Until now, the general consensus has always been that Microsoft Windows is a hacker’s paradise and the Apple OS is more secure.
Apple’s push about security may no longer the case, as is shown by this article from ZDNet in their interview with Charlie Miller, 2009’s winner of the Pwn2Own contest.
Here’s the quote:
” Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.
With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.
It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.”
For all you people out there that are looking to the Apple Mac systems as an alternative to Microsoft Windows, and use the “it’s safer” argument, you may want to reconsider.
I’m pretty neutral when it comes to Operating Systems and have used Windows, Mac, and Linux. If you are looking to move to a particular system, you want to evaluate it based on what you want it to do for you, not the coolness factor or perceived protection from threats.
As far as protection from hackers goes – more is better and multi-level security is recommended. You want would-be hackers to fight their way through the router, and also your desktop or laptop firewall. In your Windows environment don’t rely on what comes with Windows, get a separate program.