# Windows vs Mac Security....



## Rostam The Grey (Dec 30, 2007)

OK, here it is... Macs are NOT more secure than Windows. If anything, I would think Windows is more secure. Not only does Microsoft do extensive testing and spend millions and months on it, but Vista has memory randomization, which means your system code jumps around in memory. The only reason so many flaws and bugs are found and noticed in Windows is because Windows holds 98% of the market. This means not only is it more beneficial to a hacker to hack Windows, because they will have more targets. They also have a better chance of finding a Windows system and finding someone who has failed to update their computer after a flaw is found. But the best thing about this is that flaws are found and fixed quickly. Meaning even if they exist, because of the usage, you wont be running with a hacker exploiting the flaw for years without you knowing. One of the first things you learn when studying computer science is that there is no such thing as bug-free code. Even if your code is bug free in a sandbox perfect world, hardware and other software can cause bugs in your code. This means that there will be flaws in your system, whether you are in the Mac world or Windows world. When the system gets soo complex, it's impossible not to have them. But I'd rather play on the system that spends more money testing, has greater usage so it gets better feedback, finds more flaws and fixes them because there is better usage, and is reasonably affordable. Not to mention Macs are a pain software wise because not every company makes a Mac version. For the price you pay for a Mac, I could easily buy a PC and a Video card to upgrade it to far surpass the Mac abilities....

PS: I could have posted a ton of articles about how a Windows system is better than a Mac. And then you would have posted a similar amount saying the exact opposite. This is because the 2 can easily be compared, one way or the other, against each other to win either way with minor tweaks. I didn't post articles, because it prooves nothing but the fact that someone out there thinks Windows is more secure. The fact is, you can't know how secure a system is until you find all the flaws. And as I said earlier, you'll never find all the flaws because there's no such thing as bug-free code. I'll take my chances with the better tested, more used code.


----------



## Swampwulf (Dec 31, 2007)

Yeah, cool, whatever...
I'll stick with the machine I've never had to install a piece of anti-virus software on simply to browse the internet or check my e-mail.

Enjoy your more 'secure and tested' code.

P.S. Yes, I run a Mac at home, but I am an A+ Certified Tech. I know MS based PCs at least as well as I know OSX based PCs. I just prefer to use a machine for my own online usage that isn't going to be infected with Virii and malware just sitting online and doing *nothing* unless you have an insanely tweaked firewall.


----------



## Rostam The Grey (Dec 31, 2007)

Swampwulf said:
			
		

> Yeah, cool, whatever...
> I'll stick with the machine I've never had to install a piece of anti-virus software on simply to browse the internet or check my e-mail.
> 
> Enjoy your more 'secure and tested' code.
> ...



If you're trying to say there's no such thing as a virus,worm, or trojan for a Mac... I'm gonna laugh when you get one...


----------



## Swampwulf (Dec 31, 2007)

No, there's been a couple of proof of concept Virii, several trojans, and I think that there might have been a worm hit a couple of dozen machine a few years ago, but I've never had anything hit my machine.
I guess that Apple *might* just spend a few dollars to keep their OS patched despite what seems to be an assumption on your part that they don't.

I *will* grant you that there are a lot of companies out there that don't write OSX versions of their software, and that can be annoying on occasion, but seeing as I'm not a gamer it's never affected me personally.
Pretty much everything else that I've needed to do I've found an equivalent piece of software.

*looks more than more than mildly surprised to hear that you don't run an antivirus and haven't gotten hit*


----------



## icehawk (Dec 31, 2007)

Rostam The Grey said:
			
		

> OK, here it is... Macs are NOT more secure than Windows. If anything, I would think Windows is more secure. Not only does Microsoft do extensive testing and spend millions and months on it, but Vista has memory randomization, which means your system code jumps around in memory.



Vista's ASLR is only randomized across 8 bits (and then only for properly compiled binaries), meaning an attacker has a 1/256 chance in hitting the correct memory address in a return to libc attack. Furthermore, the memory address is _only randomized once during boot_, meaning that an attacker only has to worry about the layout changing when the machine reboots. (Let's not forget that the default action in Vista is *suspend* and not shutdown.)

This is really moot, as exploits pale in the face of what you can get people to do by social engineering.



			
				Swampwulf said:
			
		

> No, there's been a couple of proof of concept Virii, several trojans, and I think that there might have been a worm hit a couple of dozen machine a few years ago, but I've never had anything hit my machine.



There was one a couple of months ago, but it was the normal 'click here to download a codec to view this porn' sort of a thing, and not an 'oh view this page while we have a piece of javascript that tries every IE exploit from the past six months on your browser' one.


----------



## ADF (Dec 31, 2007)

No operating system in existence is completely secure, nothing is unhackable, you would have to be pretty arrogant to think otherwise. Frankly I find the Mac mentality that they are immune to viruses as being dangerous, a false sense of immunity only makes you more vaulnable.

If someone wanted to they can make viruses for Mac, but they will get more machines for their effort targeting Windows.


----------



## Aden (Dec 31, 2007)

You'd think a bunch of hackers would be targeting Macs a lot more intensely because of how damn smug all of us Mac owners are, eh?


----------



## net-cat (Dec 31, 2007)

Why Mac and Linux will always be as insecure as Windows:



> Click here for free porn/penis enlargement/Playstation 3/laptop/whatever!
> 
> If something pops up asking for your password, you should enter it. You can trust us. We're really reputable and stuff. And we're giving you free stuff. If you don't do it, you can't get the free stuff!


----------



## Rostam The Grey (Dec 31, 2007)

Swampwulf said:
			
		

> No, there's been a couple of proof of concept Virii, several trojans, and I think that there might have been a worm hit a couple of dozen machine a few years ago, but I've never had anything hit my machine.
> I guess that Apple *might* just spend a few dollars to keep their OS patched despite what seems to be an assumption on your part that they don't.
> 
> I *will* grant you that there are a lot of companies out there that don't write OSX versions of their software, and that can be annoying on occasion, but seeing as I'm not a gamer it's never affected me personally.
> ...



I keep windows updated. Microsoft fixes the holes. The problems that pop up everywhere are from known exploits that people don't update to fix. Plus I don't click or view unsolicited email. But I also have a Masters Degree in Computer Science, I'm pretty confident I could fix any problems. I wouldn't recommend it to a client.


			
				icehawk said:
			
		

> Vista's ASLR is only randomized across 8 bits (and then only for properly compiled binaries), meaning an attacker has a 1/256 chance in hitting the correct memory address in a return to libc attack. Furthermore, the memory address is _only randomized once during boot_, meaning that an attacker only has to worry about the layout changing when the machine reboots. (Let's not forget that the default action in Vista is *suspend* and not shutdown.)
> 
> This is really moot, as exploits pale in the face of what you can get people to do by social engineering.



I didn't know that, I had just heard about the feature and thought it was neat. Still makes it harder to find though, which I'm for anything that makes it harder for someone to hack.



			
				Swampwulf said:
			
		

> I guess that Apple *might* just spend a few dollars to keep their OS patched despite what seems to be an assumption on your part that they don't.



Almost forgot. I'm not trying to say Apple is crap and they don't spend money on security. All I'm saying is the assumption that Mac is more secure than Windows because there's been less fuss made about it's flaws is wrong.


----------



## Ceceil Felias (Dec 31, 2007)

Windows is the prime target for exploits because of the vast popularity.

Though the whole virus-prone thing is a _tad_ overblown. I don't run a software firewall, but a basic broadband router and keeping with my updates does a whole lot towards keeping my system clean.

Now, if Windows vanished off the face of the earth and left OSX in its place, it'd be a day of serious hurting for the Apple folks after the hackers had a couple of days to move over (aside from the script kiddies, anyway), especially since (last I checked), their patches are quite laughable. Really. A little patch (10.4.10) shouldn't cause half of the Mac population to end up with their machines screwing up horribly and, at the worst, making popcorn on boot as I've seen firsthand.

If that isn't enough for you still? Just move to a Unix or Unix-based OS, where it takes an actual hacking attempt rather than a javascript exploit to screw up your computer... but that's if, assuming a new one takes the controls, the user doesn't screw it up firsthand. At least it's easier to fix! ;;


----------



## Ron Overdrive (Dec 31, 2007)

net-cat said:
			
		

> Why Mac and Linux will always be as insecure as Windows:
> 
> 
> 
> ...



Word.

The weakest link in any security will always be the end user.


----------



## Ceceil Felias (Dec 31, 2007)

Ron Overdrive said:
			
		

> net-cat said:
> 
> 
> 
> ...


The end user is always the problem in everything, unless they're competent enough that they can fix it themselves (in which case we never hear about it unless it was something spectacular and they wanted to either brag or get the info on how they did it out).


----------



## Aden (Dec 31, 2007)

Ceceil Felias said:
			
		

> Just move to a Unix or Unix-based OS, where it takes an actual hacking attempt rather than a javascript exploit to screw up your computer...



Fail.

/Hint: Mac OS is Unix-based.


----------



## Swampwulf (Dec 31, 2007)

ADF said:
			
		

> No operating system in existence is completely secure, nothing is unhackable, you would have to be pretty arrogant to think otherwise. Frankly I find the Mac mentality that they are immune to viruses as being dangerous, a false sense of immunity only makes you more vaulnable.
> 
> If someone wanted to they can make viruses for Mac, but they will get more machines for their effort targeting Windows.



*re-reads this thread to try and see where _anyone_ has said that Mac's are immune to viruses*

I think that the whole point of this discussion has been that they aren't immune, but no one, I repeat NO ONE has managed to create a Mac virus that has done any appreciable damage in the wild. (if you don't count Microsoft Word Macro Viruses of course)

I love rearing people say 'if someone wanted to create one' and leave it at that.
You honestly don't think that there are hackers/crackers/pimpsmacking code whackers out there that wouldn't *love* to build something that'd take the wind out of the sails of Apple and mac users everywhere?
I have no doubt that there are, but I have yet to see them manage to succeed in it.


			
				Rostam The Grey said:
			
		

> I keep windows updated. Microsoft fixes the holes. The problems that pop up everywhere are from known exploits that people don't update to fix. Plus I don't click or view unsolicited email. But I also have a Masters Degree in Computer Science, I'm pretty confident I could fix any problems. I wouldn't recommend it to a client.



I'll buy that.
It takes a Master's degree to make a Windows based PC do what a Mac will do out of the box by itself.


----------



## icehawk (Dec 31, 2007)

Ceceil Felias said:
			
		

> Really. A little patch (10.4.10) shouldn't cause half of the Mac population to end up with their machines screwing up horribly and, at the worst, making popcorn on boot as I've seen firsthand




When was this, since nobody out of the dozen or so people I've asked actually remembers any install problems with 10.4.10. The only thing that comes close was 10.4.11, when you had boot camp installed; but hey, beta.


----------



## crabby_the_frog (Dec 31, 2007)

And the point of the OP was...???


Well, I guess you ARE entitled to your opinions. I'll keep this in mind when I decide to lower my standards and pick up some piece of crap (it's called a PC after all, what did YOU think it stood for?) box from Future Shop or wherever you buy them nowadays.

I'd rather not have to go around installing random junk onto my computer JUST to keep other random junk from getting on my computer. But ya know, if you just use your computer for games then maybe you should just invest in some PC box and replace it every couple months when it breaks. Me, I'll stick to a good machine, thanks.


And PS: this probably should be put in rants and raves, as there's no linked sources to the OP's thoughts. You're not talking tech, you're talking opinion. KTHX.


----------



## ADF (Dec 31, 2007)

Swampwulf said:
			
		

> [snip]


But what is the point when 90%+ of people are on Windows? Who is going to get you the most ad revenue to infect and zombie? I have honestly never gotten a virus on my main computer in over half a decade and I don't pay for firewalls and antivirus software, I have been using a latop with no protection for over a week and have encountered nothing. The majority of the time it is the users fault rather than the operating system.

I look forward to the day someone smacks the MAC ego around with a few good trojans, the superiority complex some of them have is very irritating and needs to be taken down a notch. I hope Mac becomes a big and strong competitor to Microsoft just so they finally know what it is like to be in the spotlight to virus writers.


----------



## icehawk (Dec 31, 2007)

ADF said:
			
		

> I have honestly never gotten a virus on my main computer in over half a decade and I don't pay for firewalls and antivirus software, I have been using a latop with no protection for over a week and have encountered nothing. The majority of the time it is the users fault rather than the operating system.



I wouldn't be so sure about that. Most of the really nasty stuff doesn't make popups like "WARNING! YOUR COMPUTER IS INFECTED!" It just quietly sits there, talking with the rest of the botnet, possibly spamming, or contributing a modem's worth of traffic to a DDoS, maybe downloading a file from time to time updating itself.



			
				ADF said:
			
		

> I look forward to the day someone smacks the MAC ego around with a few good trojans, the superiority complex some of them have is very irritating and needs to be taken down a notch.



They're already out there. Google 'Zlob Macintosh'. Of course, to install this, you're going to have to go though the standard authentication dialog on install. Unlike windows, where you're pretty much screwed right after you double click.


----------



## ADF (Jan 1, 2008)

Like I said, user experience is a significant factor in the vaulnability of a computer. Something as simple as frequenting the right websites can considerbly reduce the risk, you are much more likely to become infected visiting marketing and porn sites than say FA.

Frankly I believe authentication dialogues are pointless if the user themselves cannot tell what is safe or not, the computer cannot take into account whether the user knows what software to trust or not. It is like those annoying 'are you sure?' popups in Vista (so no it isn't as simple as a double click), unless the user knows what is safe then they are simply a useless annoyance. A popup warning the software may not be safe won't do much if the user enticed with false promises.


----------



## Rostam The Grey (Jan 1, 2008)

crabby_the_frog said:
			
		

> And the point of the OP was...???
> 
> 
> Well, I guess you ARE entitled to your opinions. I'll keep this in mind when I decide to lower my standards and pick up some piece of crap (it's called a PC after all, what did YOU think it stood for?) box from Future Shop or wherever you buy them nowadays.
> ...



I thought the point was pretty obvious. Macs aren't more secure than Windows. And I've never *had* to replace a PC, I actually still have one that's something like 133mHz running Windows 98 I think? But it never gets used, hasn't been used much for a few years but it still runs. The computer that gets used the most in my house is 6 years old and my daughter uses it daily, and heavily. The only person ranting here is you...


			
				Swampwulf said:
			
		

> I'll buy that.
> It takes a Master's degree to make a Windows based PC do what a Mac will do out of the box by itself.



LOL.... just LOL.... I've seen 12 year olds upgrade a PC to better specs than a Mac. But like I said, I'm not saying PCs are better. I do prefer PCs because it's cheaper to get the same specs and any computer you buy will be outdated in 2 years anyways. So why spend the money on something when it will be harder to get what you want on it... I guess I just have too many reasons to stick with Windows, but also most of my clients are on Windows. Not to mention I'm cheap...


----------



## icehawk (Jan 1, 2008)

ADF said:
			
		

> Like I said, user experience is a significant factor in the vaulnability of a computer. Something as simple as frequenting the right websites can considerbly reduce the risk, you are much more likely to become infected visiting marketing and porn sites than say FA.



You might want to take a look at the sites that were affected again:



			
				eWeek said:
			
		

> Rogue anti-spyware software that pushes fraudulent PC scans has found its way onto DoubleClick and legitimate sites, including CNN, The Economist, The Huffington Post and the official site of the Philadelphia Phillies.



I pointed that out because the sites affected _weren't_ disreputable. The joke has always been 'Okay, so what porn site were visiting when you got infected?' but nowadays, with malware authors targeting places like DoubleClick, it's not just porn sites, but any site with a banner ad. 



			
				ADR said:
			
		

> Frankly I believe authentication dialogues are pointless if the user themselves cannot tell what is safe or not, the computer cannot take into account whether the user knows what software to trust or not. It is like those annoying 'are you sure?' popups in Vista (so no it isn't as simple as a double click), unless the user knows what is safe then they are simply a useless annoyance. A popup warning the software may not be safe won't do much if the user enticed with false promises.



The vast majority of people out there are still running windows XP, so for them it still is as simple as a double click. The popup warnings in Vista are a joke, the frequency completely dilutes any meaning the might have had, the fact that you call them annoying reinforces my point. Furthermore, it asks for privilege elevation when it's neither necessary or effective. I've had Vista present a UAC dialog because a file I was deleting was write locked by another process, where having administrator powers would be completely useless anyway. Meanwhile, on other operating systems, asking for superuser elevation isn't very common, usually only when installing software. (On the Mac at least, one doesn't go through a formal install process very often. Usually it's just 'Take this icon, and drag it into the /Applications folder')


----------



## ADF (Jan 1, 2008)

Icehawk where exactly are you going with this? :? You seem to have some sort of criticism for everything I say. My main computer has free protection software (Avast & ZoneAlarm) so I am not dumb enough to think I can go around unsecure. This isn't my laptop so I'm not directly avoiding putting security on it; just using it in a safe manner and at no point did I say Vista's stupid popup thing was useful, everyone knows how much Vista sucks.

I get the feeling this is all leading up to you getting across these are problems Windows has but Mac doesn't, frankly I have already said my piece on the Mac invulnerability mentality.


----------



## net-cat (Jan 1, 2008)

One thing I've noticed about the Mac invulnerability myth is that you can s/Mac/Linux/g, s/Mac/FreeBSD/g or even s/Mac/Win x64/g* and it mostly applies.

Of course, Linux, FreeBSD and Win x64 users don't generally have their heads up their asses about security. (Especially Win x64 users. They know it's only a matter of time before x64 catches on enough to become a target.)

[size=xx-small]* The stealth components of Windows malware are usually x86 kernel-mode drivers, which just don't work under x64. The payload executable, if they launch at all, are always tagged with a *32 because they're running WOW64. So, you can always tell which "svchost.exe" is the fake one.[/size]

Now, if you were really concerned about security, go with OpenBSD. They actually have a security record that's worth bragging about.


----------



## Swampwulf (Jan 1, 2008)

Rostam The Grey said:
			
		

> Swampwulf said:
> 
> 
> 
> ...



Thank you for keeping a sense of humor about my comments!
I honestly think we, when it gets down to brass tacks, agree on the subject.
No computer is innately better than another.
It all depends on what you need it to do.
OMG YES, it's so much easier to upgrade (most) Windows based hardware, but as I said before, I'm not a 'Gamer' and don't need a machine that is screaming fast.
I've got a nice Duo Core iMac, with BootCamp installed so I can run XP when I need to, but I find that most of the time I'm content just using my beat up old 12" 1Ghz G4 (PPC based) Powerbook. I've never run across a situation where I had to have a faster machine, but then I don't do any 'high power computing'. I surf, I e-mail, I chat, I use it as a word processor. There's no need for me to be able to render 5 kajillion pixels per microsecond, or crunch numbers to fast that I can project the weather for the next 5000 years by next week. *shrugs*

Thanks for bringing this up in a reasonable manner and not letting folks get your dander up.
I've actually learned quite a bit in the subsequent discussion.

peace,

Red


----------



## net-cat (Jan 1, 2008)

Never mind. Post not relevant. Delete please.

Why can't we use the delete feature? Doesn't this BB software support soft delete?


----------



## Biles (Feb 6, 2009)

*rubs his forehead and sighs*

Hmm, I wonder why Mac myths such as the virus issues still continue to roam free.


----------



## Eevee (Feb 6, 2009)

*rubs his forehead and sighs*

Hm, I wonder why people continue to think it's a good idea to post in threads over a year old.  Especially technology ones which are sorely outdated now.


----------



## Biles (Feb 6, 2009)

Well, it's rare that I make mistakes like these, I didn't pay attention to the dates this time. I for whatever odd reason thought that the last post was over a month old when I failed to look at the year.


----------



## Pi (Feb 6, 2009)

OH. I FAIL TO CHECK THE DATE

D:


Rostam The Grey said:


> OK, here it is... Macs are NOT more secure than Windows. If anything, I would think Windows is more secure.



Are you some kind of security expert?



> Not only does Microsoft do extensive testing and spend millions and months on it, but Vista has memory randomization, which means your system code jumps around in memory.



And you should look into the various methods to bypass this. Vista isn't the only OS with ASLR, either. OS X 10.5 has it (albeit in kind of a mangled fashion. For shame.)



> The only reason so many flaws and bugs are found and noticed in Windows is because Windows holds 98% of the market.



I would hardly be so arrogant to state that is the "only" reason. 

(snip)



> One of the first things you learn when studying computer science is that there is no such thing as bug-free code. Even if your code is bug free in a sandbox perfect world, hardware and other software can cause bugs in your code. This means that there will be flaws in your system, whether you are in the Mac world or Windows world. When the system gets soo complex, it's impossible not to have them.



"security is hard, why bother" great attitude, also completely wrong.



> But I'd rather play on the system that spends more money testing, has greater usage so it gets better feedback, finds more flaws and fixes them because there is better usage



ahahahaha



> , and is reasonably affordable. Not to mention Macs are a pain software wise because not every company makes a Mac version. For the price you pay for a Mac, I could easily buy a PC and a Video card to upgrade it to far surpass the Mac abilities....



So, really, it's because you're cheap/poor?



> PS: I could have posted a ton of articles about how a Windows system is better than a Mac. And then you would have posted a similar amount saying the exact opposite. This is because the 2 can easily be compared, one way or the other, against each other to win either way with minor tweaks.



oh ok



> I didn't post articles, because it prooves nothing but the fact that someone out there thinks Windows is more secure. The fact is, you can't know how secure a system is until you find all the flaws. And as I said earlier, you'll never find all the flaws because there's no such thing as bug-free code. I'll take my chances with the better tested, more used code.



So in conclusion, you said absolutely nothing beyond what we already know, mixed with some half-truths, non-truths, and tripe. Piss off.


----------



## lilEmber (Feb 6, 2009)

It's because of the SDK. Windows has theirs free now and it was always available for cheap, anyway.

Apple has only recently (or so I've heard) released theirs, though I honestly don't even know if it's released, or not; what the price is; and this isn't the only reason Windows has more bugs and viruses than Mac OS X.

Edit: Who the fuck keeps necroing these threads, and why aren't they banned yet?


----------



## Eevee (Feb 6, 2009)

NewfDraggie said:


> It's because of the SDK. Windows has theirs free now and it was always available for cheap, anyway.
> 
> Apple has only recently (or so I've heard) released theirs, though I honestly don't even know if it's released, or not; what the price is


what the hell are you even talking about

I'm not aware of a time when xcode _in its entirety_ has not been freely available.  christ, it comes on the damn disc.

meanwhile you have to pay Microsoft out the ass for anything but Visual Studio Gimp Edition


----------



## ArielMT (Feb 7, 2009)

If you must consult the necronomicon, such as the one at the bottom of the "Windows 7" thread, then please do not mis-click the words, lest you raise up the threads that have moved on.


----------



## net-cat (Feb 7, 2009)

Yeah...

Necromancy is bad, plz.


----------

