-1

For as long as i've been a computer geek there have always been Apple fanboys and girls stating that "Oh Macs are just more secure than Windows" yet they can never provide evidence for it and when they do what they are actually saying is that virus's aren't being made for Mac as often as Windows which doesn't automatically mean that OSX is a more secure system

Which got me thinking; is Mac OSX actually more secure than Windows? or is it a simple case of hackers want to cause as much damage as possible and therefore go after Windows as that's more widely dispensed in the globe

T Crumpen
  • 113
  • 3
  • 1
    Sorry but you may find this gets closed. It's an opinion based discussion and against the rules. What determines 'more secure' will vary based on the security goals of the user. – ISMSDEV Jul 18 '17 at 13:19
  • 2
    I don't think it's more opinion based than [this canonical answer](https://security.stackexchange.com/questions/4441/open-source-vs-closed-source-systems). Both systems have countermeasures against remote or local exploitation. They can be discussed while being impartial. – A. Hersean Jul 18 '17 at 13:25
  • 1
    I agree they can be discussed but the OP is asking is one more secure than the other. I don't see how that can be answered in a Q and A format. – ISMSDEV Jul 18 '17 at 13:31
  • Although asking "is one more secure than the other" does leave the question open to opinion based answers you can still get facts in there, for example say for example Windows always had a glaring security hole since it's conception that the coders that eventually created Mac were aware of and coded their OS to not have that same exploit that's is an undeniable fact – T Crumpen Jul 18 '17 at 13:33
  • @A.Hersean that question is 6 years old, and asks for objective analysis – schroeder Jul 18 '17 at 13:48
  • potential duplicate: https://security.stackexchange.com/questions/100561/why-are-macs-more-secure – schroeder Jul 18 '17 at 13:49
  • macOS (the new name of OS X) has not been coded from scratch. It relies on Darwin, itself on FreeBSD which is a descendant of Unix OS released in 1961. Windows on its side is a descendant of MS-DOS, released in 1981, 20 years later. Even telling which one has been "created" before the other may not be such an "undeniable fact": it all depends which part of the OS you are actually studying as some part of macOS may be older than Windows and MS-DOS themselves. – WhiteWinterWolf Jul 18 '17 at 13:50
  • 2
    Possible duplicate of [Why are Macs more secure?](https://security.stackexchange.com/questions/100561/why-are-macs-more-secure) – WhiteWinterWolf Jul 18 '17 at 14:20

2 Answers2

4

Short answer: No

Long Answer:

Windows traditionally has the largest market share for educational, governmental, business and home users, it also has the largest attack surface for out of date & pirated installations (Pirated installs can not be updated from windows update servers, think Eternalblue exploit, WannaCry exploitation, PetYa, NotPetya etc ...) which is why Viruses are more prevalent there as this makes sense especially for Ransomware where the attacker wants the largest return on investment for their time.

OSX is not immune to these issues however and suffers from Thunderbolt2 ("dongle" infecting malware), DMA recovery of the FileVault2 keys etc as well as Malware which is actually tailored to OSX (OSX.Dok, OSX.Filecoder for example) also issues where the code signing certificates were stolen allowing malware authors to sign applications to appear as though they were official Apple applications.

So case and point with either OS is, if you click on a drive by download attack email link which has been crafted to support Windows or OSX then you are going to get compromised.

Your OS is only going to protect you so far as you practice "Safe Sec" (pun intended), read, understand and enact STIG (Security Technical Implementation Guides) for your chose OS, Ensure you are running AV, Firewall, Limit Administrative access to the system etc ...

For further reading I highly recommend this OSX Hardening guide https://github.com/drduh/macOS-Security-and-Privacy-Guide which covers a slew of issues with OSX out of the box and how to protect against them, for Windows you have sources such as https://blogs.windows.com/windowsexperience/2015/07/24/security-in-windows-10/ I do not have up to date experience in deploying & hardening a windows environment however.

Oneiroi
  • 260
  • 1
  • 7
2

More secure isn't an exact measure. The level of security depends on the threats you are trying to counter. If you surround yourself with an army of armed guards, you are pretty secure against some random stranger getting to you, but you open yourself up to being attacked by your guards for not paying them enough and working them too hard. This may seem like a silly example, but we see it regularly with military dictatorships that are overthrown by coups.

Computers are no different. Neither Windows, Mac, or even Unix is free of bugs. They all have issues that can be exploited to bypass their security model and do bad things. There are only a couple of mathematically proven bug free operating systems in existence and they are very limited and used on embedded controllers. Even those proven OSs aren't immune to the impacts of physical tampering that move them outside of their design constraints.

Windows is certainly more frequently exploited than Mac, but does that mean Mac is necessarily harder to compromise? Not really, Windows represents a much larger portion of the computer marketplace, particularly in both the business market (lots of money) and legacy market (poorly secured and patched old computers).

These two factors make Windows a preferable attack target. If you want to get as much money as you can from direct compromises, spending your time finding a compromise on Windows, even if it took 2-3 times more effort, would still be a better use of your time as you could compromise more businesses. Similarly, if you are trying to build out a bot net, the old and unpatched (and often pirated) legacy products used in much of the poorer parts of the world represent a greater potential for building botnets to send spam and sell other distributed black market services.

This doesn't mean that Windows is less secure though. Hardening is most effective by tempering against threats. Windows faces many more threats, but also has many more eyes looking for holes to fix. The chance of an undiscovered bug on Windows is lower than on Mac as there are more people looking for them.

It isn't that Mac is secure against being hacked. In fact, we still fairly regularly see compromises against Macs, particularly in the white hat community where it's a bit more balanced since financial gain from exploiting is not the goal.

It is true that historically Windows has taken more of a backwards compatible and user controlled experience which lead to an average Windows system being less secure due to aging technologies that were designed for usability rather than security, but for a number of generations of Windows now (at least since Vista), Microsoft realized that the security landscape had changed and that usability came at too high of a cost.

They have greatly hardened the security of Windows (at a cost to usability of a lot of older software) and with Windows 10 implemented forced updates for users to help counter the issue of the swarms of unpatched Windows bots in the wild. It wasn't that Microsoft was incapable of making a secure OS, but the threat landscape at the time favored usability over security (which would have necessarily broken older products that people still used.)

Apple, with their more tightly controlled ecosystem, was able to drop a lot of support more quickly to harden things and even was able to completely change the underlying basis of their OS on multiple occasions, where as the core Windows APIs have only really changed with major processor advances, and still maintained a high level of backwards compatibility.

So the short answer is no, Mac isn't meaningfully more secure than Windows. They have different threat models due to the differences between the size and type of their userbase, but both have similar types of holes and ways of being compromised. Neither is perfectly secure. Windows took an approach that favored usability on the usability/security spectrum in the past, but adapted as the threat landscape changed to make such behavior too risky to both individuals and the greater Internet as a whole.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110