November 27, 2006 4:55 PM PST
Security from A to Z: OS X
According to Apple Computer's ad campaign, it goes a little something like this:
PC: Achoo!... I have that virus that's going around... You better stay back: this one's a doozey... Last year there were 114,000 known viruses for PCs...
Mac: For PCs, not Macs... I run Mac OS X so I don't have to worry about all your spyware and viruses...
Since 2001, Apple has been selling Mac OS X. The operating system had its first official release in March 2001 (as "Cheetah"), followed by four updates: "Puma" in September 2001; "Jaguar" in August 2002; "Panther" in October 2003; and "Tiger" in April 2005. The next big cat to leap out of CEO Steve Jobs' bag of tricks is "Leopard," due around New Year.
Apple's marketing for the Mac relies on heavy boasting around its security credentials, coupled with low-level sniping at Microsoft's expense.
The blurb on Apple's Web site is typical of its message: "Mac OS X was designed with security in mind. Windows just wasn't built to bear the onslaught of attacks it suffers every day. A Mac offers a built-in firewall, doesn't advertise its existence on the Net and isn't compromised within an hour of being turned on."
It adds that OS X has "a superior Unix foundation"--superior, that is, to Microsoft's glitch-ridden Windows operating system. Windows, when connected to the Net using factory settings, is "like leaving your front door wide open with your valuables out on the coffee table, " the Mac maker says. But Apple would say that--right?
Yet Apple's marketing message has more than a grain of truth, according to Silicon.com columnist Seb Janacek. Writing about the state of OS X security last summer, he quoted a product manager from security company Sophos as saying: "The technical challenges of producing malware for the OS X operating system are more difficult than for Windows. Both Mac OS X and Linux are much more secure than Windows... You would have to be genuinely clever to write an OS X virus and most virus writers are not."
A more recent airing of this view came from the writer of a proof-of-concept piece of Mac malicious software, which reportedly contained the message "so many problems for so little code."
Another feather in the OS X security cap is the fact that users are not logged on as the root user, effectively isolating the amount of damage an attacker can do. Meanwhile, says Janacek, the OS' Unix core has "been lovingly audited by the devoted open source community for years."
However, early this year, the Mac community was rocked by the claim that the first virus to target OS X had been found in the wild. The virus, known as "Leap.A," spread via Apple's iChat IM client. A proof-of-concept piece of OS X malicious software followed, along with the discovery of a serious flaw in the operating system. Predictions of the beginning of the end for Macs' security "immunity" duly followed.
The argument frequently used as a stick to beat the Mac faithful--or to whip them up into a frenzy--is that as long as Macs are in the minority, virus writers can't be bothered to turn their firepower on them. Instead, they'll target Windows PCs, since they are so popular. But as Apple grows market share in the PC market, the argument goes, Mac users should expect to see more malicious software.
Natasha Lomas reported for Silicon.com in London.
4 commentsJoin the conversation! Add your comment