Mac and UNIX security

You often hear Mac and Linux people going on about how their operating system doesn't suffer from viruses and malware. They claim it's because their OS is inherently more secure. The Windows people then retort that the real reason is that hardly anybody uses MacOS or Linux, so the hackers just don't put much effort into it. A huge flamewar then ensues, in which very few of the participants actually know what they're talking about.

I read an InfoWorld blog on this very topic today. While I found it largely unremarkable, I did take issue with one passage.

The difference isn't market share, it's the foundation of the operating systems. Given that most virus authors and hackers are in it for the ego, don't you think that there would be a huge incentive to be the first one to write a widespread OS X, Linux, or FreeBSD virus?

There are two problems with this passage. First, there's the claim that "most virus authors and hackers are in it for the ego." That may have been true 10 years ago, but not anymore. These days, many hackers and malware writers are in it for the money. Some of them are even in bed with organized crime. It's not about learning how systems work anymore. Now it's big business.

In light of this, it's just absurd to dismiss the possibility that market share is not an issue. Just look at the numbers. On desktop PCs, Windows has well over 80% market share - probably more like 90%. So if you're trying to build a big botnet, what are you going to target? Windows is generally less secure by default, has more non-technical users, and if you get just 10% of them, that's more systems than if you got every Mac out there. With numbers like that, targeting anything other than Windows is just a waste of time.

Of course, the underlying operating system may have something to do with why Mac and Linux users have fewer security worries. However, it's certainly not the only reason. The default configuration of each system is another big reason - the out-of-the-box Windows configuration has historically been wide-open, while MacOS X and Linux are fairly secure by default. But if we're going to be honest, we can't ignore market share. It may or may not be the primary reason, but to claim it's not an issue is just wishful thinking.

You can reply to this entry by leaving a comment below. You can send TrackBack pings to this URL. This entry accepts Pingbacks from other blogs. You can follow comments on this entry by subscribing to the RSS feed.

Add your comments #

A comment body is required. No HTML code allowed. URLs starting with http:// or ftp:// will be automatically converted to hyperlinks.