Apple’s Snow Leopard Is Less Secure Than Windows, But Safer

Apple users have less protection from viruses and malicious software than Windows users do. But they’re still safer, security experts agree, because so few malware programs target the Mac.

Apple’s new Snow Leopard operating system, which landed in stores Friday, adds a few security enhancements to protect Mac users from malware. But like previous versions of the Mac OS, Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, such as a firewall, //// TK and TK ////. That makes Macs more vulnerable to attack, explained Charlie Miller, a security researcher and author of the book The Mac Hacker’s Handbook.

But despite its weaknesses, Mac users have no reason to panic — yet. Apple’s PC marketshare is still roughly only about 10 percent, giving hackers and malicious software coders very little economic incentive to target the Mac.

In short, Mac users are ducking behind a short wall — but as long as the enemy is firing in another direction, they’re not in grave danger.

“If you’re a bad guy and you’re doing this to make money … you don’t want to spend 90 percent of your time on Windows and 10 percent on Mac,” Miller said in a phone interview. “You’re going to want to spend 100 percent of your time on Windows.”

The security debate has long raged between Mac and Windows fans. Apple has actively fostered this feud, marketing its Mac software as superior with security. In a memorable TV ad, actor Justin Long, who personifies the Mac, teases “PC” actor John Hodgman for being more vulnerable to catching viruses.

Mac owners’ smugness may not last forever. As Apple slowly expands its marketshare, it is gradually becoming a bigger target for attack. Two years ago there were zero pieces of malware targeting the Mac platform, and in the past year, there were a few hundred, according to John Viega, a security researcher and author of the book The Myths of Security.

Those hundreds of pieces of malware are small compared to the 1.8 million total pieces of malware discovered last year, but it would be unfair to compare these numbers directly, Viega said. He noted that because so few Mac users are running anti-virus software, there’s far less need for malicious coders to create hundreds of different variants of the same attack, as they do for Windows.

In Snow Leopard, Apple has added several security enhancements including Executive Disable, which prevents memory-corruption attacks, and some anti-virus detection. Apple also added hardware-enforced Data Execution Prevention, which defends against buffer-overflow attacks — a major security feature that Windows has had for years, Miller said.

However, the anti-virus function in Snow Leopard only blacklists the most common pieces of malware, so it’s not a complete anti-virus system, Viega said.

Also, Apple still must fully implement Address Space Layout Randomization, a security technique that makes data more difficult for malicious code to target, according to Miller. Apple has only just started with this technique by moving to 64-bit addressing in Snow Leopard, Miller said.

“”I think that Apple is pointed in the right direction,” Viega said. “They care about getting security right. It’s just that they are much farther behind the rest of the industry because they got a late start, and they have a little bit of a disconnect in their marketing department, who wants to brag about their great security.”

“Their good track record is more a matter of luck in small market share,” Viega added. “As their market share continues to grow, they’re only going to become a bigger and bigger target.”

When discussing security, another issue to consider is that the landscape of internet threats has evolved over the years to be less platform-centric, said Leander Kahney, owner of the Cult of Mac blog and former news editor of Wired.com. Phishing, for example, is a security threat that involves tricking the user into handing over personal information.

“It’s a different kind of criminal activity,” Kahney said in a phone interview. “There’s going to be exploits where they try to steal people’s passwords, identities or credit-card numbers. The kinds of attacks you can get through a web site or an e-mail are not platform specific.”

What will make the Mac OS just as secure and safer than Windows? Miller said all Apple has to do is finish adding Address Space Layout Randomization. He expects Apple will soon.

“I’m going to keep saying Snow Leopard is less secure than Windows 7,” Miller said. “Fix that one thing and I would stop saying it.”

See Also:

• Another Mac Virus Alert. Real This Time?
• Mac Attack: Another Trojan Hidden Inside Photoshop Crack
• Virus Infects Space Station Laptops (Again)
• Apple on the Need for Anti-Virus Software: Now You Do, Now You Don …

Photo: ShannonKringen/Flickr