Access controls I mentioned the UNIX-derived security mechanisms in OS X and the retrofitted ones in Windows. The related topic of access controls deserves special mention here, particularly in the context of default configurations.

Recent Alignment Articles
Tracking The Malware Battle

Web 2.0 Security: Application Scanners

Spam Bust: The Lessons of Yesmail

Pirated Vista, Office 2007 Already on The 'Net

FREE IT Management Newsletters

OS X, as I also mentioned, installs the default desktop user with administrative privileges. This bothered me to my kernel when I first set up my Mac, so I went out of my way to turn that off. It turns out that it was quite easy to do, but requires a bit of care and feeding. Even though my desktop user no longer has admin privileges, whenever I install an app, I have to authenticate as root to the UNIX sudo utility so that the app can be written to /Applications.

This works great, but often results in an application that is owned by my desktop user. Any time I install an app, I have to go through /Applications with chown and relinquish ownership to the root user so that my desktop user (or a piece of malware) is not able to write to the application in question.

Windows, once again, shows its security-retrofitted roots here. Normal desktop users generally have far too much write-enabled access to a Windows installation, even if they do not have administrative privileges. (Ever try logging in without admin privileges and seeing if you can delete things in /Program Files or WINDOWS? You’ll be surprised – and you better have a good backup…)

Qualitative score: OS X gets a B- while Windows gets a D.

Malware Percentage

So, where am I going with all of this? Well, it’s clear to me that both operating systems have significant security weaknesses as well as strengths. The fact is that a user who wants to be secure can be reasonably secure on either system. And I didn’t even compare features like out-of-the-box firewalls and such—which both systems offer (as of SP2). On the other hand, neither is adequately secure in its default configuration.

With my UNIX familiarity, though, I was able to easily and quickly configure my OS X system to be pretty secure. It took me no more than 30 minutes to remove admin privileges from my desktop user and tighten down the file access permissions in the /Applications folder, for example, and keeping things clean and tidy isn’t tough either.

So, I’m comfortable in saying that I’m more secure on OS X than I ever was on Windows. When you also factor in the fact that nearly all the world’s existing malware is written for Windows systems, my comfort factor increases significantly. That all could change over night, of course, if the malware authors turn their attention to OS X, but even if they do, I for one am more comfortable with running a tight ship here on a UNIX-derived system than on Windows.