You Were Saying, Bill?
Bill Gates said of the Mac OS in a Newsweek interview:
Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine.
What Gates was referring to was the MOAB, or “Month of Apple Bugs,” an attack on Mac security taken by people who are obviously irritated and annoyed by claims of superior Mac security.
Of course, that claim is not nearly as bad as Gates makes it out to be. First of all, it was kept up for one month only–not every day of every year. They clearly planned for a month because they found 31 bugs, not 365 in a year. Second, not all the bugs were Apple’s–only 22 or 23 of the 31 presented dealt with software created by Apple, the rest were 3rd-party bugs. And finally, Gates wildly exaggerated their seriousness when he claimed that each of these “daily” bugs could “totally” take over the machine. In fact, most were not nearly as caustic, causing instead local shutdowns of specific apps like Safari. And let’s remember that we still have never seen any of these exploits do much damage if any at all in the wild–whereas Windows exploits have commonly produced massive damage. A friend of mine had to wipe her hard drive and re-install everything–twice–due to viral infections. That has never happened on a Mac.
But what about Gate’s challenge for his own OS? “I dare anybody to do that once a month on the Windows machine.” Well, it’s already happened. With Vista, no less, which has only been widely released for a week or two now, and was heralded by Gates as being the most secure OS ever. First, we saw that really embarrassing vulnerability where a sound file could start hacking into the system. And now there are reports of far more serious hacks, including a work-around of one of Vista’s most-ballyhooed security improvements, one that limits administrative access:
Russian hackers posted instructions to an underground forum describing how to implement “privilege escalation,” which could bypass some Vista security measures. This hack could escalate the “privileges” of a normal Vista user into that of a “superuser,” allowing him to change anything he desired on the system. This would be particularly dangerous in a corporate environment where normal computer users have limited privileges, in that they cannot install programs, visit certain Web sites, etc. This threat is considered so serious that Microsoft has scrambled its “Security Response Center,” which is ostensibly still trying to figure out what to do.
So, it looks like we have at least two exploits that are at least the equivalent of the MOAB in just one week–and there’s no organization which has had time to stockpile Vista bugs and is now trying to publicize one-a-day Vista exploits. However, there are reports that many more exist.
Case in point: just because your copy of Vista hasn’t been hit yet, don’t feel all warm and fuzzy:
Reports are that, in order to steal as much money as possible, computer criminals are biding their time and building their arsenals, waiting for Vista to be installed on more computers around the world before unleashing their most powerful Vista-busting weapons.
The article reports “ongoing eBay-style black hat hacker auctions where attack programs that can be used to compromise Vista computers are being bought and sold for as much as $50,000.” Certainly, it will be interesting to see if Leopard can be hacked this much this soon after its official release.
The Norman Transcript Report ends with a quote from “very irritated and frustrated Vista early adopter”: “I should have bought a Mac.”
How much of the work that’s done finding holes in the Windows platform is because by finding a way in, you get into so many more computers?
In other words, isn’t it safe to say that there’d be a lot more effort against Mac OS if it were more commonly used?
Paul
Seattle, WA
Paul:
How much of the work that’s done finding holes in the Windows platform is because by finding a way in, you get into so many more computers? Some, but by no means all. Some hackers do what they do to steal or do the greatest damage, but for a lot of hackers, it’s about ego. And the first hacker who can create a piece of malware that seriously does some kind of damage to more than one or two Mac users will get huge props within the community. You hack Windows, you’re among serious competition and can easily get lost in the crowd. You hack the Mac, and you become an instant celebrity, with worldwide media attention.
So why has no one done it yet? Remember, it’s based on Unix, which a ton of hackers are more than familiar enough with–in fact, people have been hacking Unix longer than they’ve been hacking Windows.In other words, isn’t it safe to say that there’d be a lot more effort against Mac OS if it were more commonly used?Yes, it is. But it is also safe to say that if equal effort were put into hacking the Mac and hacking Windows, there would be more breaks in Windows security than the Mac’s. The Mac is far from unbreakable, and only the deluded think its unhackable. But it is more inherently secure, and not just because of its obscurity.
However, if its obscurity is another reason why it remains less hacked, I won’t ignore that as yet another reason to get a Mac, while it lasts, and it will last for a while. Just because it’s not more popular doesn’t mean it’s not good, and if not being commonly used is an advantage, why not see it as one?