Mac users 'too smug' Over Security? 707
wild_berry writes "Bill Thompson, one of the BBC's technology commentators and presenter of Go Digital on the BBC World Service, expresses his concerns that Mac users assume their safety in the face of trojans, worms, keyloggers and other malware. As a Mac user he is most concerned about the lack of herd immunity that is needed to stop a few infections becoming an epidemic, fully explained in his column week for the BBC technology site. Is he right, and what actual products exist for OS X that would protect against infections?"
Through the glass darkly (Score:2, Insightful)
Mac resistance to malware (Score:3, Insightful)
I have a Mac and only have the firewall turned on. I suppose I'm off the bell curve since the Mac is for entertainment only and I rarely browse and never use email with it.
So, is there a profile of a Mac virus writer???
-a
Oh no.. (Score:4, Insightful)
If you want to talk about any audience that's too smug, talk about Linux. Linux is on more important machines, and yet everyone talks about how safe and secure it is, even though in some cases it's just not true at all. Yes, Open Source code is generally more secure, but the major parts that need to be secured in OS X are Open Source.
As far as I'm concerned, both Linux and OS X are going to be one hell of a lot safer than Windows for a long time running, and so I can rest and relax in my relative security thanks to Microsoft's inferior security practices.
One product stops mac PCs from getting infected. (Score:4, Insightful)
There's no substituting an OS that doesn't let the average user have administrator rights all the time.
The windows users state that they don't need to run as administrator, but then ask them what hurdles they have to go through to make their software "just work".
Re:he's nearly right... (Score:5, Insightful)
When people start targeting Apple or *NIX (Score:4, Insightful)
wait.... (Score:3, Insightful)
well, here's the problem... (Score:5, Insightful)
The day i see a virus on OS X is the day I buy an AV program.
What to use? (Score:4, Insightful)
It works here even with Windows XP.
Re:Dead On (Score:5, Insightful)
Secondly, any kid who's seen an AOL commercial realizes how bad viruses are. n new viruses a day. 50k Windows viruses and counting. And Windows still has no way to stop these things, whereas OS X/Linux/*BSD are designed from the ground up to be immune to the kinds of attacks that Windows gets constantly pounded by.
Next, look at the patch release time. Open Source developers get patches out almost the instant a volunerability is found that is considered to be serious enough to be patched. Mac OS X is an OS project (and thusly, all of the nasty bits that generally cause problems like network applications are OS), with a nice pretty closed GUI. Sure there have been security holes in their products, but they are extremly quick about getting patches out. Microsoft has proved time and again to be a beast of burden when it comes to patches, as seen just recently after it took them over a week to patch a ZERO DAY exploit.
No, Mac users aren't invulnerable. We're simply more secure overall. And we're proud of that.
Re:Through the glass darkly (Score:5, Insightful)
Just to name some of the obvious... OS X can't use ActiveX, it's actually useful when you run a non-administrator account, it doesn't come with Swiss-cheese services enabled by default, it doesn't automatically trust machines on its own subnet, and there's no real equivalent on it to VB scripting.
With that in mind, I absolutely agree that Mac users are too smug and that a dedicated malware author could bring many of us to our knees. (Hell, I run as administrator just to save time, despite knowing the risks. It's a gamble, although I keep good backups.) But an OS X (or Linux) malware author would have to be much more skilled than most Windows-targeting skript kiddies to do a lot of damage.
In today's real world, if you run a Mac (or Linux), you're going to suffer far less than your average Windows user. If you use an out-of-the-box Mac to do typical home-user tasks, which probably include visiting shady corners of the Internet, you won't have the spyware infestations you would with an out-of-the-box Windows box. And most of the routine worms out there have no effect on a Mac.
Re:Dead On (Score:5, Insightful)
There are around 40 Mac-specific viruses and related threats. ++Mac users with [Microsoft] Word 6 or versions of Word/Excel supporting Visual Basic for Applications, however, are vulnerable to infection by macro viruses which are specific to these applications. Indeed, these viruses can, potentially, infect other files on any hardware platform supporting these versions of these applications. I don't know of a macro virus with a Mac-specific payload that actually works at present, but such a payload is entirely possible. ++[Microsoft] Office 98 applications are in principle vulnerable to most of the threats to which Office 97 applications are vulnerable.
Funny. 40 Mac viruses compared to how many PC viruses? 71989 and counting according to Symantec. And the most mentioned causes of problems in security on the Mac Platform? Microsoft products. I rest my case.
Re:Dead On (Score:3, Insightful)
You gained physical access to a computer. That has nothing whatsoever to do with network security. All modern computers, PCs, macs, unixes, linux etc can and should be password protected when you aren't there and they are in a place where they could be physically accessed if you don't want people playing with them. We are discussing stuff that arrives remotely, via email, malware, security holes etc.
We can all break into a house and physically steal the data if it's not secured and that has nothing to do with the architecture of the computer.
Re:What's worse? (Score:5, Insightful)
You can keep waiting for the Mac folks to be proven wrong, but chances are good that you'll be waiting a long time. You see, just like biological viruses computer viruses need two things before they will take off. The first thing that they need is an exploitable weakness. The Mac has enough of those that a worm is certainly possible. The second thing that you need is a large enough body of susceptible hosts that the worm can spread. Macs *don't* have that. Without a large body of susceptible hosts the entire population is safe. That's why it doesn't matter that my neighbors don't immunize their children. The fact that their children are susceptible to immunizable diseases doesn't really matter because there aren't enough luddites to create a viable population of carriers.
Interestingly enough, most of the same effects can be had simply by not using Outlook and IE on Windows as these two programs are the main vectors for infection.
Re:wait.... (Score:2, Insightful)
Safer vs. Safe. (Score:4, Insightful)
But you can still put malware on a Mac. Just attach it to an other application and when they install it, it asks for a password and bang your malware has full access. Some of the new features shown at the Last Mac World scare me a little to. Like allowing people to email links when click opens up iPhoto etc... where they could be a flaw in the graphic renderer to cause a buffer overflow and run code.
The second level of protection is just the fact that a lot less people have a Mac then a PC. If you want to cause havic then you taget windows because the windows base is large enough to allow viruses and malware to spread. Apples are more dotted. And sending mac malwarer may not have the numbers to spread.
All in all I would feel safer using a Mac with a Raw connection to the internet. Vs. a Windows PC behind a well maintained network, with all the patches and secuirty tools. Because the chances are the Mac will catch on fire from a faulty fan, then get a security compremize (Without changing the origional out of the box setting)
Re:Dead On (Score:1, Insightful)
IMO, there is more to the "*nix* is more secure side of the problem.
The problem is purely "economical". Most scumware writers are in for the money. Yes there are exceptions, but mostly it's about green pieces of paper with dead presidents on them. SPAM, phishing and scams work with volumes. If you, as a hacker, want to target as many potential victims as possible you need to attack the biggest possible group of people using the same platform, Windows. Why would a hacker spend time and resources trying to hack a Mac when only 3.some% of the world uses it when there is huge windows PC monoculture used by 95+% of the planet?
Second, Windows hardened is fairly secure. Problem is, out of the box, it's not secure. Everyone and his grandma is root. IE is deep in the OS. This gives an advantage to *nixes, not saying *nixes don't have security holes.
I would bet that if a Linux vendor would take 90% of the desktop market, it would be a big target for malware writers. And if this vendor would allow, and encourage people to use root accounts for their regular PC usage, it would be almost as bad as Windows.
Re:MacOS X itself? (Score:5, Insightful)
If you look at the OS X `exploits' (quotes because that's not what they are), most of them are holes in software that doesn't even run by default. Are you using Apache 2 (not 1.3) on your desktop? If so, the security update will prevent a malicious trusted (!) proxy server from crashing one thread of your Apache instance.
If you're using Windows, you need the security update to prevent the web browser from downloading an image that puts a rootkit on your machine.
It's all about severity, and OS X's "holes" just aren't that bad. However, MS consistently manages to provide a multitude of auto-infection routes to virus writers.
Current vs. Future Problems (Score:4, Insightful)
The issue, in my eyes, is not whether MacOS users are going to be immediately vulnerable to any virus outbreaks because they're not securing their computers properly - it's whether this whole "I use Macs, therefore, I am impervious" is fostering a culture of bad security practices in the Mac community. A good OS is only half the battle - you need to make sure you have good security practices, too, if you don't want to get owned.
-Erwos
Re:Through the glass darkly (Score:4, Insightful)
That's the same reason there haven't been massive exploits for Apache. Even though it has over two-thirds market share, every script kiddie loves F/OSS to the point that they'd never attack it, ever. Same for Internet Explorer - it's only attacked more often than Firefox because it has a bigger market share and every cracker on the planet just plain loves Firefox.
Right.
In the real world, there's a lot of street cred to be earned by being the first to 0wn a network of Macs, and yet no one - not one single cracker anywhere - seems to be up to the challenge. Gee, what terrific luck on Apple's part!
the camping tent allegory (Score:5, Insightful)
A couple of men went camping. They camped at a remote site, new to them, where they didn't really know everyone else who was camping there. After setting up, one of the men put a little, teeny tiny lock on their tent flap door. His friend looked at the flimsy lock and remarked, "That lock is nowhere near good enough to keep out anyone who might want to get into your tent! Why, I bet I could get through that lock in less than a minute.". The first man replied, "The lock doesn't need to be the best lock in the world; it just needs to be better than that guy's" -- and he pointed to the tent next door, without a lock at all.
The point being, surely Mac OS X is not the end-all and be-all of security, but Apple has by all accounts gotten increasingly serious about security as Mac OS X has matured. It's not ever going to be possible to have a 100% perfect level of security, but as long as it's better than that guy's (points to Redmond, WA), in most people's minds it'll be the most secure commercial OS on the market. ~jeff
Re:I'm a Mac user and... (Score:5, Insightful)
The rest of your regime is foolish. Virus and anti-spyware software on the Mac is a case of the problem being worse than the cure. Several of the anti-virus software packages for the Mac actually make your machine less secure. You're not just wasting your time and processor cycles, you are actually making yourself more vulnerable.
Use a firewall, backup regularly, and don't open executables from untrusted sources. That's my whole regime. Perhaps Mac users are a little smug, but hey... this article is six years old and we're STILL considerably safer than our Windows counterparts. Perhaps we deserve to be a little smug.
No amount of software can replace common sense, and common sense never let a virus onto somebody's computer (unlike certain anti-virus software).
Re:One product stops mac PCs from getting infected (Score:5, Insightful)
Yes, because as we all know the really valuable data on the computer is the OS and installed programs. You know, the stuff that can be replaced in a few hours.
All that user data that's completely and utterly irreplacable? Worthless. Who cares if a virus or trojan destroys it? And it obviously doesn't matter if a keylogger running in userspace sniffs out all your bank passwords and sends them to a 3rd party (what, you don't need admin privs to open a socket?!?!), because, hey, the OS itself is still secure!
The amount of real damage that a virus, worm, or trojan can do is not substantially affected by whether or not it can get administrator privledges. It may be easier to remove, but that's about it. And, frankly, if your average user runs in a lower privledged account then they're likely to get used to typing in the admin password when prompted, without even thinking about it.
And that's what it ultimately boils down to -- the user. Clueless users will get hit by crap all the time regardless of the platform. Clued users will not, again regardless of the platform. I've been using PCs for over 20 years now, most of that time on DOS or Windows (although I've also used OS/2, Linux, FreeBSD, Solaris, and several others) and I've been hit with a virus exactly once -- and that was about 18 years ago. It infected very little too, because I was running a virus scanner that caught it quickly (back in the days when McAfee was free(ish) for personal use). Nor have I ever had to remove spyware, malware, etc. on any of my personal or work systems.
OS X has a rather high percentage of non-technical users, just as Windows does. Do you really think that they're immune to doing stupid things?
Re:Dead On (Score:2, Insightful)
They couldn't have been designed from the ground up to be immune viruses because they were designed before they were even around.
Common e-mail viruses have nothing to do with the specific operating system anyway; user opens a file he gets in an e-mail, it sends itself to other e-mail addresses it finds. There's no reason you couldn't write a virus to do it for UNIX, other than it wouldn't spread because there are so few people who use UNIX and would execute an e-mail attachment.
This sort of blind overconfidence is exactly what the article was talking about..
OS X is not "obscure",the important bits are open (Score:2, Insightful)
Re:Dead On (Score:5, Insightful)
True security is an active mechanism: The three points on security:
1. No castle wall in the past ever kept the invaders out indefinetly
2. Never understimate a determined person.
3. In view of points of 1. and 2. you are truely a fool if you think you have found the perfect method of security.
I suppose I could add 4: You are also truely a fool if you a salesman convinces you that their product is 100% secure to all security issues. It may be safe today, but we don't know what tomorrow holds.
Perhaps the Question Shouldn't Be... (Score:3, Insightful)
I think a user should have the right to expect that he can plug his brand new spiffy computer into the Internet without having it infected with some crap within a matter of minutes. I think a user should have a right to expect that his computer is secure without having to run 5 separate security products on it at all times. I think a user should have a right to expect that he can open an email or web page he hasn't visited before without the fear that his computer might be taken over. I think that if your operating system does not live up to these simple measurements, you have failed as a software company.
Re:Security by design (Score:3, Insightful)
Ok, you demonstrate you have a good basic knowledge of OSX, but you also demonstate you have little to no understanding of Windows.
Windows is built on Windows NT, a kernel very much like the BSD interface and kernel that is in OSX; however, being a bit more advanced as it is a non-monolithic client/server kernel technology.
What this means is that WIndows (Win32) and Windows NT, the core under what you see as windows are two very different things.
Windows NT is a true commericial scale OS designed by some very brilliant *nix OS engineers in the early 90s. However it was designed with a bit more extensibility and features than other *nix kernel concepts of the time.
This is why the Windows you see (Win32) is actually a subsystem OS running on top of the Windows NT core.
Security in the Win32 area of the OS is typically where you see viruses and secuirty problems in Windows, not in the NT core underneath.
So to contrast OSX as being 'better' because of its BSD variant kernel is showing a great misunderstanding of the kernel technologies in Windows, as WindowsXP is a Win32 Subsystem running on a NT kernel, a kernel that is as highly regarded in the computing world as any other modern kernel technology, even BSD.
Now if you want to see windows as Win95 or Win98 or WinME, that is a different story, they are completely different Operating Systems and do NOT have the NT kernel or core under them and virtually no security.
Why is having the NT core underneath an important issue?
The NT architecture and kernel were designed with security in mind, more so than a lot of *nix variants at the time in the early 90s. NT has a lot of security that any subsystem running on it MUST adhere to, even the Win32(Windows) subsystem that most people see as Windows.
WindowsXP with SP2 is a fairly secure and safe OS, more so than people that have not used Windows in many years would like to believe. (SP2 is technology derived from the security refocusing at MS that was put into Windows 2003 Server - Since XP on the desktop and Windows Server share the same code base.)
OSX has done some things right, and Apple deserves credit for that. Running users out of the Admin/Root area was done very well (even though System9 didn't even have such a distinction).
Windows Vista (with the NT Core) will also bring the root/admin abstraction to the Windows World. MS should had done this with WindowsXP, but instead choose compatibility for older applications.
MS truly isn't stupid about security, nor is Windows. But Windows has to do something OSX doesn't. It has to support a staggering amount of hardware configurations (without conflicts), and a staggering amount of third party software, and then add in that it is the most targeted Operating System for hackers.
Since Windows 2003 Server and XP SP2, MS hasn't done so bad in the perspective of things, truly...
Re:Completeley useless article, no facts at all (Score:3, Insightful)
Here's the key... its not so much about the message of the article (which, while true, involves a disproportionate amount of hand-wringing...)
"These days Apple users are almost unbearably smug when the subject turns to malware..."
"we got dozens of e-mails from complacent Mac users pointing out that they were safe..."
"Any Mac user who believes they are totally safe is being reckless..."
"Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised..."
There's your answer. Do you really think this guy (the author) will rush to our aid when/if a Mac OS X virus actually hits? No, he's pissed off at the teeming, ignorant Mac users who 'act superior'. And he can now easily point back to this article when/if said virus hits and say 'told you so'. Pretty easy bet, actually. If nothing happens, no one will remember this editorial. If it does, he can crow about it.
Here's my plan: I run no AV software. I do no checks of any kind. My form of security is to not run MS Office (macro viruses). When/if a Mac OS X virus appears, it will be shouted so loudly from the rooftops by redeemed security geeks that I can hardly miss the news. Then I will go download the single virus definition. Until then, I will not concern myself with what is simply not there.
Besides - I take standard precautions, I back up my stuff weekly at a minumum. Hard drives crash without warning, that's a much bigger problem. Luckily I can mitigate a very real hd crash thread and a theoretical virus threat with that same rememdy.
Very true. But it works..... For now...... (Score:3, Insightful)
Re:Mac resistance to malware (Score:5, Insightful)
one of the rules of security is "don't make it easy and obvious" -- OS X does that, Windows doesn't. Windows is the "honey pot" for the world. With all the unsecure machines any script kit can bust it. OS X would take some real work, so the hackers go elsewhere.
another rule: layered defense -- OS X does it, Windows doesn't. With Windows, break into an app or file and you are at the OS core -- see WMF.
It is not about market share, it is about market share of *unsecure* machines. The Windows "not secure" architecture and legacy will haunt it for years to come. If OS X gets 50% market share, those remaining Windows machines will still be just as unsecure and will still get just as hammered by malware, etc. It doesn't follow that overall malware will equally affect OS X.
Try this analogy: there were more robberies of homes than banks....and it ain't because there are so many more homes. Banks are just more difficult to rob, risks are greater and penalties greater. OS X is the bank -- it can be robbed, but I don't spend my time worrying about it. My home, on the other hand, has "windows" -- and I worry about that a lot!
Two observations:
a) do a market share observation of security folks and technical folks at generic computer conferences: the market share of OS X is more like 30-40% for people in the know.
b) as much "negative reaction" as folks have to Steve Jobs and Apple, if someone could write a virus, etc. for OS X, they would have done so by now, just to throw it in his face and make headlines across the tech world. I am still waiting.
Re:Dead On (Score:2, Insightful)
The way I see it, it's like the recent bird flu hype. It's been around for years now and yet we're not running scared of it. Sure, theoretically you could have bad luck and catch it and die for sure, but we still laugh at the chances. That's viruses on Mac. [b]The odds are so small that Mac users can afford to be smug.[/b]
Each 2-3 months history repeats itself (Score:3, Insightful)
I'm actually pretty sure there are more articles about the fact that MacOSX can be prone to malware than there is malware on the Mac. As a mather of fact, no malware on the Mac yet (MacOSX, classic MacOS had a few prior to os8).
None
Zero
Zilch
There was this "proof of concept" once... you had to download a mp3, which in fact was an executable archive, you had to double-click it in the finder, which almost no one does (drag and drop on app in dock usually), then it would execute (which no mp3 does, you have to be a moron not to be suspicious at that point) and then your MacOS was asking for permission to run the process (cause it was targetting a system component), then at this point, you have to be VERY stupid to write your password in the window and click yes. That was what is considered "proof of concept" on the mac...
Name ONE (Score:5, Insightful)
Name one.
C'mon. You just spent a lot of time telling us that there are a lot of viruses out there for OS X and that we should just research it. Well, I'm sure you've researched it, so enlighten us, please. Name one.
Oh, I know about the "opener" trojan. A shell script that never went anywhere. BTW here is a much more destructive "Mac OS X trojan" called "runme.sh" that also affects Linux and Unix! Oh my. Here it is, read with caution:
The only viruses I've seen on macs are word macro viruses - namely Claude.ASo, oh wise one, educate me and the rest of use please. I am aware that there are security weaknesses which could be expoited. But so far, none have. I agree, that we have to be vigilant, but for now, you are just talking out of your ass.
Re:Through the glass darkly (Score:4, Insightful)
To me, the advantage here has always been the availability of a quick patch. Not code that's inherently more secure due to it's license model.
Re:Dead On (Score:3, Insightful)
Re:Dead On (Score:2, Insightful)
Ahh, I see. Because security vulnerabities haven't been exploited means there aren't any! And you rest your case.
Does anyone on this site know logic? It's exactly this smugness that the article is talking about. Just be cautious, that's all. Mac's aren't immune, they are just a lot less popular than Wintel. The number of Mac OS X viruses and worms has more to do with the number of infectable systems on the internet than any sort of feature inherent in Mac OS X.
Apple has even addresed that to some extent (Score:3, Insightful)
All that user data that's completely and utterly irreplacable? Worthless. Who cares if a virus or trojan destroys it? And it obviously doesn't matter if a keylogger running in userspace sniffs out all your bank passwords and sends them to a 3rd party (what, you don't need admin privs to open a socket?!?!), because, hey, the OS itself is still secure!
Actually part of the
But really, what modern viruses actually delete user data? They are far more interested now in capturing user data, or better yet claiming that computer as a zombie. It's simply far more profitable. The idea of viruses actually going after user data is as outmoded as the story submission itself.
Re:What's worse? (Score:3, Insightful)
It's one thing for a Mac fan to say there are secure due to their delusion... it's quite another for them to use their delusion as the basis for a sale.
It's a simplification, not a delusion, and it's a very reasonable basis for a sale.
The fact is that Macs are totally immune to the current crop of viruses and nearly all current spyware... because the viruses and spyware are written for and only run on Windows. That may (and probably will) change in the future. At present, and probably for the next couple of years at least, it's a good reason for buying a Mac.
Re:Dead On (Score:4, Insightful)
Yes, and first let me say I'm not sure of either of those virus counts, i'm just taking the parents numbers for granted. I imagine the symantec count is hugely artifically inflated, given that they count every minor change to a virus as a new virus, often times having hundreds of derivations for a given virus.
That being said, there are of course many fewer virus threats for OSX. There are a couple obvious reasons for this.... First, if only 4% of computer users are on OSX, there aren't going to be many "hackers" who have had access to the OS to learn to make virii, and it's also fair to say that most of the 4% of OSX users are in very non-technical fields, and far less likely to be capable of the technical mischief. Yet another point would be that there is little motivation to write a OSX virus as you would be targetting a minority, and there are very few large networks of OSX systems, such as large corporations using Windows, which are breeding grounds for virii
I suppose the point I'm making, is that it seems there is a bit of 'security by obscurity' in place, that is falsly assumed to be actual security. It's not a bad thing, as it is very true that you are likely safe from this sort of harm if you are using OSX, regardless of the reasons for the safety. But People should also be aware that IF someone wanted to target their OSX machine, it would probably be possible... Just a bit harder than targetting a Windows machine i'm sure.
Re:What's worse? (Score:3, Insightful)
The interesting stuff is, that when we're talking about windows viruses, we don't make a difference between different windows versions, but we should. A "platform" for a virus is a specific version of an operating system which it can infect. No more than 50-60% of the total percentage of computers are vulnerable to a windows virus, given the incompatibilites between various windows versions.
Why is this important? Because according to notable experts, if the platform of a virus would rise above 75-85% of the total computers available for infection, then it would render 15% of the computers of the world unoperative, shortly after it was released into the wild. This would be the computer equivalent of 1918's spanish flu. Basically, it could topple governments, crash stock markets and drive the global economy into a nasty recession. I'm not kidding.
This is something very dangerous to allow, so that is why I'm so glad that Open Source is making its ways into mainstream and that MS fails to unify it's platform either with Vista or a future subscription based model. That'd be very dangerous for computer security because of the homogenity.
What can we do? Use linux, bsd. Seriously. Not for the reason you'd expect though, I'm not a linux zealot although I do use it as my desktop. No, the reason is diversity. There are hundreds of linux distros out there, which don't make one unified platform for viruses to spread. That is the only way to totally prevent viruses: with heterogenity.
Hypothetically, if we were to have 10 only so slightly different linux operating systems making up the 100% of operating systems used on all computers, viruses wouldn't exist, because no virus could achieve a platform larger than 10%, thus practically would be unable to spread!
In real life, this would never happen, but probably we'll end up with dozens of linux, bsd, OSX, windows versions all taking up <10% of the market. And that is even better.
Yes, even windows won't have viruses if it's market share dwindles. Not because of the lack of motivation or the "super" security making it impossible to write them, but the lack of platform for the viruses to spread effectively (although windows would still be a piece of adware filled crap, but no viruses).
Re:Dead On (Score:2, Insightful)
On the contrary, this "economic argument" actually favors development of exploits for *nix derived systems.
Yes, OS X, BSDs, and other *nix systems may be only ~5% of systems, but they are a greater proportion of servers (?70%) and are often deployed in corporations where there a major gains from owning the system (banks, brokers, etc.).
A hacker would get much more bang for his buck from owning a banking network than a bunch of individual Windows computer users and their overdrawn credit cards.
NOT dead on (Score:2, Insightful)
So why haven't Mac's seen their fair share of malware?
It is because the OS is simply more secure by design. Are there flaws in that design? Of course there are. But I think the reason reason is more non-technical.
Just try to run and administer a Windows box securely. It's extremely hard to do. A knowledgable security person can do it with a great deal of effort -- but the average home consumer sure can't. You'll also rapidly discover that not all, but a substantial quantity of Windows software is written with the assumption that applications are installed by the same users who will be running them or that all users have administrative rights all the time. The Windows developer community has this flawed mentality and the OS paradigm does very little to enforce a more secure model.
Mac OS X, in contrast, has a completely different security and usage paradigm. Use a Mac and you'll quickly discover that the OS assumes that the OS should live in one part of the filesystem, installed apps in another, and users should only modify files that are found in their home directories -- further, no user is an admin. Even administrative users run unprivileged and have to type their password to perform administrative actions. Developers with any experience on a Mac quickly learn this paradigm. There are exceptions and I have found them, but they are uncommon on the Mac whereas they are quite common on Windows.
There are so many technical reasons why the Mac is more secure, but the underlying non-technical reason is because (a) developers and users alike are basically lazy and will follow the path of least resistence and (b) the path of least resistence on Windows is to not bother with security at all whereas the path of least resistence on the Mac is to actually have a more secure installation... the OS & it's tools actually make doing this seem quite natural.
Bottom line: The average non-technical Windows user really cannot maintain a secure machine and Microsoft's OS paradigm does little to encourage secure devopment practices. The average non-technical Mac user actually can maintain a fairly secure machine without really knowing what they're doing... and that's because the OS makes it easy for both the users and the developers to have good security habbits.
Mac user's should be a little paranoid, but the OS is vastly more secure. While we'll probably get a small number of malware problems, it'll never come close to approaching the scale of security problems enjoyed by Windows users.
Re:Dead On (Score:2, Insightful)
Re:the camping tent allegory (Score:1, Insightful)
Until operating systems only run signed binaries, and signed binaries are all verified to be free of viruses, no operating system that permits the writing of or to executables is immune to viruses.
Re:Apple has even addresed that to some extent (Score:4, Insightful)
It does keep you from doing low-level things like replacing the network stack, preventing some kinds of badness (e.g. transparent redirects). Not only is it easier to get rid of, it's easier to detect it as well (it can't replace the kernel file APIs to hide virus files, for example). I consider this sort of thing significant. It also makes it harder to run background services and so forth that persist after the user has logged off. (Far from impossible, I know, but more difficult.)
And, again, if you're the sole user of the system, you'll know the admin password and get used to typing it in when prompted. The average user (who trusts the computer, or at least fears breaking something if they don't do as requested -- always) will simply enter the admin password if prompted.
I dunno about that. On Ubuntu, it uses sudo, so you have to type in your password, not the admin password (there actually isn't a password for the root account). But being prompted for your password is a rare event, unless you're actually doing administration. It just doesn't come up in day-to-day operation. Having an email suddenly pop up a password prompt would kinda stand out.
Now, I don't deny that effective social engineering techniques can be brought to bear to get them to enter that password. But it really is an order of magnitude more difficult than for a Windows virus writer who can count on 95% of the recipients to be running with Administrator rights.
A change of analogies (Score:2, Insightful)
Re:Dead On (Score:5, Insightful)
That's beside the point of the article. The article wasn't blasting security on the Mac, it was pointing out that Mac's are susceptible to problems to. Doesn't the vulnerability of software running on a Mac constitute a security problem on the Mac? If I can get in does it matter if it's through the OS directly or through an application?
Yes, it does matter. A remote exploit available in the default install of an OS is what allows for a worm to propagate and is what makes plugging an unpatched Windows machine into a network suicide. Local vulnerabilities that don't even include a privilege escalation are a completely different severity. When those vulnerabilities further do not even have any payload that will affect OS X, well that is less of a threat as well.
The article was suggesting that Mac users need to be every bit as cautious as the "rest of us" on our Windows boxes. It was railing against the same type of thinking that causes parents to decide not to get their children vaccinated against things like measles because you never hear of measles cases anymore. Of course not! It's because we've been vaccinated! So Mac users: go get your booster shots.
Your analogy is flawed. How about if parents on the remote island of Wabbachucha don't go to the bother of flying to the mainland to get their kids vaccinated when their has never been a single reported case of measles on the island, while there have been a number of plane crashes flying to the mainland. Right now the mac neighborhood is in pretty good shape. By default the machines are relatively secure, and the architecture lends itself to containing and preventing security issues. It makes sense to be cautious and it makes sense to take precautions, but you have to have a reasonable threat assessment. If you have an 18 year old daughter living in Detroit, it might make sense for her to get a concealed pistol permit, especially if she goes out at night. On Wabbachucha, crime is so low the risk is greater that she will injure or kill herself than prevent harm to herself.
So far there have been no worms or viruses that have affected the mac. All vulnerabilities have been fixed before that becomes a problem. So far there have been two instances of virus scanning software for the mac that have had adverse affects and damaged files. Personally, I run ClamAV and LittleSnitch as well as some other useful precautions, but for the average user, they really are better off without these days. Mac users, don't get your booster shots until there is something in the syringe. Until there actually are viruses for the Mac propagating in the wild, don't risk installing possibly buggy virus scanners and certainly don't pay money for them.
Better than (Score:1, Insightful)
If you think you are better than anyone,
it means you are lower than everyone.
Re:Dead On (Score:3, Insightful)
Essentially, this whole herd immunity thing is going to exist on OSX until it becomes an issue. There was nothing that the Native Americans could have done to prepare themselves for smallpox, except wait for it to come. In the same way, there's nothing that OSX can do to reasonably protect themselves now.
Re:Dead On (Score:5, Insightful)
After all, you'd vaccinate your kids right? Funny... I didn't ever get hepatitis or rabies vaccinations until I travelled to places where I could actually GET those diseases.
Everybody should be conscious of security concerns if their computers are hooked up to the Internet. But that doesn't mean you have to live in fear. I'll install a virus scanner on my Mac when there's an actual need for it. In the meantime I'm quite happy that there IS no need for it. I chuckle a little bit too when all the PCs go down to a virus and my Mac's only problem is that the network is slow because of all the infection traffic. I expect Linux users do the same.
Social engineering attacks will always be with us. (Score:3, Insightful)
Re:the camping tent allegory (Score:3, Insightful)
That logic isn't valid. If I was going to break into a tent I'd break into the one with the lock, there is something worth protecting in it.
The moral? Security issues are very complex.
Re:Dead On (Score:3, Insightful)
And that's where the article is wrong. Mac user's aren't as threatened so they don't have to be as cautious. Here's an analogy for you; a guy crossing a high-wire has to be extremely careful each and every step of the way, one small misstep and he could plunge to his death. Another guy walking down the sidewalk doesn't need to be anywhere near as careful, he could still step into a open manhole or in front of a truck but the odds of it happening are very slim and so he doesn't require the same level of care.
There have been numerous incidences where a Windows user gets infected by simply viewing a web site or email. That simply doesn't happen to OS X users. It's true it theoretically could happen but theoretically I could get wacked in the head by a meteor the next time I walk out the door -- but I'm not going to worry about it.
When Mac OS X viruses start being found in the wild, then I'll start worrying about it.
Re:Name ONE (Score:3, Insightful)
Re:MacOS X itself? (Score:2, Insightful)
As a wise man once said, "There is no step function between 'safe' and 'unsafe'."
We've got tens of thousands of known Windows exploits in the wild, and you've just found maybe one for the Mac, and you're claiming there's therefore no difference in the relative perfection of their two security systems?
So I guess we could have a bunch of crackheaded drug addicts engaging in unprotected sex while rolling around naked in a garbage-strewn back alley littered with rusty used needles and leaking bags of infectuous medical waste, but you'd say (in response to our suggestion that the back-alley sex might not be such a good idea from a health safety perspective) that: since chaste, reclusive people can get sick too, there's NO SUCH THING as a perfectly healthy lifestyle. "Period."