginia, Macs really are more secure. By design

by  Alan Zisman (c) 2005 First published in Performance PC Canada date


For this security-themed issue, I was asked to review security software for Macs. I can think of lots of such programs for Windows-users: anti-virus applications, firewalls, spyware scanners, and more. Any Windows user ignores them at his (or her) peril. For Mac? Well there are a few anti-virus programs, but many Mac owners don't bother. Mac owners install anti-virus software to avoid accidentally spreading Windows viruses.

Macs aren't perfect. Apple, just like Microsoft, releases operating system updates from time to time, aimed at patching security holes as they are discovered.

And Mac-owners running that platform's version of Microsoft Office are in danger from Word and Excel macro-viruses, just like users of the Windows MS Office version. Macro-viruses were widespread a decade ago, but they are very rare today. Instead, the virus targets of choice are Microsoft Outlook and Outlook Express, Windows-only applications. Spyware, arguably causing more distress these days amongst computer owners than viruses, is also Windows-only. In 2004, there was some discussion about a theoretical way to write Mac OS X viruses, but there are currently no Mac viruses ‘in the wild'.

One reason Mac-owners get off easy is the relatively small number of Macs. Graham Cluley, of anti-virus software firm Sophos said: "… virus writers appear motivated by a desire to cause widespread havoc and so have concentrated on the market leader."

But that's only part of the story. Microsoft has made a series of design decisions that have made Windows systems easy targets. Microsoft turns on system services by default, leaving them running in the background in case they are needed. Unused, these services eat up system resources and leave back doors unlocked when a computer is online. (For example, most users only discover the Windows Messaging service—not to be confused with instant messaging like MSN Messenger—when it gets used by adware programs to pop up ads on their desktop). Programs such as Outlook or Outlook Express can run scripts which can harvest email addresses, change computer settings, or install software.

Microsoft correctly designed the multi-user Windows 2000 and XP with users designated as system administrators or as limited users with less power to change the system. But on the mass-market Windows XP Home, this is hidden; the default user has full administrator power and lacks the protection from inadvertent software installs that they would have if they were running as a limited user.

In moving to its Unix-based OS X operating system, Apple made choices that result in better security. Unused services are turned off by default. The all-powerful Root user account is hidden; serious geeks who need Root access can get it, but the rest of us are protected from self-inflicted damage. While any Windows application can install files into the \Windows\System folders, Mac software—including Apple's own software updates-- cannot make changes to the operating system without explicit administrator-level user permission. At worst, malware could muck up an individual user's setup, but not mess up the computer over-all.

The end-result: the bad guys target Windows both because of the large number of people using it and because it's easy to get results. That's no guarantee that there will never be a successful mass attack on Mac (or Linux) users, but for now—and for the foreseeable future— you'll be far safer computing on a Mac than on a Windows system.