November 27, 2006 4:55 PM PST

Security from A to Z: OS X

There are few tech rivalries that involve as much shameless mud-slinging as the "Mac versus PC" security show.

According to Apple Computer's ad campaign, it goes a little something like this:

PC: Achoo!... I have that virus that's going around... You better stay back: this one's a doozey... Last year there were 114,000 known viruses for PCs...

Mac: For PCs, not Macs... I run Mac OS X so I don't have to worry about all your spyware and viruses...

The A to Z of security
Read the first part in our rundown of hot security topics, from antivirus to zero-day threats.

Since 2001, Apple has been selling Mac OS X. The operating system had its first official release in March 2001 (as "Cheetah"), followed by four updates: "Puma" in September 2001; "Jaguar" in August 2002; "Panther" in October 2003; and "Tiger" in April 2005. The next big cat to leap out of CEO Steve Jobs' bag of tricks is "Leopard," due around New Year.

Apple's marketing for the Mac relies on heavy boasting around its security credentials, coupled with low-level sniping at Microsoft's expense.

The blurb on Apple's Web site is typical of its message: "Mac OS X was designed with security in mind. Windows just wasn't built to bear the onslaught of attacks it suffers every day. A Mac offers a built-in firewall, doesn't advertise its existence on the Net and isn't compromised within an hour of being turned on."

It adds that OS X has "a superior Unix foundation"--superior, that is, to Microsoft's glitch-ridden Windows operating system. Windows, when connected to the Net using factory settings, is "like leaving your front door wide open with your valuables out on the coffee table, " the Mac maker says. But Apple would say that--right?

Yet Apple's marketing message has more than a grain of truth, according to columnist Seb Janacek. Writing about the state of OS X security last summer, he quoted a product manager from security company Sophos as saying: "The technical challenges of producing malware for the OS X operating system are more difficult than for Windows. Both Mac OS X and Linux are much more secure than Windows... You would have to be genuinely clever to write an OS X virus and most virus writers are not."

A more recent airing of this view came from the writer of a proof-of-concept piece of Mac malicious software, which reportedly contained the message "so many problems for so little code."

Another feather in the OS X security cap is the fact that users are not logged on as the root user, effectively isolating the amount of damage an attacker can do. Meanwhile, says Janacek, the OS' Unix core has "been lovingly audited by the devoted open source community for years."

However, early this year, the Mac community was rocked by the claim that the first virus to target OS X had been found in the wild. The virus, known as "Leap.A," spread via Apple's iChat IM client. A proof-of-concept piece of OS X malicious software followed, along with the discovery of a serious flaw in the operating system. Predictions of the beginning of the end for Macs' security "immunity" duly followed.

The argument frequently used as a stick to beat the Mac faithful--or to whip them up into a frenzy--is that as long as Macs are in the minority, virus writers can't be bothered to turn their firepower on them. Instead, they'll target Windows PCs, since they are so popular. But as Apple grows market share in the PC market, the argument goes, Mac users should expect to see more malicious software.

Natasha Lomas reported for in London.

See more CNET content tagged:
Apple Mac OS X, malicious software, Apple Computer, Apple Macintosh, security


Join the conversation!
Add your comment
Leap-A is not a virus
Leap-A is not a true virus, in that it cannot spread from machine
to machine without human intervention.
Posted by Znatok (19 comments )
Reply Link Flag
all computers have vulnerabilities
Apple's marketing is as ruthless as Microsoft's but don't be fooled by the hype.

Apple software/hardware is great stuff but don't think for a second that it's immune to threats though it's far better than Windows (we'll see if that maintains after vista ships).

Up to WinXP, Microsoft's OS is more like a warm moist dark place where bacteria and viruses grow easily, naturally and freely. osX being Unix based, is more like a fridge with a UV light; bacteria and viruses can still grow, it's just a far harsher environment for them.
Posted by jabbotts (492 comments )
Reply Link Flag
Nothing is 100% safe, but so what?
It makes my blood boil when I see somebody (often a "security
expert") claim that while Windows isn't secure, the Mac isn't
100% secure either.

In the real world, and in cyberspace, security can never be 100%,
but you can have reasonably good security. With computers,
you've got basically two choices. Either you use Windows, but
make sure the system is quarantined, or you use another OS. It
doesn't matter what OS, as long as it isn't Windows you'll be
relatively safe, and that's the best you can ever hope for. After
all, even Fort Knox isn't 100% secure.
Posted by Macsaresafer (802 comments )
Reply Link Flag
A Virus has never been detected on my PC/I did have a Potentially UNWANTEDProgram(auto Dialer)..which I got the very first day I owned a PC..I have been Hacked or Attacked..once at AOL AIM-McAFEE immeadiately shut down my PC when I was about to OPEN a LINK inside of AIM..and on a second occassion there was a Phone Book type file LOADED into my Secondary EMAIL Box that slowed my PC to a crawl before I found took 2-Hours to DELETE all the names(more like User-Names)..a VIRUS has never been found/I SCAN my PC and also visit McAFEE for SCANNING..never have found a five years of PC-use..I do have some PC OS failures..after many hours(Days)of Running Software Programs and Burning DVD's..or visiting web-sites and SAVING Files from them will take a toll on my OS..needing the Re-Install..but these always happen in a expected manner.
Posted by castingRod47 (19 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.