Security: Mac OS X vs. Windows

by
This entry was published at least two years ago (originally posted on December 14, 2003). Since that time the information may have become outdated or my beliefs may have changed (in general, assume a more open and liberal current viewpoint). A fuller disclaimer is available.

Last week, a minor firestorm erupted when PC Magazine columnist Lance Ulanoff wrote a ridiculously inflammatory article gleefully declaring that, “the Mac OS is just as vulnerable as Microsoft Windows.”

I know this is wrong, but in one respect I was happy to learn earlier this month about the discovery of a significant security hole in the Jaguar and Panther versions (10.2 and 10.3, respectively) of the Apple operating system (OS).

Richard Forno, former Chief Security Officer for Network Solutions, has responded with a comparison of Mac OS X and Windows security — and Windows doesn’t exactly come out ahead.

In a December 11 column that epitomizes the concept of yellow journalism, he’s “happy” that Mac OS X is vulnerable to a new and quite significant security vulnerability. The article was based on a security advisory by researcher Bill Carrel regarding a DHCP vulnerability in Mac OS X. Carrel reported the vulnerability to Apple in mid-October and, through responsible disclosure practices, waited for a prolonged period before releasing the exploit information publicly since Apple was slow in responding to Carrel’s report (a common problem with all big software vendors.)  Accordingly, Lance took this as a green light to launch into a snide tirade about how  “Mac OS is just as vulnerable as Microsoft Windows” while penning paragraph after paragraph saying “I told you so” and calling anyone who disagrees with him a “Mac zealot.”

You’re either with him or with the “zealots.”  Where have we heard this narrow-minded extremist view before?  

More to the point, his article is replete with factual errors. Had he done his homework instead of rushing to smear the Mac security community and fuel his Windows-based envy, he’d have known that not only did Apple tell Carrel on November 19 that a technical fix for the problem would be released in its December Mac OS X update, but that Apple released easy-to-read guidance (complete with screenshots) for users to mitigate this problem on November 26.  Somehow he missed that.

Since he’s obviously neither a technologist (despite writing for a technology magazine) nor a security expert, let’s examine a few differences between Mac and Windows to see why Macintosh systems are, despite his crowing, whining, and wishing, inherently more secure than Windows systems.

(via Damien)

2 thoughts on “Security: Mac OS X vs. Windows”

  1. I sent the following letter to Mr. Unlanoff and got the later following reply.

    Original Message
    From: SECollins7@aol.com
    Sent: Thursday, December 11, 2003 11:53 AM
    To: Ulanoff, Lance
    Subject: Macs (not “Mac’s”, as in your title) Vulnerable?

    Lance,

    Just read your smug, gleeful article about the security vulnerability in
    Mac OS 10.2 and 10.3 (which Apple fixed fairly quickly, BTW, unlike
    Micro$oft). So that makes up for decades of gaping holes in Windows,
    some of which Micro$oft left open for years? Many of which were
    exploited by hackers and cost companies and individuals billions of
    dollars and millions of hours of lost productivity? That’s ridiculous,
    and you know it. You’re clearly not an objective observer. As a
    journalist, that should be your goal.

    Ed Collins

    Reply Separator

    Opinion columns are usually not objective. In fact they’re filled with
    subjective thoughts. I agree, Apple fixed the hole fast, as does
    Microsoft. Of course there are a lot more holes in MS’s code. I
    acknowledge that, but my point was that the Mac is not invulnerable.

    Post your thoughts in the forum.
    http://discuss.pcmag.com/pcmag/start/?msg=32413

  2. so far, all of OSX’s vulnerabilities to viruses and hackers has cost companies and individuals exactly $0.00 dollars…. MSFT’s vulnerabilities to viruses and hackers has cost companies and individuals 10’s of BILLIONS of dollars…..

    why? because MSFT is a monopoly …. those things did not cause MSFT to lose money in the past…. now that there is true alternatives, Linux and any other Unix off shoot, these alternatives are cleaning up the floor with MSFT’s stupidity…. MSFT has lost 10% market share in the last year and a half in web servers because of their security stupidity…. and that loss is continuing because people realize that they’ve been paying a monopoly premium for LESS stable software…..

    several columnists have had to apologize for their lack of understanding about OSX security compared to Windows, believing it was just the market share that caused the discrepancy….

    here are a couple…

    http://www.nytimes.com/2003/09/18/technology/circuits/18POGUE-EMAIL.html?ex=1071637200&en=dbad64b5acc1880c&ei=5070

    http://www.sunspot.net/technology/custom/pluggedin/bal-mac082803,0,1353478.column

    jon.

Comments are closed.