Mac vs. Linux: Which is More Secure?
A feature-by-feature comparison of the two OSes, with a highly subjective conclusion as to which is better.
To that, Ill say Im marginally more secure on Linux than on a Mac, but I prefer a Mac anyway. I can almost see my inbox filling with flames from you penguin lovers everywhere, but let me explain my opinion.
First, though, Ill again caveat these opinions by saying that Im not saying Linux is or isnt more secure than Apples OS X. Im saying that Im marginally more secure on Linux than on a Mac. Heres why.
|Is the Mac Really More Secure than Windows?
Web 2.0 Security: Application Scanners
Spam Bust: The Lessons of Yesmail
Pirated Vista, Office 2007 Already on The 'Net
True to UNIX This may seem peculiar to many of you, but I find Linuxs security controls to be more true to the UNIX model they were patterned after. OS X, on the other hand, started with the UNIX model, but then diverged rather substantially.
The notion of root and even of the desktop users identity and security capabilities, for example, is completely different. The default desktop user, as I pointed out last month, has administrative privileges, but is not root per se. Its just different.
To someone (like me) who is familiar with the UNIX security controls, this requires learning and adapting to the security extensions. In practice, I found myself configuring my OS X desktop environment to be more like a UNIX/Linux one, in that all my installed applications are owned by the real root user, for example, and that my desktop user identity has no super powers at all.
None of this was necessary on Linux, on the other hand, as everything that it does (at least at a user level) adheres to the established practices in UNIX. Thus, compartmenting files, users, data, etc., between the administrators and users is quite simple and entirely open to view, modify, and such.
Qualitative score: OS X gets a B- while Linux gets an A-.
Obfuscation by GUI-ization In a similar vein, many of the security and connectivity details are obfuscated from the users view in OS X. Although this no doubt enhances its ease of use, it also degrades its ability to fine tune.
User account management is again an example here. The Accounts settings in the OS X Systems Preferences application allows the administrator to create, modify, or remove user accounts (which never show up in the /etc/passwd file, by the way), but the security controls are minimal. Essentially, an account can be designated as either a standard user or as an administrator.
Well, to be fair, the administrator can also control various parental controls that control which desktop applications a user can execute, but thats about it.
Underneath that GUI exterior lies the normal security controls, including file access controls and such, of a normal UNIX system. You have to push aside the GUI to get to those things, though. (At least, as far as Ive been able to tell.)
Qualitative score: OS X gets a C while Linux gets an A.
User data confidentiality All of this UNIX obfuscation aside, OS X does have a nifty feature for protecting a users data files. Its called FileVault, and it can be (optionally) enabled via the System Preferences app.
Basically, what FileVault does is it encrypts all of the users files using a symmetric encryption method. This helps protect the confidentiality of the data and reduces the disclosure, for example, of the data on a lost or stolen laptop.
My only confusion here is why Apple chose to make this an optional feature rather than an opt-out one. Perhaps its due to the performance hit that you get when you encrypt all your data.
Admittedly, there are a lot of data encryption options available to a desktop Linux user, but none seem to me to be as simple (or included by default) as FileVault.
Qualitative score: OS X gets an A- while Linux gets a D.