This article is complete nonsense. NT was designed from the ground up as a "real" operating system by Dave Cutler, the man responsible for VMS, a which has a well-deserved reputation as a rock-solid OS. Unix having networking built in from the start (even tho', umm, it actually didn't) didn't stop many exploits against Sendmail for example. Windows has a registry doesn't mean anything either; so does AIX to all intents and purposes...
The vulnerability of Windows is more cultural than technological. The reason it's easy to attack Outlook is that MS intended it to be easily scriptable so you could build workflow applications on top of Exchange/Outlook (to compete with Lotus Notes). It didn't occur to them that anyone would abuse this.
Was that naive of them? Perhaps. But then again, no more naive than the Unix approach of root being the absolute superuser; in NT you can create files that the superuser can backup to tape but not read themselves, which is very necessary in many scenarios. It's interesting to note that many Unixen have adopted ACLs and privilege separation; NT certain didn't invent these, but it did bring them into the mainstream.
windows NT may have been "designed from the ground up as a 'real' operating system," but then Microsoft went and added a bunch of stuff to it that's necessary to run old Windows 3.0 apps. So all that hardening doesn't count for much.
The main problems here are the deep hooks into the OS that Windows Explorer and Internet Explorer (and all software that requires parts of both to function) had built into them.
The other problem is that far too much of the system runs as "system". I read this has improved a lot in the 2003 and 2008 server editions. But most of it was improved by having additional software bolted on top of the holes instead of just getting rid of them.
What absolute nonsense. Microsoft has spent more money on source code audit, software pentesting, and SDLC than any other four of the top 10 ISVs combined. All they do is find and remove holes.
Find one credible professional security person --- almost all of whom run OSX and Linux, by the way --- that thinks you're right, and MSFT is just bolting security on.
A "professional security person" running OSX or Linux would seem to say something about the security of Windows and how Microsoft practices security, or at least the perception of it.
I'm just pointing out an oddity in your choice to point out what security professionals use. There would have been nothing odd if you had decided not to list their OS choices.
It's definitely a lot more fun to code security tools on Unix than on Windows --- though I'm having a lot of luck with Ruby on Windows for debugging and anti-reversing work.
You're right, it is odd. But it's not a testament to Windows security. If security is what counted, we'd be using Linux or FreeBSD. We're not; we're using an OS that ships with SUIDs that run commands as root for you. We use it because we like it.
No, we'd be using MVS, VMS, Nonstop, and their competition, not UNIX or Linux if security were important enough to us... or at least those of us who are well-informed enough to know the difference.
that's pretty rich, coming from the MASTER of cheap shots. you can't tell people that their arguments are "absolute nonsense" and expect to have a nice, reasonable conversation with them.
your posting history indicates you might have something interesting to contribute, but you really need to work on your manners.
Couldn't agree more. His point #3, about IE being integrated "deep" into OS is absurd: IE isn't integrated into anything, in fact IE is just two DLLs, which allows them to "merge" iexplore.exe and explorer.exe, very similar to how conqueror works on KDE.
Even windows registry, the source of many issues, has nothing to do with security, since critical portions of it are read-only to a non-privileged user.
Try deleting iexplore.exe on windows xp. Then reboot and go delete it again. It might not be "integrated" into windows, but its hard to get rid of without modifying an XP install cd.
This feature has nothing to do with IE. It's called something like "system file protection" (can't recall exact term).
Nearly everything in System32 is protected by this: Windows keeps shadow copies of those files: their attempt at fixing "default administrator" legacy - how else can OS protect itself if installed on FAT32?
(osx market share) * (percentage of clueless osx users)
is much, much smaller than
(windows market share) * (percentage of clueless windows users)
Each of those factors individually might not make OSX sufficiently uninteresting, but in combination it's probably just not worth it.
Once that ratio drops below ~1:10 we might start seeing more OSX malware.
I don't know enough about OSX internals to judge on its technical security precautions, but beyond a certain point, the user becomes the weakest link. I think that even Windows has crossed that stage by now. Remote exploits are becoming rare, and even browser exploits increasingly require some user interaction.
I did some tests on XP a few years ago, to see how bad it was. I ran no anti-virus, no firewall, no anti-spyware, nothing. Used the system carefully for over 4 months with no problems. Web browsing, web development and bittorrent. Normal stuff.
So I can safely say, while windows has its downfalls, I think 90% of the time the problem is down to the end user.
(though obviously its a nice extra layer of protection)
i had a friend once who was describing symptoms that sounded a lot like her windows computer had been compromised and was busy sending spam to other windows users. i told her various things she could do about it, all which she described as "too much trouble." she lives too far away for me to fix it myself.
It is complete nonsense indeed. There is not technical reason for virussen not to exist.
1. Most if not all Mac users are in the admin group. Meaning they (or a virus or trojan running under their account) can modify for example /Applications/Mail.app without any warnings.
2. Mac users, like Windows users, download and run both legal and illegal software. They also love to share software.
3. Infecting UNIX binaries is extremely simple. Proof of concept virus can probably be written in two pages of C.
This cocktail of user behaviour and a easily exploitable system makes it extremely easy to spread virusses or trojans.
Why it is not happening? No idea. It could very well be market share.
1. OS X is a single-user operating environment. More importantly, anything you or a virus cares about bears your UID.
2. The clock on software security started with 8LGM in 1994, not with the advent of networking.
3. IE bears approximately the same relationship to Win32 as WebKit bears to OS X.
4. Almost every OS X user runs in group "Admin". See reason 1.
5. Microsoft's "backwards compatibility mantra" bears the same relationship to Win32 security as the Carbon libraries do with Apple security, and many Apple developers came to Unix directly from OS9. Google "chargen ARDAgent".
6. What Windows calls a "registry" Apple calls "Library/Application Support" "Library/Preferences". Both are tree structured opaque configuration repositories. Google "chargen input managers".
7. Google "Vista UAC". People hate this feature, and it doesn't work.
The reason there are fewer viruses on OS X than there are on Windows is that you will make far more money targeting the large market than the big one. What rational malware author would ever target OS X?
zs-macbook-pro:~ Zach$ sudo touch bar.foo
# normally it asks for password here. I used sudo earlier to rm -rf
# something in /usr/local so it didn't ask this time.>
zs-macbook-pro:~ Zach$ ls -la bar.foo
-rw-r--r-- 1 root staff 0 Jul 20 18:36 bar.foo
No, they're just in ALL=(ALL) sudoers. You're right; it's not NOPASSWD by default. Until very recently, that was trivially evadable with InputManagers.
Not that it matters. I don't want to perpetuate the myth that root really helps you against malware. If you can bind a socket, you can propagate. If you can read a file I own, you can get my bank account and mail. Game over.
It is just very hard to secure a desktop OS against its own users.
SSL and generic encryption primitives are built in to Windows, and the libraries that implement them (schannel, etc) have been audited by people who have, among other things, published RSA breaks.
Microsoft pioneered randomization. OS X just recently attempted to introduce ASLR, as a catch-up measure to Microsoft, and failed badly.
The evidence you've presented is easily refuted, and so your arguments won't carry.
Well the fact they're easily refuted shows how much i use windows in daily bases (almost 0%)
my guess (based on rumors) is that even though ms implements those security measures, she leaves some weaknesses open intentionally (sony rootkit came to mind)
actually i was thinking more about OpenBSD instead of OSX and clump them together as unix
but you haven't refuted my main point: if popularity plays a role THAT much, then why unix servers (more popular, more secure, more powerful, more damaging) are less compromised?
Well, let's turn that around. In the years from 1995 through 1998, Windows security was black magic both to defenders and attackers --- Win32 attacks didn't really mainstream until Solar Designer and Matt Conover broke the story on how to exploit overflows in the heap.
During the same time period, Unix systems --- and particularly SunOS/Solaris --- were positively riddled with trivially exploitable stack overflows. Number of Solaris worms and viruses during that time period? Zero.
I'm sort of digressing, but, can you come up with a logic that explains why OS X virus scarcity is about the intrinsic security of OS X and still describes the '90s?
I don't think malware prevalance has much to do with intrinsic OS security at all.
Also: smart not to lump OS X in with other Unixes. OS X has a very different, much more difficult challenge to deal with than server Linux.
UNIX was designed for collaboration rather than security. The permissions, the (originally) open password file, sticky bits... it was full of security holes. Big ones. The engineers closed those holes after the fact when the internet started opening UNIX machines to the outside world.
NT actually has an enormous edge on security because of its roots in VMS rather than in UNIX, since as gaius pointed out, VMS places far more of an emphasis on security than UNIX did until the internet made it necessary.
Virus's require critical density in order to spread.
The same way the flu runs rampant through crowded urban areas today, viruses only spread quickly when there's enough computers for them to infect.
The lack of standard issue malware is probably due to better (although not perfect) security, and lack of economic incentives due to lower market share.
I think that article only goes so support my assertion. He is basically saying that the reason there is none is because people that use MACs don't put up with it. Well eventually when MAC starts making in-roads in the lower end of the market it's like a bunch of criminals moving into the neighborhood.
Maybe it's a little harder to write malware for the MAC maybe not but there will be a point when the additional difficulty doesn't out weigh the profit that could be gained and at that point people will focus more effort on it. It's just like the energy problem people didn't get really serious about it until oil got really expensive.
Not to mention that there is all sorts of stuff in the /Library folder and it might as well be as good a place to hide as the registry.
gruber wrote that essay in 2004. in those days, it seemed like the mac would always be the niche computer for special snowflakes. now it's more popular than anyone could have imagined. so it seems entirely likely that the platform will eventually get its share of uninformed, indifferent users.
For Gruber's argument to be true, there would need to be "peak oil" for Win32 malware: a point where the criminal value of those 88% of all desktops decreased because of all the competition. Then malware authors would address the 11% of OS X machines.
But there isn't "peak oil" for Win32 malware. Your odds of success with a new Windows bot or trojan or virus are as good as anyone else's. No matter what you do, you'll get more candidates than you would targeting Apple. There is no point at which targeting Apple becomes a rational business decision.
i can think of some reasons. if you could compromise a macosx machine, your trojan wouldn't have to fight for internet bandwidth and cpu time against all the other installed trojans, as is the case on a windows box. i've heard that there are windows trojans that seek out and disable antivirus programs: well, there's no need for that on a macosx box, because mac users never install antivirus programs. and so on.
in other words, there are all the same good reasons as going into any new field with few or no competitors.
Trojans disable antivirus programs as an F-U to antivirus vendors. There are two kinds of malware authors: the people who do it for fun, and see themselves in competition with the security vendors, and the people who do it for money.
The people who do it for money couldn't give 2 shits about any of this. But they're supplied by a market of malware arms dealers who are in feature-for-feature competition with each other.
As for the bandwidth thing, that just doesn't make any sense. Everything is in competition for bandwidth with everything else.
Look, Allen, I could be wrong, but I don't think your arguments are very good, and I'm not going to pretend they are just to save your feelings.
Antivirus programs are corporate standards in every Fortune 500 company. And yet those companies are rife with botnet infections and, yes, viruses. From a CS perspective, antivirus simply cannot work: you'd have to solve the halting problem to do it. Consumer Reports contracted ISE (Avi Rubin's company, a competitor of ours) to test AV software and found that none of it was effective against the simplest permutations of existing viruses.
AV software is not the reason Macs have fewer viruses than Windows.
I disagree that there is no good place to hide malware on Mac (or other UNIX-based) systems. For example, what if I replace the C library's printf call with a routine that checks if some condition is met, and if so, launches an ad popup. It would make the calling program look like it is the malware, and it would be difficult to remove.
The vulnerability of Windows is more cultural than technological. The reason it's easy to attack Outlook is that MS intended it to be easily scriptable so you could build workflow applications on top of Exchange/Outlook (to compete with Lotus Notes). It didn't occur to them that anyone would abuse this.
Was that naive of them? Perhaps. But then again, no more naive than the Unix approach of root being the absolute superuser; in NT you can create files that the superuser can backup to tape but not read themselves, which is very necessary in many scenarios. It's interesting to note that many Unixen have adopted ACLs and privilege separation; NT certain didn't invent these, but it did bring them into the mainstream.