“Is the Mac Really More Secure than Windows?” - Ugh
On February 6, 2007, eSecurity Planet ran an article on their site titled “Is the Mac Really More Secure than Windows?”
Right off the bat, I want to beg the reader’s forgiveness for the harsh tone of this post.
Here’s the deal. I really, really hate articles like this for several reasons:
- The question, in it’s very essence, is meaningless. How on earth can any reasonable person hope to answer that question. Asking “is Mac more secure than Windows” is about as meaningful a question as, “is my watch easier to read than yours?”
- Because of the senselessness of such questions, it makes me sad to see someone who is a “20-year veteran of IT security” actually trying to address it.
- Putting 2 and 3 together, the article, in my mind, discredits Ken van Wyk (the author), eSecurity Planet, and gives security professionals a bad name in general.
Now, I’m not saying Ken van Wyk is not a bright guy, but reading the article, I sense that he is dancing around the elephant in the room. IE, there is no reasonable way to answer the question he’s writing about.
He starts by trying to clarify his assertion that he is more secure on Mac because of his familiarity with the platform. This clarification leads to the conclusion that what he’s about to say may not apply to someone (or anyone for that matter) else. Reasonable, valid, and I’ll touch on this more in a minute.
But then he goes on to, IMHO, arbitrarily select a few feature differences between the platforms and then, gasp, assigns what appear to be completely arbitrary scores to each platform based on those differences with respect to which implements a feature in a more secure manner.
I don’t want to get into this article too much, because most of it is absurd on it’s face, but I want to draw the reader’s attention to one point Ken did make, and to which I agree.
Let’s take a quick look at what I believe is the only substantive statement that Ken makes:
“For starters, please note that I didn’t say that OS X (Tiger) is more secure than Windows (XP, Vista, or otherwise). No, that’s not at all what I said. I said I’m more secure on a Mac, and I truly believe it.”
The last part of that paragraph touches on why the entire debate is completely absurd…
“… I’m more secure on a Mac, and I truly believe it.”
Define security.
Do that and you see the complexity of answering this question.
As an employee of my particular organization, I say I’m infinitely more secure on a Windows box than a Mac box. “Why,” you ask? Because my Windows box implements and complies with my corporate information security policy, and a Mac box does not.
You must define what security is in order to evaluate which platform is more secure.
So, I’ll give Ken credit for clarifying that he is more secure on Mac than Windows, but reader be warned. You must develop your own “security policy” before you can begin to explore which platform you are going to stand behind.
And once you choose, don’t try to assert that that your conclusion is what I need, because there is good reason to believe that it isn’t.
I call on all security professionals to bust out the “please define security before I answer that question” clause. Doing so not only increases credibility, but also helps alert the noob asking the question to the fact that, well, to the fact that he’s a noob for asking.
Bill Gross