While no computer system will ever be secure in absolute terms, analyzing which routes toward security the two major consumer operating system vendors have taken, ought to provide some valuable insight as to why so many of us are staunch advocates of the Mac platform, and most specifically Mac OS X.
Security works in layers. From protecting a computer from other networked computers to protecting it from end-users, security quickly becomes one deeply layered onion.
Disabling ALL Network Services on a Default Installation
Since 2001 and the rampant spread of CodeRed and Nimda, one would have hoped Microsoft would have had the forethought to learn from their past mistakes and establish the first very basic layer of security for an end-user, regular consumer‘s desktop operating system: ensure all listening network services are turned-off on a default installation of their operating system. The vast majority of computer users unwrap their computer, plug it into their broadband modem and turn it on. Back in 2001, the whole concept of “always-on, broadband connectivity” was not exactly new. It had been around for a couple of years. Jump forward to 2004, until Service Pack 2 came out you could still buy a windows XP machine, plug it into an unprotected network and get infected by Sasser within seconds. How bad was it? Do a google search for “Surviving the First Day“. I’m having a hard time understanding why people were not infuriated by this. I can understand the challenges of establishing more complex layers of security surrounding user interaction, but for crying out loud, you wanna talk about an easy fix, a low-hanging fruit, the simplest, yet strongest first line of defense from worms? There is not a single consumer windows user out there who has had any need for services that were enabled by default on their operating system, WHY THE HECK were they ever enabled? How hard was it to just say “oops, we’d better turn that off by default”.
Contrast that with Apple’s Mac OS X. Through today, ever since its early beta releases in early 2000, no port has ever been turned-on on a default installation of Mac OS X. Flaws will continue to be found in various services, this holds true for all operating systems, but if those services are not running, you won’t get infected through them. It’s that simple.
Provided you’ve got this basic layer covered, infecting a networked end-user computer becomes a challenge greater by many orders of magnitude: It will require the help of the user of that computer.
Protecting the Computer from its Users
To this day, a consumer is all-too-often instructed to upgrade their Windows operating system by pointing their Internet Explorer web browser to http://windowsupdate.microsoft.com/. From this point, the web browser takes a life of its own, scours your hard drive for existing software and offers you a list of updates to install, at which point you are allowed to pick which packages you wish to install. The entire update process happens inside the web browser. No I didn’t download a piece of software which I subsequently saved to my desktop, before making the conscious decision to “double-click” an installer. Nor did I run some dedicated “Software Update” agent. I just a hit a website with the web browser, and it started instantly “doing things to my computer”, and somehow, I am taught “to be okay with that”. Microsoft has slightly improved this process by introducing an “update agent” that runs in the background in one of its past security updates. While a step in the right direction, the windowsupdate.microsoft.com site still exists, is linked from many places, and will still lean on the web browser to perform the system update.
How is a mere web browser able to take-over our Windows operating system?
Through the implementation of their “ActiveX” technology, Microsoft has blurred the line between “web browsing” and “running applications”. They’ve implemented a “certificate system”, whereby no website could arbitrarily do things to your computer without your prior, conscious consent. Here’s the big problem though: While conscious, this consent remains uneducated. The vast majority of internet consumers are grossly uneducated about the possibly dire consequences of clicking “Yes” to an ActiveX dialog prompt. After all, they remember doing something very similar when updating their operating system, why should they not allow this “very cool screen saver” to install itself? As far as they can tell, all they’re doing is browsing the web, how should THAT hurt their computer? Screen savers are just images, they should be harmless right? No matter how hard we try, we will not get users to understand that they can hurt their computer by simply interacting with a web page.
This results in consumers clobbering-up their systems with spyware, adware and various forms of “malware”, calling their Internet Service Provider’s technical support complaining about what they perceive as a lousy service, when in fact, they are victims of their own uneducated lust for “free stuff”.
Microsoft Windows does not exactly help protect a computer from its user.
On the other hand, Mac OS X’s web browser, Safari, does not enable websites to attempt to modify the operating system, or install components or applications. System updates are performed via an automated, enabled-by-default, separate, Software Update Application, which warns the user about available updates, and offers to trigger the installation. This mechanism is part of its own user-interface: While updates are downloaded, it is very clear to the user that what they are doing is not in any way related to web browsing.
Philosphies: Unix and Open-Source, Application Security
Defining very precise rules under which a given application may be executed and creating a protected environment for this application’s execution have been at the core architecture of Unix-based operating systems, which were designed, from the ground-up, as multi-user environments. Those systems have had decades to mature, and Mac OS X inherits its core architecture from them. The Open-Source movement, with which Apple has had a healthy symbiotic relationship, further promotes the accelerated maturation of software through transparency.