Tuesday, March 23, 2010

OS X: Safer but less secure than Windows for now

Darren Murph at Endgadget reports that Charlie Miller is going to expose 20 zero day exploits for OS X at the upcoming CanSecWest. Mr. Miller has been exposing holes in OS X for years, and has twice won the PWN 2 OWN hacker contest by taking control of Apple computers. A third time he took control of an iPhone.

A zero day exploit is a piece of malware that takes advantage of a vulnerability that is not generally known, so there are no patches, updates, or workarounds to keep it from being used. Unless the person who discovers the zero day exploit informs the creators of the software being exploited the vulnerability probably won’t patched until after someone writes some type of malware that takes advantage of the exploit.

If you, like me, are a big fan of Apple Macs, you know that Apple likes to tout the security of OS X and the Mac. If you are an honest Mac user you realize that OS X has vulnerabilities. Some have even been exploited, if not very successfully.

Charlie Miller is very good at what he does – find security holes so they can be patched before the bad guys can take advantage of them. His years of work in computer security have given him a good perspective on the state of Mac security vs Windows security, and that insight produced one of my favorite quotes on the subject:

“Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”

In other words, Macs are safer, because there aren’t that many people trying to break into them. Windows computers are more secure because the security holes are constantly being patched. As much as I wish it weren’t so, the analogy works. Hopefully Apple is working to change that.