,

Apple Security Under Attack: The View from Windows

,

        "One has to ask that without regard to the reported statistics from a Windows security expert that OS X has more vulnerabilities than Windows, why is it that there are more successful attacks on Windows than on a Mac?"  It's John Carter catching our attention first thing this morning.  He declares, "Keeping the Mac world informed by staying up late."
        Now, John gets down to the facts.  "The game is about numbers. There are more Windows machines that can virtually provide a greater return on successful attacks. Suppose the ratio of Windows to OS X is 80 to 1. If there are 1000 Macs to be hacked then there must be 80,000 Windows to be hacked. Let’s assume that the vulnerability ratio is reversed, that OS X has 80 times the vulnerability of Windows. To put it in virtual numbers, OS X has 80 ways to be attacked and Windows has only 1. Let’s say that for every successful attack on any machine you earn $1 as a reward. No matter how many ways you attack a machine, once it is attacked you get $1 and the machine is shut down - nothing more to be gained. Attacking all Macs earns you a maximum of $1000. There are 80,000 Windows, therefore you can earn $80,000 by shutting down all those machines. Let’s also assume that each time you successfully attack a machine, an update closes that door but the next day you find another one has taken its place. This means that every day you can earn either $80,000 or $1,000 or both. Which one would you go after, and would you bother trying for the additional $1,000 if the effort to do so was the same for both?
       "In terms of rewards, the number of vulnerabilities doesn’t matter. What matters is how much of a return you can get on the number of attacks you attempt.
        "Most big businesses are using Unix as their primary interface to the world, and once you get into a big business the return on your investment is greater depending on whether you want to shut the business down temporarily or acquire its secrets. OS X is based on Unix, therefore the vulnerability of Unix machines, by definition, is as great as that for the Mac. And since big business offers a greater reward on successful attacks, they are a better target than personal Macs.
        John goes on to explain in detail, "Even if every Mac is shut down, the number is still far less than if every Windows machine is shut down. Still, 100 percent is the same regardless of the actual numbers involved. But remember, the game is about numbers, not percentages. In a given day, if 60 of the 1000 Macs were hacked and 60 of the 80,000 Windows were hacked, percentages would tell you that Windows is safer. The hackers don’t care - they got what they went after, and there are greater numbers offering greater rewards to go after Windows and big business.
         "If you want to know how many attempts are being made every day on your computer (hackers trying to find a way in), there are tools for that. You can keep hackers from getting into your computer with the right tools, but only you can prevent your fingers from clicking on the wrong link. If you have a Mac, the chances of getting a virus that way are far slimmer than if you have Windows.
        "So let’s say that a hacker does get into your Mac. He does a quick survey and finds your address book, your email, your passwords, and your financial files. Pretty good. Maybe. One way to protect yourself against this kind of robbery is to encrypt the folders that contain your address book, your email, your passwords, and your financial files. You should use a different password than your login password to access the encrypted files, and do not put the encryption key anywhere on the computer - but on a piece of paper filed away in your desk. If the encryption key is strong enough, the only real damage the thief can do is wipe your computer clean. But you have a clone to restore from, don’t you? Another possibility is that the thief can install an app to capture your key strokes and hope that you won’t find it. This is called spyware. To date, there are only two known spyware apps for the Mac (to my knowledge), and the chances of getting them are rare, and I suspect the only reports about them are just from a company that wants to sell you their anti-virus/spyware program.
        "For a run-down on the ways you can protect your Mac, read this. You might even want to go a bit deeper in protecting your Mac by reading this."
        And, now the grand finale from John, "My conclusion is you are safer owning a Mac than owning Windows even if you do none of the tips described above."