But, not being one to accept such claims from others without justification, I’d like to elaborate here why I believe this so passionately. The answers aren’t necessarily as simple as you might think. Here’s a brief rundown of the issues that I believe are most pertinent to my perception of security.
• Familiarity with security mechanisms One of the things that lured me over to OS X from Windows XP and Linux (but that’s another topic for discussion) is that under OS X’s pretty GUI lies BSD UNIX, for all intents and purposes. I’ve been using UNIX systems since the early 1980s and I’m very comfortable there, right down to understanding the underlying security mechanisms quite thoroughly.
By and large, OS X conforms to these established conventions. Familiar (to me) commands like chown, chmod, and such, work just as they do on UNIX systems.
During much of that time, Windows’ predecessors didn’t even have a security model (apart from read-only attributes on files). Things have improved in Windows, but the interface has always been awkward to me. I grew to understand and appreciate having an administrative user that could install programs and run the system, and a normal class of users who could run programs, for example.
Qualitative score: OS X gets a B+ while Windows gets a C-.
• Separation of data and executables In my familiar UNIX land, all programs are stored in areas of the file system that were outside of the control of users. Specifically, directories including /bin, /usr/bin, /usr/sbin, /usr/local/bin, and so on are where programs go. Users, on the other hand, login to their own directories, such as /home. Among other things, this makes various administrative tasks like backing up user data, system data, etc., well organized and easy to manage on UNIX systems.
Apple’s OS X extends the UNIX conventions by putting additional (mostly desktop) executables in the /Applications directory. All user data, however, resides in the /Users directory tree.
Several generations of Windows, on the other hand, have seen programs installing configuration data (e.g., .INI files) in /Windows or its equivalent. Program files have been stored in various places over time as well. Nowadays, many programs install in the /Program Files folder and user data is generally in the /Documents and Settings folder, but that’s not always adhered to.
Qualitative score: OS X gets a B+ while Windows gets a D-.
• Privilege management Pretty much from the start, UNIX has been a multi user system, whereas multi user functionality has been a retrofitted feature in the Windows family. OS X has a root user while modern Windows versions have an Administrator user for doing administrative tasks.
However, although both operating systems support these constructs, neither executes them particularly well. The default OS X desktop user has administrative privileges, for example. Admittedly, the root password is required whenever the user installs or removes a program in /Applications, but the default desktop user can still do way too much.
In Windows (at least up to XP SP2), things are no better. Indeed, many third party applications simply don’t work properly if the user is not an administrator. Older, so called “legacy” apps are even worse, since they were written to conform to older, now outdated, Windows security conventions.
Shame on both Apple and Microsoft for this! To have the ability to do it right and then squander it away is inexcusable.
Qualitative score: OS X gets a D+ while Windows gets a D-.
• Program management Here’s where OS X really shines. Apple has improved on UNIX in this area. Although the standard UNIX utilities are still in /bin, /usr/bin, and such, Apple apps and most third party apps install in /Applications. When installing or removing programs from /Applications, pretty much all app-specific files go in the application’s /Applications folder. Simply dragging the application’s /Applications folder to the trash (or to a network drive or a backup drive) is quite sufficient for uninstalling the application entirely. There are exceptions to this, but not many.
Windows, on the other hand, uses various program installers and uninstallers for the job. Programs install themselves mostly under /Program Files these days, but also touch innumerable registry keys and such. Removing applications thoroughly, such that no “residue” from the app exists on the system, is entirely up to the program’s uninstaller. It’s been my experience that there’s always residue left behind somewhere.
Qualitative score: OS X gets an A while Windows gets a C.
• Access controls I mentioned the UNIX-derived security mechanisms in OS X and the retrofitted ones in Windows. The related topic of access controls deserves special mention here, particularly in the context of default configurations.
OS X, as I also mentioned, installs the default desktop user with administrative privileges. This bothered me to my kernel when I first set up my Mac, so I went out of my way to turn that off. It turns out that it was quite easy to do, but requires a bit of care and feeding. Even though my desktop user no longer has admin privileges, whenever I install an app, I have to authenticate as root to the UNIX sudo utility so that the app can be written to /Applications.
This works great, but often results in an application that is owned by my desktop user. Any time I install an app, I have to go through /Applications with chown and relinquish ownership to the root user so that my desktop user (or a piece of malware) is not able to write to the application in question.
Windows, once again, shows its security-retrofitted roots here. Normal desktop users generally have far too much write-enabled access to a Windows installation, even if they do not have administrative privileges. (Ever try logging in without admin privileges and seeing if you can delete things in /Program Files or WINDOWS? You’ll be surprised – and you better have a good backup…)
Qualitative score: OS X gets a B- while Windows gets a D.
So, where am I going with all of this? Well, it’s clear to me that both operating systems have significant security weaknesses as well as strengths. The fact is that a user who wants to be secure can be reasonably secure on either system. And I didn’t even compare features like out-of-the-box firewalls and such—which both systems offer (as of SP2). On the other hand, neither is adequately secure in its default configuration.
With my UNIX familiarity, though, I was able to easily and quickly configure my OS X system to be pretty secure. It took me no more than 30 minutes to remove admin privileges from my desktop user and tighten down the file access permissions in the /Applications folder, for example, and keeping things clean and tidy isn’t tough either.
So, I’m comfortable in saying that I’m more secure on OS X than I ever was on Windows. When you also factor in the fact that nearly all the world’s existing malware is written for Windows systems, my comfort factor increases significantly. That all could change over night, of course, if the malware authors turn their attention to OS X, but even if they do, I for one am more comfortable with running a tight ship here on a UNIX-derived system than on Windows.