Security expert: Mac OS X more vulnerable than Windows in some ways
As Apple's platform grows in popularity, its security deficiencies are becoming more glaring
Although Mac users are more likely to experience virus-free computing than Windows PC owners, there is nothing inherently more secure about Apple's operating system, and in certain respects Mac OS X is more vulnerable than Windows, a security expert tells Network World.
Chris Clymer, a consultant at SecureState, says the Mac's low market share still keeps it cleaner than Windows. But the recent "Mac Defender" attack illustrates the vulnerabilities in the platform, which is designed first and foremost for usability, rather than security.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
CHANGES: The complicated new face of personal computing
Mac vulnerabilities could be exposed more over time because of the growing popularity of iOS, Apple's OS for iPhones and iPads. Mac OS X and iOS are based on similar code and are expected to converge over the next few years, if not merge completely.
"I'm a Mac user and a big fan of the platform, but there's nothing inherent about the platform that makes it more difficult to attack," says Clymer, who advises businesses on security risk. "There's actually a lot of things that have not necessarily been developed as well as on the Microsoft platform. It's probably more vulnerable in many ways."
Market share trackers typically show Windows powering 80 to 90 percent of desktops and laptops, with Mac OS in the 6 to 8 percent range.
There has long been debate over whether Macs are inherently more secure than Windows, or simply not attacked as often because of lower market share. Many Mac users don't even run antivirus software, even though free antivirus tools can be installed from the likes of Sophos.
Macs give an impression of greater security by requiring users to type in a password before almost any changes are made to the system. But that's not foolproof, and attacks generally occur through social engineering methods designed to convince users to give up personal information, as well as browser-based exploits that may not even compromise the operating system itself.
A JavaScript keylogger running in the browser could steal your banking credentials without targeting the OS, for example, Clymer says.
Google Chrome, at least, has sandboxing that makes it difficult for attacks to move from the browser to the host operating system, Clymer says. But Safari, the default browser on Macs, is traditionally "not the greatest" in terms of security, he says.
