Wednesday, February 17, 2010

Snow Leopard Security vs 7ista Security:
What debate?

My attention was drawn today to a blog entry over at MacDailyNews that summarized an article comparing Snow Leopard security to 7ista (aka Windows 7) security. I was hoping for something rip roaring and insightful. Instead I found the source article to be essentially worthless and trivial. Ho hum.

HERE is the source article, entitled "Windows 7 vs. Snow Leopard: Which is More Secure?", published at the Datamation site.

Below is my critique of the article, as posted today at MacDailyNews:
If author Kevin van Wyk had extensive experience with computer security, this article might have been of interest. Unfortunately, the article is incomplete, contains some significant errors and entirely skipped obvious security concerns:

1) He sez: "Neither operating system includes anti-virus protection by default."

Bullshite. 10.6 has a malware detection system running by default with signatures for some Trojans. However, it is fair to say that this is an extremely limited and immature anti-malware system. Hopefully Apple will pursue it further in the future. Mac OS X Server has incorporated ClamAV for many years. It would be good to see it moved into the client version as well. However, it must be noted that getting Mac OS X malware signatures incorporated into ClamAV is extremely difficult, partly due to the anti-Mac culture over at the project site. Thankfully, the author of ClamXav for Mac has made some headway in this respect.

2) He sez: "Neither system is immune to viruses, and we certainly have plenty of examples of this fact."

Bullshite. There never have been ANY viruses for Mac OS X, period. There are, however, Trojan horse malware for Mac OS X, all of which require LUSER behavior in order to be installed. Most likely Mr. van Wyk simply does not know proper malware terminology. BTW: There are currently 21 known Trojans for Mac OS X compared to 100s of thousands of various malware for Windows.

3) He entirely skipped the security history of both operating systems. Windows 7 has been cracked from out in the wild several times at this point. Mac OS X has never been cracked from out in the wild without user assisted sabotage. Plus there is the fact that Windows in general has over 10,000x more malware of all varieties than Mac OS X. (That simple fact blows the 'security via obscurity' myth to hell. It also indicates that Mac OS X is by nature profoundly more secure than any Windows system).

4) The article ends on a pointlessly wimpy note: "I remain a firm believer that I’m safer on Snow Leopard than I would be on Windows 7."

No one has to 'believe' Mac OS X is the safer. The facts prove Mac OS X is vastly safer than Windows 7.

5) He completely left out security dangers caused by non-system software. On Apple's side this includes Safari and most of all QuickTime. On the Windows side this includes Internet Explorer, well known to be the single worst web browser on the market, as well as ActiveX and JScript, both of which are wide open security holes begging for hackers and crackers to enter any Windows machine. Microsoft also deliberately provide only an archaic and hobbled version of Java as a retaliation against their losing their J++ abomination lawsuit from Sun Microsystems. Whereas, Apple provide a much more up-to-date and secure version of Java.

6) He left out the fact that Windows 7 does have superior memory address protection (Address Space Layout Randomization, ASLR) over Mac OS X 10.6, which helps fend off some buffer overrun system pwning. Hopefully Apple will take memory address protection more seriously in 10.7.