Mac OS X the 'world's safest computing environment'

[MacBytes]

Category: News and Press Releases
Link: Mac OS X the \'world\'s safest computing environment\'
Posted on MacBytes.com

Approved by Mudbug

[marquitin]

If Apple wants hardware customers, an ad campaign around the relatively safe and nuisance-free OSX environment would bring a lot more interest than the kid getting blown out of the house when he starts his G5. I'm surprised Apple isn't making a lot more of this. Regular people I talk to are HATING their PC's these days.

[nagromme]

There WILL be a nasty OS X virus one day... nothing like the problems on Windows, but one day we'll have to settle for "Macs have only one virus." Then it will be two, then three... might never reach four, you never know So I agree, Apple ought to hype this while they can still say ZERO!

Meanwhile, as people begin the inevitable argument over whether Macs are better-designed OR a smaller target... obviously they are BOTH! And we reap the benefits of both. And both will be true for a long, long time.

Whatever comes our way, it will never equal the nightmare of Windows users.

[gekko513]

I'm not sure if I'm able to understand the numbers. It looks like it says that of all successful manual hacker attacks
65.64% against Linux
25.19% against Windows
4.82% against BSD and Mac OSX

I don't know how many of the potential targets where BSD and Mac OSX, but if they accounted for less than 4.82% of the total number of targets, then that is hardly a good thing.

If the number says that of all BSD and Mac OSX systems, only 4.82% of them were compromised, then it's a good thing, but it doesn't look like that's what they are saying.

[MikeTheC]

Quote:

Originally Posted by gekko513

If the number says that of all BSD and Mac OSX systems, only 4.82% of them were compromised, then it's a good thing, but it doesn't look like that's what they are saying.

Well, I re-read the original article myself. Please pay particular attention to the following paragraph:

Quote:

Originally Posted by MI2G Report

The study also reveals that Linux has become the most breached 24/7 online computing environment in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded, with 154,846 successfully compromised Linux 24/7 online computers of all flavours. The number of successful manual hacker attacks against Microsoft Windows based online computers has remained steady and accounts for 25.19% of all breaches recorded, with 59,419 successfully compromised Windows targets of all versions. In sharp contrast, the number of successful hacker attacks against Mac OS X or BSD based online computers has demonstrated a declining trend and accounts for just 4.82% of all breaches recorded, with 11,370 successfully compromised BSD targets of all flavours including Apple.

As I read it, of all 235,907 systems in the report, 11,370 were BSD systems which would therefore include Mac OS X, thus meaning that the 11,370 included both Mac OS and non-Mac OS BSD varients with no specific breakdown between them.

One can only speculate how this would change (if at all) if Mac systems became the majority of BSD boxes out there.

What intrigues me is why the Linux boxes were (allegedly) less secure than Windows. I don't mean to imply that Linux is holy and sacrosanct and pure and therefore cannot possibly be hacked, but I'm wondering why it was more readilly hacked than a Windows box. But, it does prove the point that (for better, worse, or indifferent) BSD is a more secure system than plain-jane Linux. I'd always assumed (and yes, I know exactly what Benny Hill said about assuming) Linux would be on an essential parity with BSD.

Maybe those setting up and maintaining those systems were just idiots. Who knows...

[space2go]

LOL releasing funny numbers in the hope someone shells out £900 to get their 'facts'.
Nothing to see here, carry on.

[iMeowbot]

Quote:

Originally Posted by gekko513

I don't know how many of the potential targets where BSD and Mac OSX, but if they accounted for less than 4.82% of the total number of targets, then that is hardly a good thing.

Yeah, those numbers don't mean much of anything. All mi2g are saying in their press release is that of the breaches they looked into, this is the breakdown of operating systems. No information is supplied about how they collected this information, or the distribution of operating systems overall in the places where they looked.

There is also a section consisting only of apologetics (see the "important note"), saying they they've improved the sample sizes they have been criticized for in the past. Unfortunately, a larger sample isn't necessarily a better sample; they really need to do a little more explaining.

[cluthz]

The article isn't very clear.

They says that one a small percentage of the compromized systems where large systems. And they claims that over 60% of the compromized machines is Linux, which is used on about 2%(?) of the worldwide systems.

Since Windows has 90% of the market and only 25% of the compromized machines, they have to be rocksolid.

There fewer than 4.8% of BSD machines in the world, but 4.8% of the compromized machines are BDS systems? We are in deep ****...

I don't know where mi2g gets their numbers from, but they surely needs some explaining.

[MikeTheC]

I don't think my previous post caught me at my most profound. Sorry 'bout that.

What I was trying to say is that, while it seems that Macs were in the super-minority for being successfully compromised, there really wasn't a good breakdown on box OS usage percentages. So those who complain they didn't explain that bit of it, I agree with you completely.

Something I found really suspect is their insistence that Linux is the most hacked box. I know some Linux users personally and I have casually met a fair number of others (plus read articles, interviews, etc., all the usual sources) and know the demographic for skill and knowledge level in the Linux world is, when compared to any other OS user base, atypically high. I mean, come on, the Linux crowd is made up in the majority (probably the super-majority) by computer enthusiasts and hobbiests (not unlike the computer users of the 60s, 70s and 80s). The "average" Linux user is very, very saavy. For all I know, the "average" Linux user can probably write code to some degree. They certainly know their way around scripting, firewall configuration, etc. Based on this, I would have to assume that Linux dedicated sysadmins would be way at the upper end of the "I know how to secure my box crowd" curve.

What this article suggests is that there is an army of incompetent idiots sysadmining the Linux platform out there, and that a higher percentage of Windows sysadmins are saavy than Linux sysadmins.

Anyone else out there see a flaw in this basic reasoning?

I mean, even if we accepted as a given (strictly for the sake of argument) that we have an equal number of equally knowledgable, skilled and experienced sysadmins out there in both the Windows and Linux camps, it would be my impression that the Linux crowd would be far less successfully hacked based on security holes and overall exploits found in both operating systems.

Now, don't get me wrong, I would love to know that BSD (and, therefore Mac OS X) runs circles around everything out there on the planet and that it could single-handedly bring down and unseat all other OSs as the premiere workstation and server OSs, but even I know better than that. But this noise that Windows is (by way of a back-handed complement) superior to anything else out there (BSD notwithstanding) just raises a red flag.

[macridah]

Good for PR and I love this quote: "More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004"

[MikeTheC]

Quote:

Originally Posted by macridah

Good for PR and I love this quote: "More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004"

I'm wondering how long it will take Apple to glom onto this bit of "good" news...

[space2go]

Quote:

Originally Posted by MikeTheC

I'm wondering how long it will take Apple to glom onto this bit of "good" news...

I'd say Apple is too smart to associate with that firm by quoting them.

[mainstreetmark]

Quote:

Originally Posted by nagromme

There WILL be a nasty OS X virus one day... nothing like the problems on Windows, but one day we'll have to settle for "Macs have only one virus." Then it will be two, then three... might never reach four, you never know So I agree, Apple ought to hype this while they can still say ZERO!

I disagree.

As soon as it's well known that there are no viruses, hackers will be falling over each other to crack the system first. I like the idea that we're not a target.

[nagromme]

We're already a target. Macs are worth extra points in cracking contests, and used by some high-profile organizations like the US Army and Navy, NASA, large corporations, schools, superclusters, ad agencies, movie companies, etc. Plus the sheer challenge of it is worth something to the kind of cracker who would pose a real threat. Think of the "fame" of being the first to make a Mac OS X virus! Plus many people already hate Apple and Mac users--not as many as hate MS, but still, it's not hard to find a Mac-hater out there.

And that kind of cracker ALREADY knows OS X has never been compromised. An Apple ad campaign wouldn't tell them anything new.

It would add some "fame" to the accomplishment, that's all. But the people who would appreciate the achievement ALSO already know the challenge is there.

So if we're already a target, I don't mind Apple making us a slightly bigger one--if platform growth AND closing a few loopholes are the result.

It's not like Apple can prevent OS X from EVER being attacked successfully. No OS is perfect.

[Savage Henry]

Quote:

Originally Posted by mainstreetmark

As soon as it's well known that there are no viruses, hackers will be falling over each other to crack the system first. I like the idea that we're not a target.

A sentiment I entirely share, sir. Even if that rogue hacker achieves the state of nirvana from cracking the OS X barrier, I'd still prefer it to be considered an insignificant blip that gets by and large ignored until the shining knights at Apple plug the gap.

Small target is good, and keeps me sleeping easy at nights.

[TomSmithMacEd]

It would be a stupid idea to make an ad campign saying there are no viruses on OS X, that is just stupid. When those ads would come out there would be so many hackers trying to hack Mac Os, which they could do. They do it to make a huge impact, if they could ruin a whole ad campign, they would do it.

[dlfitch]

Quote:

Originally Posted by TomSmithMacEd

It would be a stupid idea to make an ad campign saying there are no viruses on OS X, that is just stupid. When those ads would come out there would be so many hackers trying to hack Mac Os, which they could do. They do it to make a huge impact, if they could ruin a whole ad campign, they would do it.

No way, all the serious hackers and virus- writers are in Korea and Germany and places far from the reach of American advertising...

[marquitin]

Quote:

Originally Posted by TomSmithMacEd

It would be a stupid idea to make an ad campign saying there are no viruses on OS X, that is just stupid. When those ads would come out there would be so many hackers trying to hack Mac Os, which they could do. They do it to make a huge impact, if they could ruin a whole ad campign, they would do it.

Relative safety v absolute safety. It _would_ be stupid to say anything about any OS in absolute terms. But that is not the issue here. It's letting the uninformed know that there is currently a much safer, less frustrating option available and that, in addition, it is the best available OS currently on the market.