{"id":134908,"date":"2015-08-15T08:00:41","date_gmt":"2015-08-15T06:00:41","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=134908"},"modified":"2015-08-14T15:19:08","modified_gmt":"2015-08-14T13:19:08","slug":"security-shootout-windows-10-vs-mac-os-x","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/134908-security-shootout-windows-10-vs-mac-os-x.html","title":{"rendered":"Security shootout: Windows 10 vs Mac OS X"},"content":{"rendered":"<p>During the 2000s, Apple ran a <a href=\"http:\/\/www.cnet.com\/au\/news\/im-a-macim-a-pc-ads-coming-to-an-end\/\">hugely successful advertising campaign<\/a> for its line of Macintosh desktop computers. The ads poked fun at some of the perceived bugbears of the Windows-based PCs of the era compared to the Mac.<\/p>\n<p>One recurring theme of these ads was the greater vulnerability of Microsoft\u2019s PCs to viruses.<\/p>\n<p>The perception that Macs are safer to use than PCs persists in some quarters to this day.<\/p>\n<p>But is it the case that Apple\u2019s latest <a href=\"http:\/\/www.apple.com\/au\/osx\/\">OS X Yosemite<\/a> is more secure than the newly-released <a href=\"http:\/\/www.microsoft.com\/en-au\/windows\/features\">Windows 10<\/a> from Microsoft?<\/p>\n<h3 class=\"my-4\">Security by obscurity<\/h3>\n<p>Whatever the technical vulnerabilities of the two systems, the historical lack of <a href=\"http:\/\/www.pcmag.com\/encyclopedia\/term\/46552\/malware\">malware<\/a> targeting Apple systems was at least in part due to Apple\u2019s own lack of market share.<\/p>\n<p>Definitive statistics for the market share of operating systems are hard to come by, but one useful estimate is available from the server traffic records of <a href=\"https:\/\/www.wikimedia.org\/\">Wikimedia<\/a> (the non-profit organisation that runs Wikipedia).<\/p>\n<p>In <a href=\"http:\/\/stats.wikimedia.org\/archive\/squid_reports\/2009-04\/SquidReportOperatingSystems.htm\">April 2009<\/a> (the earliest date from which records are readily available) nearly 90% of traffic came from computers running Windows, compared to only 6% for Mac. By <a href=\"http:\/\/stats.wikimedia.org\/archive\/squid_reports\/2015-06\/SquidReportOperatingSystems.htm\">July 2015<\/a> Windows had dropped to 41.7% and Mac to 5.4%.<\/p>\n<p>Most of the rest now comes from smartphones and tablets running Apple\u2019s iOS and Google\u2019s Android.<\/p>\n<p>So back in 2009, Windows represented a far larger target than Mac for profit-seeking virus and malware authors.<\/p>\n<p>While that is still the case today, the relative payoffs have changed substantially. Mac users <a href=\"http:\/\/www.forbes.com\/sites\/adriankingsleyhughes\/2012\/06\/26\/mac-users-have-money-to-spare-says-orbitz\/\">tend to be wealthier than average<\/a> and are likely to be more heavily concentrated in wealthier developed countries, which may attract <a href=\"https:\/\/usa.kaspersky.com\/internet-security-center\/threats\/mac#.VclxRvl9J2A\">malware authors to Macs<\/a>.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/GQb_Q8WRL_g\" width=\"630\" height=\"473\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<h3 class=\"my-4\">Hardening up<\/h3>\n<p>Over the years both Microsoft and Apple have taken many measures to reduce the risks from malware. Both devote considerable time and resources to removing security-related faults in their own software and preventing the introduction of new ones.<\/p>\n<p>Microsoft has disclosed information about its <a href=\"https:\/\/www.microsoft.com\/en-us\/sdl\/default.aspx\">Security Development Lifecycle<\/a>, both to encourage confidence and to promote the development of more secure software across the industry.<\/p>\n<p>Apple is much less forthcoming about the specifics of its internal security efforts.<\/p>\n<p>However, security bugs are still being discovered in released versions of both OS X and Windows on a regular basis. What has changed for the better is the ease and speed with which security fixes to software are distributed and installed.<\/p>\n<p>Microsoft\u2019s <a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/dn467923.aspx\">policy<\/a> relating to the disclosure of security flaws says it will publicly reveal a vulnerability, even without a fix, if it becomes aware the vulnerability is being exploited. Apple\u2019s <a href=\"https:\/\/www.apple.com\/au\/support\/security\/\">policy<\/a> is to never comment on security faults until they have been fixed.<\/p>\n<p>Both companies have also introduced a number of features that make it harder for bugs to be exploited to allow attackers to take control of systems.<\/p>\n<h3 class=\"my-4\">App stores and walled gardens<\/h3>\n<p>Perhaps the biggest change to the security of the two major desktop operating systems is through the combination of app stores, signed applications and \u201c<a href=\"http:\/\/www.howtogeek.com\/169139\/sandboxes-explained-how-theyre-already-protecting-you-and-how-to-sandbox-any-program\/\">sandboxing<\/a>\u201d. In combination, these features go a long way to make sure that the only software running on OS X or Windows is:<\/p>\n<ul>\n<li>written by an identifiable developer<\/li>\n<li>audited by Microsoft or Apple before being available from their app store<\/li>\n<li>\u201csandboxed\u201d so that it can only perform the actions it legitimately needs to, rather than having full access to everything on the system.<\/li>\n<\/ul>\n<p>Aside from the security implications, app stores have commercial implications. Only applications approved by Apple or Microsoft can be sold through them, and those companies take a cut of any sales.<\/p>\n<p>These walled gardens are of concern if you believe (as I do) in the \u201c<a href=\"http:\/\/www.economist.com\/node\/1176171\">freedom to tinker<\/a>\u201d.<\/p>\n<p>But they do significantly reduce both the potential for malware to make its way onto systems, and the harm such malware can do if they somehow get through.<\/p>\n<p>The technical details of the Windows and the OS X app stores and sandboxing models are slightly different to each other, although the end results are reasonably similar.<\/p>\n<p>But there is a straightforward way to bypass these protections: many users need the ability to run their older applications, so both operating systems provide mechanisms to install and run non-sandboxed code.<\/p>\n<p>Successful attacks on non-sandboxed applications leave the rest of the user\u2019s computer vulnerable.<\/p>\n<p>The existence of a mechanism to install and run any program downloaded from the internet also gives malware authors a \u201csocial engineering\u201d attack \u2013 in a nutshell, tricking users into running downloaded software that contains malware.<\/p>\n<p>Windows 10 has a new sandboxing model for corporate applications called <a href=\"http:\/\/blogs.windows.com\/business\/2015\/04\/21\/windows-10-security-innovations-at-rsa-device-guard-windows-hello-and-microsoft-passport\/\">Device Guard<\/a> that will make it harder for unauthorised applications to be executed.<\/p>\n<p>It is currently restricted to the Enterprise version of Windows 10 because its mechanisms for approving older applications to run are too unwieldy for home users.<\/p>\n<p>But, over time, some version of the Device Guard system will likely filter down to the home editions of Windows, making life more difficult for malware authors.<\/p>\n<h3 class=\"my-4\">The verdict<\/h3>\n<p>So which is the safer operating system to use? For what it\u2019s worth, I use both Windows and OS X (as well as Linux, Android and occasionally iOS), and I see no particular reason to choose between them on security grounds.<\/p>\n<p>I share the <a href=\"https:\/\/theconversation.com\/windows-10-is-not-really-free-you-are-paying-for-it-with-your-privacy-45593\">concerns of David Glance<\/a>, writing on The Conversation, about Windows 10\u2019s privacy policies, but that\u2019s not strictly a security issue.<\/p>\n<p>All operating systems are vulnerable to hackers, but the risks can be reduced if you adopt basic computer security measures. These include installing anti-malware software and installing operating system and application security updates promptly.<\/p>\n<p>And there are other risks you face regardless of the operating system you choose. <a href=\"https:\/\/www.yahoo.com\/tech\/whats-safer-from-hackers-a-pc-or-a-mac-126098613384.html\">Web browsers and plugins<\/a>, other applications and the security practices of the websites that you visit are agnostic to whether you\u2019re on Windows or Mac.<\/p>\n<ul>\n<li><a href=\"http:\/\/theconversation.com\/profiles\/robert-merkel-122890\">Robert Merkel<\/a> is Lecturer in Software Engineering at <a href=\"http:\/\/theconversation.com\/institutions\/monash-university\">Monash University<\/a>.<\/li>\n<li>This article was originally published on <a href=\"http:\/\/theconversation.com\">The Conversation<\/a>. Read the <a href=\"http:\/\/theconversation.com\/which-is-more-vulnerable-to-viruses-and-hackers-windows-10-or-mac-os-x-45762\">original article<\/a>.<\/li>\n<\/ul>\n<h3 class=\"my-4\">More on security<\/h3>\n<p><strong><a href=\"http:\/\/mybroadband.co.za\/news\/security\/134824-windows-pcs-infected-through-big-usb-security-flaw.html\">Windows PCs infected through big USB security flaw<\/a><\/strong><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/134372-unhackable-version-of-windows-being-developed.html\"><strong>Unhackable version of Windows being developed<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/133838-windows-10-launch-a-mostly-successful-mess.html\"><strong>Windows 10 launch a mostly-successful mess<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many people think Macs are safer than PCs. But is it the case that Apple\u2019s latest OS X Yosemite is more secure than the newly-released Windows 10 from Microsoft?<\/p>\n","protected":false},"author":340972,"featured_media":128596,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[605,35,2120,123,3198,463,26970],"class_list":["post-134908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-apple","tag-headline","tag-mac","tag-microsoft","tag-pc","tag-security-2","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/134908"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/340972"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=134908"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/134908\/revisions"}],"predecessor-version":[{"id":134924,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/134908\/revisions\/134924"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/128596"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=134908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=134908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=134908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}