A few days ago, I posited a few simple reasons that Apple's Mac OS X was inherently more secure than Windows. It appears that this touched off a firestorm, with a summarization of that post garnering over 3500 diggs, and trackbacks coming in from all over the globe. It was even summarized in Portuguese.
I've been reading a few of the thousands of comments on links to that post on various sites, and have seen more than a few folks take issue with my observations and Apple in general. These statements seem to fall into a few common themes:
Real hackers are in it for the money, not the glory. That's why there aren't any widespread OS X viruses.
Due to that fact, the installed base is too small to garner attention.
Apple users are generally young hipsters that use Macs due to the counter-culture marketing.
Apple hardware costs too much.
Mac OS X is a "toy" OS.
Microsoft actually did reinvent Windows with NT/2000.
There are more, but let's look at these six for now.
Real hackers are in it for the money, not the glory. That's why there aren't any widespread OS X viruses.There's definitely truth to this statement. Botnets are moneymakers, and all botnets are comprised of Windows systems. Writing code that would attempt to hijack Macs wouldn't be worth the time. But then, that's not the only way to make money from malicious code. Tons of spyware and malware are written simply to advertise to the user. Bonzi Buddy, et al, are just vehicles to land ads on the users' desktop, and there's plenty of money to be made there.
Now, let's combine this claim with the "Apple users are hipsters" and "Apple hardware costs too much". If virus writers are in it for the money, and all that money comes from advertising in one form or another, then landing malware on OS X would deliver the perfect demographic to many advertisers. If you could guarantee that young hipster, counter-culture computer users with too much money would be seeing these ads, you'd have advertisers at your door with wheelbarrows full of hundred-dollar bills. Given that fact, it must not be worth the effort required to compromise OS X, at least for now.
On the flipside to this argument, there are thousands of examples of malicious code targeting Windows systems that cannot be monetized. I'd love to know how anyone besides the anti-virus companies are making any money from the ANI vulnerabilities flying around.
The installed base is too small to garner attention.I started off that post remarking about the new "virus" for iPods running linux. Enough said.
Mac OS X is a "toy" OS.I never really understood this one. Can someone please enlighten me?
Microsoft actually did reinvent Windows with NT/2000.Indeed, the base of NT/2000/XP is light-years ahead of the Win95 base, and by officially killing off the older codebase, they've made huge strides in security. However, the code sharing between the two is deep in order to ensure backwards-compatibility. This is how we wound up with kernel-level printer drivers, no concept of privilege escalation, and arbitrary code execution vulnerabilities on Windows 2000/XP. This is mitigated somewhat in Vista with UAC, since it prompts for everything, but that's closing the barn doors well after the horse is gone. Enough people will disable this annoyance to render it mostly toothless.
Don't be fooled -- wowexec will be with us for a long time, and with it, the ghosts of hackers past.
No "real" admins use MacsI've been seeing "real" admins flocking to OS X for the past few years, myself included. Over at NOTN, I posted about a recent skirmish I had with a corrupt bootflash on a redundant Cisco 6509 supervisor blade. Note the screenshot is of my MacBook Pro. I write tons of code on my MacBook, administer Windows, Linux, FreeBSD, and Solaris systems, do high-level network construction and configuration, and constantly run lab tests from this system. This week I engineered an datacenter relocation to a new building armed only with my MacBook Pro and a Dell D800 running Fedora Core 6. If that's not "real" geekery, I don't know what is.
My reasons for using OS X have nothing to do with marketing. As soon as it stops meeting my needs, I will move on to something that does. My reasons are more substantial than "it's just so cool and refined": Instant-wake from sleep, a native POSIX OS, native X11, vim, perl, php, MySQL, Apache, high performance, minimal security worries, a plethora of OSS applications, all running seamlessly with Photoshop and Microsoft Office, all without a sizable performance penalty from anti-virus software. Why wouldn't I use it? My big workstations are Linux, my laptops and DAWs are OS X. It's a mix I find to be constantly available, reliable and powerful enough to handle what I can throw at it. Computers are tools, after all.
I'll be getting into this debate more in the coming weeks, so stay tuned.