Windows vs Mac Security

sdhorne writes "There is a good technical discussion over at InfoWorld on the merits of launchd and what is lacking in a comparable Windows secure solution. It is a throw back to the UNIX vs Windows security discussion that has been hashed out for many years." From the article: "it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners. Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through .Mac, and launchd. Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down."

Well written, but

[MECC]

Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down."

It seemed pretty wello written. That said, I which he would have said a little more about launchd, at least enough to explain why it gives OSX an advantage. It would have also been nice to have had some kind of side-by side comparing Windows and OSX, like how the windows System pseudo-user trumps the admin user, and how there is not way to trump the OSX root user.

Why this can't happen under OS X:

I don't know if I'd go that far. OSX isn't 100% immune - it just has more common sense.

Re:Well written, but

[fruitbane]

"I don't know if I'd go that far. OSX isn't 100% immune - it just has more common sense. "

This is, I think, the best summary I've ever read of OS X's inherent security advantage. No OS could really succeed and be 100% air-tight at the same time, IMO. And user- and developer-friendliness does often mean compromises that lead to security problems, but the article that this discussion refers to covers a lot of it well and MECC (parent) summarized succintly and effectively.

OS X, as an OS, has more common sense built-in.

Re:Well written, but

[93+Escort+Wagon]

"In a nutshell, OS-X is built upon a known animal, whereas Windows is an animal which continues to be re-invented, like a leopard changing its spots to stripes, then plaid, then paisley, then something else."

I am a Mac user, and I think it is an inherently safer platform design than Windows. But as was mentioned in a recent SANS newsletter, Apple has on occasion had problems with security issues that were resolved long ago on BSD proper and on Linux. So while it's true that OS X is "built upon a known animal", they haven't always been as consistent as I'd like with regard to learning from other groups' mistakes.

Re:Well written, but

[IamTheRealMike]

From your article:

First of all launchd replaced init and xinetd with one process. This is a bit scary as we now basically have init listening in a bunch of different ways for something to tell it to start a job. The security implications of this aren't really known yet with launchd being as young as it is.

Secondly, and in the same vein, launchd is process 1 and it has the potential to take down the whole system. I've already seen unconfirmed reports of a ssh scan on a network causing launchd to freak out and make systems inaccessible. Having at least some sort of resource limit set on jobs might help here.

I guess I'm struggling to see how yet another way to launch things is a revolution in security, given that it's a brand new (and therefore untested) codebase and already has reports of it "freaking out".

The default in Windows is now to have no open ports as well due to the Firewall, so for any up to date installation of Windows the primary ways crap gets in is via browser exploits and malware. I am not seeing anything that Apple does fundamentally different here - Safari has already had several serious security problems, some of them near identical re-runs of problems Microsoft had before (eg help exploits). Malware is just a massively hard problem that nobody is really attacking right now, except maybe Microsoft with Vista, and there's certainly nothing in MacOS that would make it hard to write malware. Indeed there is very simple example code showing how to dump secure form information from Safari and you know how much marketeers would love that.

A lot of the points made in TFA aren't valid either, they are apparently the result of an extreme lack of thought or knowledge:

• The purpose of most of the DLLs in SYSTEM32 is documented, just look at the summary tab in Explorer, the problem is that with any complex operating system it's trivial to make up fake names that sound plausible. So it doesn't help as much as you might think. 3rd parties are "duty bound" to produce man pages? Please, how ridiculous. You could argue the same for Linux yet people routinely write new programs without man pages.

• Windows requires users to use Administrator to install software? No, buggy software requires that. Historically a few Mac programs have had the same requirements ... iTunes springs to mind. Anyway, the Apple solution to buggy software requiring elevated privileges is "you can't run that software" - not very helpful if you need it.

• "Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread" ... no they didn't, there is no API to prevent yourself from being debugged. This is a total fantasy. Why should I believe this guy at all, when he is talking such nonsense? There are various tricks you can use to detect a debugger being attached but none of these are reliable and none have OS support. If you detect a debugger you cannot force it to detach, the best you can do is stop the program and put up a message box. I think he has seen these messages from copy protection software and assumed it's a flaw in Windows. Not so.

• "Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these" ... a feature that OS X has as well.

• "OS X's nearest equivalent to the Registry is Netinfo, but this requires authentication for modification. In later releases of OS X, it is fairly sparse" ... no it isn't, the "equivalent" is a mish-mash of Netinfo, XML plist files dotted around the filing system, UNIX style config files and proprietary datastores. I fail to see how this is an improvement.

I could go on, most of these points are either wrong or very biased. The article seems worthless as a serious security analysis. I suggest the author go research exactly what modern malware does and how it works.

Re:Well written, but

[Rob_Bryerton]

In the past Microsoft have commented that they have completely ditched the code Windows was written with and re-written from ground up, to try to address myriad flaws. That's pretty drastic.

Yeah, it's always new code; all new, better than ever. This time we REALLY mean it. Those of us who've been around the block a few times KNOW that they're full of crap. Always were, always will be.

The fact that Vista was vulnerable to the WMF exploit last year which dates back to Windows 3.x (I beleive) shows how much new code there is. But it will sell like hotcakes because, as mean and cynical as it sounds, people really are stupid and naive, and they actually beleive what a corporation tells them...

What, me bitter? No...well maybe a little

Re:Well written, but

[isellmacs]

IE is an extension of windows explorer, which is a part of the OS.

Removing IE is definitly possible, but the core of windows explorer and internet explorer are one and the same, so to make IE a stand-alone product for windows, would mean re-writing the entire browser as a completely seperate program, and then making it look the same.

And he's right about the OS not being as much of a problem. How many windows problems can YOU name that aren't caused by a) an Insecure Webbrowser Exploit, b) an Insecure Email Client Exploit or c) Bad programming on a 3rd party application?

Really most of the problem isn't in Windows itself, it's in Windows users just clicking on the "install this virus for a free ring-tone!" or the "double click on the bigtittiedblondesvirus.jpg.vba" attachment in their email. OSX is less immune to these malware and viruses as it is incompatible to them.

Overall I personally feel OSX is more secure as an OS, but alot of people blow it out of proportion, and cite things that aren't a problem with windows itself. They problem may be via microsoft products (IE or Outlook) but those are seperate programs.

Re:Well written, but

[Sunrun]

- Windows requires users to use Administrator to install software? No, buggy software requires that. Historically a few Mac programs have had the same requirements ... iTunes springs to mind. Anyway, the Apple solution to buggy software requiring elevated privileges is "you can't run that software" - not very helpful if you need it.

From TFA:
"- Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage." [emphasis mine]

First, administrative privilege != the Administrator account.

Secondly, yes, Windows does in fact require admin privs to install most software. Try this some time... Start with a fresh WinXP install. Immediately after setup, create an account with only User privilege and log in with it. Then, try to install all the software you'd normally install (anti-virus/spyware-checker/firewall, ANY productivity software (MS-Office, OpenOffice.org)) and see just how far you get. I'll save you the time: you can't. This is exactly the reason that most users run under an account with membership in the Administrators group for every-day tasks -- they're lazy and don't want to be bothered by being constantly denied access to this function or that resource because the account they're using isn't an Admin. By the way, this goes double for people whose job is Windows Administrator, but not just because they're lazy.. Because they're arrogant in addition to being lazy. [And before you label me a whiner, I'll say that it takes a Windows Admin to know a Windows Admin.]

I further defy you to find a single piece of software for MacOS X that doesn't require Admin privs to install.

I conclude that you're missing the point. A system requiring privilege to install ANY software will be inherently less prone to malware since it requires a brain to be sitting in front of the screen having to make a decision based essentially on whether or not they did anything to provoke such a request from the OS. It makes sense in a business environment where you don't want users installing just anything, and it makes sense in a home environment where you don't want your kids installing just anything -- especially when you don't want it installed by accident, which is (or should be) always. I would also point out that there's a difference between "want" and "need". In the above cases (business and home) "need" becomes "demonstrated need".

/rant

well,

[joe+155]

"Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down"

I would have though "(almost) no viruses" would have done the trick since OSX came out...

Or, we don't effectively force everyone to run as super user all the time - if you prefer

But what if Microsoft offered it all together?

[LinuxIsRetarded]

Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through.

Don't you think that if Microsoft offered this that everyone would cry monopoly? Actually, I've seen other people on Slashdot cry this before at the announcement of Microsoft's OneCare program, which isn't even bundled with the OS!

Re:But what if Microsoft offered it all together?

[planetmn]

Of course most on Slashdot would cry monopoly if they included all of the features in the OS. Around here MS is damned if they do, damned if they don't.

-dave

Re:But what if Microsoft offered it all together?

[jank1887]

If a user wants Anti-virus, anti-spam, encryption, image backup and restore then it is the users responsibility to install said software.

Or, as stated before, the OEM's job to put all these together for the user. And the OEM should be free to bundle/unbundle as he sees fit, according to user demand, without ANY input from the OS supplier.

Re:But what if Microsoft offered it all together?

[99BottlesOfBeerInMyF]

It's not difficult to understand; it's annoying because it's the wrong argument, and it really muddies the debate. We don't need to hold Microsoft and Apple to different standards to show that one is better than the other. There is nothing wrong with MS bundling software with their OS.

I 100% disagree with this. It is illegal for MS to bundle any software with their OS, for which their is a separate market (like antivirus). Anyone who understands the economic models of monopolies should understand why. We are holding MS and Apple to the same standard. Neither can bundle products they have for which there is an existing market, with a product they have that is a monopoly in a market. It is illegal for MS to bundle antivirus software with Windows. It is not illegal for them to bundle antivirus with their mice or MS Office. It is legal for Apple to bundle antivirus with their OS. If Apple is ever ruled to have a monopoly on iPods it will be illegal for them to bundle antivirus with iPods (They are around 70% of the market now and some courts have already begun investigating the possibility).

Re:But what if Microsoft offered it all together?

Thats entirly M$'s fault. They crapped out on security to a point where 3rd party solutions where required just to use M$'s OS. They created the market for 3rd party solutions, and due to there stupidity, it thrived. Now, look at M$'s history, its filled with "all for the money" type of things, they dont make good software, they make 'eh' software thats good enough to keep people using computers, but not innovative software that changes the idustry. They are mostly managed by there marketing department, and legal department, not a "department of common sence", they want money, and lots of it. Taken its past games, can you blame anyone for calling anti-trust issues over M$ if they do try to compete?

The problem is they are already a convicted monopoly, and they got away with it, little more then a slap on the wrist with a string. There is no reason to believe they wouldent do it again either, a lot of people would say they are constantly trying to push the law over. Now, they created the antivirus/spyware/whatever market with their stupid programing gimmicks, mostly trying to get around the law, or prevent the law from catching up to them durring the 199*. Because they choose the route that let to lots of security problems, people needed security software, and M$ never provided it. Now, a few years latter, when there is a market for security products, and the US anti-trust issue pretty much forgotten about, here they come along with a product that competes with existing products. Nothing wrong with that, untill you just look at M$'s past, there is no reason not to think they wouldent use their monopoly to stiffle existing products, they have already done that before, and if i recall, their new OS Vista seems like it would break 3rd party security tools. Either way, its almost certain that M$ would leverage their position, possibly even offer their security tools for free (like they did with IE when netscape was around), and intigrate them into the OS like they did with IE, so that if taken to court, they just claim that its a vital part of the OS and cant be removed without breaking everything.

I dont think anyone should have any simpathy for M$, if they cared about security and not profits so long ago, they wouldent be in this mess they made. They dident even bother to clean it up back then. In their case, they chose the "damned if they dont" route, and now want to change routes, convently after a market has already risen, and if they switch, that market may go bye bye for all the 3rd party apps.

Re:But what if Microsoft offered it all together?

[DesireCampbell]

That's because Microsoft is a convicted monopolist while Apple is not

Arrgghhh! I hate it when people say that. That exact line: "Microsoft is a convicted monopoly". You can't be "convicted" of being a monopoly, being a monopoly isn't a crime. Using that monopoly to unfairly gain more market share and profits is a crime.

And it's not as simple as a monopoly being held to "higher standards", they're held to "completely different standards". This is a prime example, bundled security applications. Apple can bundle whatever they want with their OS - Microsoft can't. Microsoft can't even improve the damned search function without an investigation.

Apple holds more power over their products than Microsoft has over theirs. Apple sells their software with their hardware. Microsoft just sells software. No one says anything bad about Apple forcing its customers to have their proprietary security software bundled withe the OS. Microsoft, on the other hand, is forced by the EU to provide versions of Windows without IE and Media Player. Apple puts in Spotlight, and people laud it. Microsoft tries to put the same function into Vista, and they get investigated.

The bottom line is this: If you laud Apple for including more and more useful apps in System Software, then you can't turn around and troll Microsoft for doing the same thing. You can't complain about Windows being worse than OSX and then complain when they try to make it better than OSX.

Re:But what if Microsoft offered it all together?

[noidentity]

Funny how when it comes to Microsoft, the question is always one of how the anti-malware add-on software is included, always with the assumption that Microsoft couldn't render it unnecessary. Last time I checked my Mac OS X installation I didn't find any anti-malware software, just a system designed so that such a thing is entirely unnecessary. Why can't Microsoft simply render the architecture itself incapable of being penetrated in the first place, by design? Not one that includes extra modules to block attempts, but one in which penetration has no definition?

Re:But what if Microsoft offered it all together?

[99BottlesOfBeerInMyF]

The issue is persuading other companies who sell your product not to sell a competitors product.

The issue is, quite simply, doing anything that provides your product an advantage over another product, because you have a monopoly on a different product. It does not matter if it is coercion, bundling, or tying. Here's the test. Look at two products in the market, like IE and Firefox. Does IE gain an advantage in the market because MS bundles it and thus all developers know users will have it available? Yes. Are they able to do this because of their Windows OS monopoly? Yes? Without having a monopoly, can the Firefox team make sure every Windows box has a copy of Firefox on them, without costing them any money? No. Thus it is a violation.

Do you have cites for your claims MS has settled with several companies over Wordpad?

I don't have citations, just something I think I recall from and article in passing. MS has settled a lot of these lawsuits, most of them with the inclusion of a nondisclosure clause. It would take a lot of digging to find any given specifics, if it is even possible.

And while having 70% marketshare may have potential for monopoly influence, it doesn't mean you are imposing your will on vendors - it means you probably have enough clout to do so. I mean, anyone has the potential to be a murderer, but we aren't all murderers now, are we?

Here is where you are making a false analogy. Being a murderer is illegal, by definition because it means you have committed murder, which is a crime. Being a monopolist is not illegal because gaining a monopoly is not illegal. Abusing a monopoly is illegal. Thus a more proper analogy would be Monopolists are like people who have baseball bats. They both have the power to commit a crime. If a baseball bat owner beats someone to death or if a monopolist bundles another product with their monopoly product, then they have committed a crime.

In the case of Apple, the courts aren't ruling if Apple has beaten someone. We know Apple is bundling. The courts are ruling if Apple has a baseball bat and is thus guilty of armed assault instead of simple assault. They are measuring the size and weight of the stick Apple has to see if it is legally a weapon. (To be a more perfect analogy, beatings would have to not be a crime unless committed with a weapon as bundling is not a crime unless the involve a monopoly product.)

Re:But what if Microsoft offered it all together?

[amliebsch]

It's been discussed, but I've never seen anybody substantiate this claim.

Microsoft is just too nice?

[Shimmer]

It always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners

So if they bundled everything you list (anti-virus, anti-spam, encryption, etc.) into the operating system, you don't think they'd be accused of illegally leveraging their monopoly advantage? Just look what happened when they integrated a web browser into the OS a few years ago.

Re:Microsoft is just too nice?

[n2art2]

The difference is. . . . Try and get rid of explorer. It is one thing to offer/install/bundle an option for those services, that can be deleted if the user decides to use another service. It's another to integrate it so far into the OS that you are forced to use it. (Think beyond websurfing.)

Re:Microsoft is just too nice?

[aaronots]

Exactly. Not to say that Microsoft would do it right if they bundled all that functionality with the OS, but Apple has a competitive advantage by strictly controlling the hardware and being able to include anything it wants in an OS without the threat of an Anti-trust case. Microsoft could never do the stuff Apple does. Just look at iTunes; if Microsoft had a proprietary compression format that only they could use, and had 90% of the market i think it would be viewed as anti-competitive.

Re:Microsoft is just too nice?

[turnipsatemybaby]

I was going to raise the same point. And at face value, the point is perfectly valid. However, there are some critical differences:

The entire way that windows handles permissions and access rights is flawed right from the beginning, as is thoroughly described in the article. One correction I would make is that you MUST run as admin just to use the computer properly in most cases. Hell as an example, *Quickbooks* demands administrative access to function. WTF?

OSX handles things in a much saner and more transparent manner. Everything is controlled and properly isolated by virtue of being based on unix.

Additionally, Microsoft loves to tie all the different features into each other like a bowl of spaghetti. They went to great pains to integrate IE and WM into Windows, so that they would be "inseparable". That's a far cry from simply bundling in an antivirus or a browser. Not only was Microsoft doing everything they could to make sure that their version of software must under all circumstances always be on the system and used in some capacity or another, they've also ruined the security of the system even furthur because they tied what amounts to user application software into the core of the OS.

And never mind the fact that Microsoft was forbidding OEMs from including alternate versions of software.

Re:Microsoft is just too nice?

[2nd+Post!]

And Apple could never do the things Microsoft does:
1) Threaten Compaq with withholding OS licenses if Compaq installed Netscape Navigator as the default browser
2) Threaten IBM with increased OS license fees if IBM did not drop OS/2

Those were the lynchpins of the antitrust lawsuit. If Microsoft had ONLY bundled, they would not face monopoly abuse charges. Then HP could have UNBUNDLED IE and installed Firefox, or IBM could have unbundled Windows and installed OS/2.

Apple's bundles can be unbundled. That is the critical difference. Drag Safari, Mail, Virex, Appleworks, iCal, and Quicktime to the trash, and the OS still works.

in fairness to microsoft

[P3NIS_CLEAVER]

I wonder if they would have been slapped with an antitrust lawsuit if they incorporated antivirus in the OS. It certainly would of had a big impact on the antivirus companies.
Maybe with apple incorporating it they have the green light to go ahead with it.

All I know is ...

[boxlight]

I'm no network admin, but all I know is since I switched to Mac I have no Norton or Symantec software running and there's no signs of threats anywhere. boxlight

Re:All I know is ...

[NatasRevol]

Why?

Why not just put the AV on the Windows box?

You're just wasting your time & CPU cycles putting it on a box that has no need for it.

Anti-virus?

If you don't count a trojan as a virus, then you don't need an anti-virus if your OS is secure. Apple can work on securing its OS or on an anti-trojan, but any effort spent on an anti-virus is wasted.

Security doesn't stop at the OS

[niliin]

Good artical, however I think the point is realtivly mute. It is true that currently OSX by default is less stupid then windows. However, I think it is truely the end user that decides how vulnerable a system is by what they do with that, OS independent, I could have a XP, OSX, and lets say Mandrake box, and they could all be equaly vulnerable depending on what I have done with them. With a straight base install, I would say windows would be at the bottom of the list, however, after you install a few firewalls on that box, put it behind a router(includes it's version of cheap firewall) it becaomes safer.

So, I don't think out of box security has much importance as whether or not the person using it does. If you browse less then reputable sites you will get attacked, and no mater how good your secruity is some will slip through. So the key is, don't connect your box to the NET :)

Concept Versus Implementation

[99BottlesOfBeerInMyF]

Conceptually, I agree that LaunchD is a really slick idea and I really hope Linux and the BSDs take a good hard look at this code and the possibility of adopting it. That said, it is not a security panacea by any means, just one more clean, sensible implementation that leaves less room for a vulnerability. The thing that makes me hesitate to laud this feature, however, is the implementation. Apple has a lot of smart people working for them and a lot of old school UNIX geeks to whom secure programming is as natural as breathing. They also have a lot of coders and managers who realize that OS X is not a primarily security minded OS. Sure, it is better than Windows and on par with a desktop Linux distro, but it isn't a locked down OpenBSD install or a super secure Linux distro. They don't focus their efforts on security and it shows sometimes when they introduce new code. LaunchD replaces a number of time tested bits of code and while it is (IMHO) a much cleaner, nicer design I haven't a clue about how well written and tested it is, especially from a security perspective. I'd feel a lot better about claiming it as a security feature if I knew some white hats had pounded on it for a while and exposed anything Apple did not bother to think of. I'd feel a lot better if the OSS community in general jumped on it and adopted it, thus helping with this security testing and adding more eyes.

I like LaunchD. I like OS X as a desktop. Lets just not get carried away here with random claims about security. OS X is inherently more secure than Windows, but that really isn't saying a lot. I'm not willing to just assume LaunchD is secure in and of itself, let alone that it will play a big part in securing the OS as a whole.

Re:Concept Versus Implementation

[99BottlesOfBeerInMyF]

Um, if you are worried about holes in launchd, why not audit the source code yourself?

Because I don't have the time and because I don't trust myself to find any and all potential problems. I'd much rather Apple had a team of experts attack it on their dime and/or that the OSS community as a whole spent some time banging on it. They, collectively, can do a much more thorough job. I know some people are already looking at it, including some OpenBSD guys. In fact, I've heard rumors of potential DoS attacks that could take down the box if SSH is enabled on OS X 10.4 systems. We'll see if they pan out.

114,000 known viruses. Really?

[phatvw]

"...it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners."

Since when has this been a "policy"?

With the DOD recommending that folks update their Windows PC's in the interest of National security, I don't think the same Government would launch an anti-trust campaign against Microsoft for including security tools in-the-box. If that were the case, Windows Vista with its built-in anti virus/anti-phishing/anti-spam/encryption/backup and a slew of other tools would be in real trouble and would ship late...

Oh wait...

In any case, I reckon the reason MS did not do security work until recently was simple economics. Folks bought the software anyway, so there was no incentive to spend up to 20% more on engineering costs with little return on investment. As security becomes a more mainstream topic, consumers and businesses are taking notice. Many corporations, including Microsoft, realize that there is money to be made in security.

Microsoft's Intentionally Insecure?

[mpapet]

maintaining gaps in Windows security to avoid competing with 3rd party vendors

Whoever dreamed up this rationalization is gifted.

The holes are there by design. As in security wasn't a part of the overall design. I would argue that it still isn't.

Like all the versions that have come before, "It's more secure" for about a week after launch and then I'm back to cleaning out infected PC's. This works out great for me because it's my job. Personally, the people that take my advice to switch -always- thank me later for making a switch.

Re:Both are unusable

Lets see a goofy bar at the bottom of your screen that acts as a terrible task manager (OSX). I mach kernel and freebsd kernel combined to give extra slow performance(OSX)

Mac OS X's Dock is not meant to be a task manager: it's mean to be a collection of one-click shortcuts to your most commonly used applications, folders, and documents. That it also shows running applications to also easily switch between them is just a bonus, and does not make it into a task manager. If you want to see a list of running threads and processes, (force) quit processes, and graphs of CPU, Memory, and Disk usage, as well as Disk and Network activity, use Activity Monitor (/Applications/Utilities). It's all about the right tool for the right job.

You're dead-on with the performance issues of XNU, though.

Re:UNIX and viruses

[wfberg]

[..]say that as the Mac gains a larger market share, the number of viruses available for it will grow. I think this is of little consequence.[..] The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users [..] and most of all the fact that users don't run as administrators, all of these reasons make it much less likely that viruses could be as damaging as on Windows

I think this is thinking too much from the perspective of old-school "format c:" destructive virusses.

Today's malware isn't purely destructive anymore; in fact, little incentive exists to create a virus that merely destroys stuff.

Today we're seeing worms that are used to send spam or perform DDOS attacks, and ransomware that encrypts your files and will only unlock them after you pay up.

Access to a user's home directory is perfectly adequate for ransomware. Access to networkresources is sufficient to turn your computer into a zombie. Privileged system access is not the holy grail; access to specific resources are.

User-based security offers no protection against this. Instead people often install programs to limit access to, for example, network resources - a software firewall that will inspect a process to see if it's legit before letting it use the network. Likewise we will need a security subsystem that prevent programs to write to files not created by them. For example; firefox should be able to upload a word document (read permissions) perhaps, but surely only word or openoffice should be permitted to (over)write it.

This is more along the lines of capabilities, but it could be grafted onto user-based security systems (just run processes as different users and give those users permissions only to write to their own files and/or read from their own directories, with some exceptions (e.g. the filemanager)).

Todays programs are so flexible and scriptable, not to mention just plain big and unverifiable, let alone complex and exploitable, that simply saying 'these programs have been deemed safe by an administrator, so they can access all your files if you run them' is no longer an adequate means of making sure applications stay within bounds. We really need to make programs stay on their own turf. Not just files; how about that registry? Why the hell should every program be able to read all of it, and write almost all of it, even keys that belong to a different program?

It's not just windows; MacOS lacks such stuff at the moment too (though it will undoubtedly be much easier to integrate into it than into Windows). Really only SE Linux is set up to handle this sort of thing.

Re:UNIX and viruses

The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users.

I've never quite understood how this made people feel any safer. The data that I care about is all in my home directory, or in another directory, accessible (read/write) by my user. Viruses who gain control of your system without you knowing of it is probably more dangerous, but "it can only delete files in the user's home directory" is not a very good argument.

Re:UNIX and viruses

[Laur]

The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users.

In reality, this is not an important distinction for home users. I don't know about you, but I don't care a whole lot about by system, I can re-install everything without too much trouble. Replacing years of digital family photograghs, financial records, etc. in my home directory? Impossible. This is why I backup my home directly regularly, but don't bother with the system.

Behavioral flaws, not just technical

[Kadin2048]

What I thought was interesting in the article was how many of his complaints were probably due not to bad design per se, but to poor practices -- things like documentation, structural transparency, consistent use of system policies, etc.

What struck me is that there are definitely seeming flaws in Windows that make it insecure as-is, but that it doesn't have to be this way; Microsoft has chosen and continues to choose to operate in such a way that exacerbates rather than minimizes the effect of many of the inherent weaknesses of the platform. A similarly designed system, managed and documented differently, would probably be less problematic.

The way I see it

[JoeCommodore]

Windows systems have been, are, and probably will be getting hacked - a lot - on all levels in the forseeable future, they talk up security but there is still the current (well publicized) vulnerabilities.

Other systems (Mac/Linux) aren't having such major issues - they tout security, and are blasted because 'they are obscure'. There is a lot of 'talk' of possible vulnerabilities, and there are speculations there may be vulnerabilities. But they are STILL more secure now and have a good track record.

What part of this would make me trust Windows more?

Re:Market Share

[memoryhole]

Your argument can be easily demonstrated to be false. In particular: Apache is currently (and has been for a while) the most popular web server on the market. It has something approaching 70-80% market share. However it does not suffer from 70-80% of the vulnerabilities and exploits that are out there. What web server *does* suffer from 70-80% of the exploits? Microsoft IIS. For some reason, it's more exploited despite having significantly less market share. Thus: arguing that Microsoft's problem is simply one of exposure is a totally bogus argument.

Secure principles

[blakestah]

Mac is not dramatically more secure through launchd...

It is simple really. Six years into OS X, growing market share, and no viruses in the wild.

First principle. No ports open by default. Macs ship with a closed box. Plug it into the Internet, wait, and your machine will never get infected simply because it is not listening on any port, and no attacker has any foothold to get into the box. Over the years Windows has shipped with a wide variety of open ports, whether they be for netbios, smbd, messenger, IIS (on NT), or others. Many of these have been launching pads for viruses and worms.

Second principle. Design the OS from the ground up to support privilege descalation. That is, make it so that every action on the machine is executed with User privileges or less, unless you really need more privilege. Launchd is a part of this. On Windows, you still have ActiveX with escalatable privilege, and people get infected from web surfing or opening email.

That is really all it takes. Make it so a user cannot compromise the OS trivially, and there are no open ports, and you made a box as secure as a Mac. Once you start opening ports, you need to know what you are doing or you will be 0wn3d by some script kiddy. Make it secure by default, and force the user to take positive action to do anything that is a potential security problem (like installing executables from random places on the internet).

Re:UNIX and viruses

[j-turkey]

Viruses are definitely part of the umbrella concept we often call "security." I've heard it mentioned many times that Macs do not suffer from viruses because they have a smaller market share, and virus authors invest their time into attacking more dominant systems. People who say this generally go on to say that as the Mac gains a larger market share, the number of viruses available for it will grow. I think this is of little consequence.

IMO, this is a tired argument, especially considering what many modern worms actually do. I say this as a Unix systems administrator, so I'm not defending Windows inherent lack of security as a Windows user. I'm more trying to kill an argument from lazy Unix admins that just doesn't make much sense when considering the latest trends in malware. The reason why malware is so scary is that there is a real commercial interest in using remote computer resources on a massive level. It can be spam zombies, or a spyware'd box with amazon commission redirects. Even massive ddos'es can be staged from owned user accounts. All that's necessary is a socket. The fact is that the user versus superuser argument completely ignores modern trends. It's also a convenient argument for Mac users who love to spout how their systems are Unix and therefore impervious to attack (and they're actually not Unix, but this is really just a trademark issue and little more). I'll explain my position on security a little further below.

First of all, how many Windows desktops in the workplace actually have more than one user? What about MacOS desktops? I'd bet that it's actually a pretty small number. Own the user account, and you control most of what that system is used for.

Modern malware tends to only require a user account anyway. Need to create a spam zombie? Why would you need to root a box when a regular user acccount can spew email all day long (unless /usr/bin/sendmail is executable by root only, but nobody does that)? Further, as things utilities like sudo become commonplace, one can run a keystroke logger in the userland shell to own the user account and thus the box. Need to create an IRC bot? Why would one need a superuser-level account in order to do this? Furthermore, even without sudo access, if one really wants to own a box, a userland account is a great way to evaluate and expolit a box to escalate priveleges. Many of these are things that can be done with a simple trojan -- even a shell script can begin the process. A user just needs to be tricked into using this. After working in an office with many basic users, this is really easy to do -- regardless of the system.

Many of the anti-Windows arguments come from default permissions which can easily be closed by most admins (even those who are only partially competent). No system is better than the person (or people) running it. A perfect example is the author of the article. He took a Windows system and just dropped it on the public internet, then acted surprised that his system was rooted. I wouldn't do that with any of my Unix systems. Was there any reason why his 'Server' service was accepting traffic from the public internet? Why wasn't it firewalled at the border *and* on the system? Could I call a Mac inherently insecure if a user configures their system with plaintext auth (an FTP server, let's say) and passwords are sniffed from another owned box on the LAN?

Further, you haven't really addressed the most basic issue of social engineering. Are Mac users somehow more savvy and less click-happy? In my experience, OsX machines have a great way to install applications in kernel space. Just type your password, and the system automagically runs sudo and installs the app as root. The Windows run-as doesn't always work quite as well. Basic users aren't as vigilant as seasoned admins. They'll do or type anything that an installer tells them in order to get that cool fishie screensaver that their coworker in the next c

OS X is better,but...

I'm sure OS X is more secure then windows but give me a real unix operating system,os x is so hacked up and different it doesent even feel like a real unix operating system.You cant even mount ext2/3 in os x,whats up with that?