For years, the Mac has been touted as a platform less prone to viruses, trojans, malware, and just about any other kind of security risk you can think of. And technically, it’s true. Whenever there’s a dangerous virus floating around the web, the odds are that Mac users have nothing to fear, in large part due to their relatively low marketshare which makes the Mac an unattractive target for ne’er do gooders.
But that doesn’t necessarily mean that the Mac is objectively more secure than Windows. On the contrary, some have likened the Mac to an unlocked house in an abandoned part of town while comparing Windows to a locked up, bars on the windows apartment in the seediest part of town.
Adding their two cents into the discussion is Marc Maiffret, a noted hacker who recently joined an anti-Malware firm called FireEye as their Chief Technological Officer. Speaking to CNET, Maiffret said that Mac users are ignorant about potential computer risks, and that Apple only recently began taking security on OSX more seriously.
“I think Microsoft does a better job with their code auditing than folks like Apple do,” Maiffret explained, “we’ve only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them. There’s nothing inherent with Apple themselves and their development. The only reason Apple gets little increase in security is because they’re running on top of a Unix-based operating system and they can take advantage of some of the things that have been done for them.”
A fair point.
Maiffret’s best line, though, is this gem – “I’m also a Windows Mobile guy and a lot of people think it sucks so it’s like running a Mac desktop–nobody cares.”
But back to security.
Back in May of 2009, Apple hired Ivan Krstic, a computer security expert who previously headed up security architecture for the One Laptop per Child program where he wrote that he was “paid to be paranoid.” It’s unclear exactly what Krstic is working on at Apple, but his approach to security is somewhat unique to the extent that he doesn’t tackle specific types of viruses, but rather quarantines all types of malware inside a virtual OS, keeping them alive but rendering them utterly useless and ineffective.
Also of interest: