“Conventional wisdom has it that Apple’s Mac OS X system is more secure than Windows. And though partisans on either side of the OS fence have differing reasons for believing that to be so—Mac users believe it’s because of the inherent superiority of OS X’s UNIX underpinnings, and Windows users claim that OS X’s tiny 5 percent usage share isn’t a sufficient target for hackers—this is perhaps the one area where they do agree.

But security expert Alex Stamos of iSec Partners says the conventional wisdom is wrong. And this week at the Black Hat Conference, he claimed that Mac OS X is “significantly more vulnerable” than Windows 7 when it comes to network-based attacks—you know, the kind that actually occur in the real world…

…And in the interest of full disclosure, various versions of Mac OS X did suffer from fewer overall vulnerabilities over the past three years than did various versions of Windows: There were 1,151 major OSX vulnerabilities in this time period, compared with 1,325 for Windows. (But even those figures should temper any talk of OS X’s “inherent” superiority. Just a thought.)

“OS X networks are significantly more vulnerable to network privilege escalation,” Stamos said at the show. “Almost every OS X server service offers weak or broken authentication mechanisms.”

Stamos also threw cold water on the notion that OS X is too small of a target for hackers to bother with, and he notes the small difference between overall OS X and Windows vulnerabilities over the past three years as proof. If hackers were ignoring OS X as predicted, those vulnerabilities would never have been found.

He also points out that a false sense of security leads Mac users to think they are invulnerable to hacking, and Apple’s “deceptive” advertising doesn’t help. Mac users are more prone to social-engineering attacks than Windows users simply because they don’t have the security religion…”

Read the whole article here:

Paul Thurrotts  Tuesday, August 09, 2011


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *