Story goes like this: The hacker who successfully broke into a Mac at a hacker’s conference some time ago has tested Snow Leopard against WIndows 7, and accuses the Mac OS as being “less secure” than Microsoft’s Vista upgrade.
Charlie Miller is one of the team from Independent Security Evaluators who successfully "pwned and owned" an Apple MacBook Air, in a hacking contest sponsored by TippingPoint’s Zero Day Initiative.
Miller tells Computerworld that Address Space Layout Randomization (ASLR) is “less developed” in Snow Leopard. Then his argument gets – to our eyes – a little ridiculous. We stand to be corrected, of course.
“Snow Leopard’s more secure than Leopard, but it’s not as secure as Vista or Windows 7. When Apple has both [in place], that’s when I’ll stop complaining about Apple’s security," Miller says. “It’s harder to write exploits for Windows than the Mac, but all you see are Windows exploits. That’s because if [attackers] can hit 90% of the machines out there, that’s all [they’ll] do. It’s not worth [them] nearly doubling [their] work just to get that last 10%."
Harder to write exploits for Windows than the Mac? Sorry, we don’t buy it. Mac is Unix-based, hence its robust nature. Windows isn’t – and why would Microsoft want to put all those security company’s out of business?
Without skipping a beat, Miller does say, “I still think you’re pretty safe on a Mac.”
In the ten years of writing about this stuff, I’ve lost count of the number of times dire Mac security warnings have been propagated by security and anti-virus vendors. Six years on since the sabre-rattling became more intense, and there’s still been no serious remote exploits that haven’t then been quickly fixed.
Sure, the danger’s always there – you can’t be blind to security threats and need to stay aware and up-to-date – but the fact remains, despite these regular FUD reports, chiefly emanating from Windows-friendly sources, the Mac platform remains more secure. And we don’t buy that to be solely because of its smaller market share – after all, we know there’s plenty of Apple haterz out there.
FTC: We use income earning auto affiliate links. More.