Thursday, March 10, 2011

All You Mac Lovers Who Think Macs Have Bulletproof Security...

...think again.  Conventional wisdom says that Microsoft Windows has the weakest security because Microsoft is always pushing out security updates, and essentially every major security breach that actually hits the news is related to Windows.  While it's true that the software giant has plenty of issues, it's not nearly so clear that they're the weakest of the bunch.  Allow me to demonstrate.

Every year at a gathering of security experts and hackers called Pwn2Own (pronounced "pone to own"*), various hardware and software platforms are tested to see just how secure they really are.  I believe that the standard prize for successfully hacking your way in is a chunk of cash and keeping the hardware that was hacked in exchange for revealing how you did it.  It's really a nice setup, and everyone wins in the end - the hacker gets a significant prize, the manufacturer learns how to plug some critical holes, and the consumer world gets a better product.

Anyway, back to the Mac misconception.  In the 2008 contest, a fully patched Macbook Air running Safari was the first machine/browser to be hacked on the second day of the contest.  In 2009, another fully patched Macbook running Safari was the first machine/browser hacked...but this time it took just a few seconds.  Last year's contest saw this:

Two security researchers succeeded in exploiting a fully-updated iPhone 3GS in a matter of seconds--the first time the iPhone 2.0 has been hacked . Charlie Miller, famous for compromising a fully-patched Macbook the past two years, succeeded once again in hacking the Macbook to take the Pwn2Own prize.

Clearly, this is a trend, and Apple's products regularly have weaker security than their Windows counterparts (both IE and Firefox lasted longer each year).  So where is this misconception that Macs are more secure coming from?


No, seriously.  If you look at market share, Microsoft Windows has roughly 90% saturation, with Macs coming in at a piddly 5%.  People think Macs are secure because they're irrelevant.  There are so few of them on the market that it's simply not worth the time and effort for hackers to bother with.

Do Macs have some benefits and strong points?  Sure.  Should people continue to buy Macs?  Personally, I don't believe there is anything a Mac can do that a Windows machine can't, and Macs really suffer from a nasty combination of inflated pricing and too few choices...but if you want to buy a Mac, go for it.  Just don't fool yourself into thinking that simply having a Mac will keep you safe.  The bottom line is that all platforms and browsers have their weaknesses, and a smart consumer will take additional steps to protect their own security.

Of course, Google's new Chrome browser seems to be bulletproof so far in this year's contest...we'll see how that turns out.

*side note: if you're wondering where the word pwn ("pone") came from, it was the result of gamers gloating over the digital carcass of their vanquished foes by mis-typing "i own you" as "i pwn you".  Rather than learn how to type, the gamer crowd simply decided this was devilishly cool, thus the word pwn was born.

No comments:

Post a Comment