Security Bytes

May 7 2007   3:33PM GMT

Are Macs or Windows PCs more secure? Yes.



Posted by: David Schneier
Tags:
Application Security
Platform Security

I had an interesting conversation the other day with Dino Dai Zovi, the researcher who discovered the QuickTime for Java vulnerability that Shane Macaulay used to take control of a Mac at the CanSecWest conference last month. Macaulay got the MacBook Pro that the show’s organizers put up as a prize, and most of the press attention. But Dai Zovi got the $10,000 bounty from TippingPoint’s Zero Day Initiative and he’s done enough research on both Macs and Windows machines to have put some thought into the whole Mac versus Windows security debate. A lot has been made about Macs being inherently more secure than Windows-based PCs, but Dai Zovi said the question of which OS is more secure really misses the point.

“Gauging how secure something is, is difficult to establish,” he said. “If people were looking, there would be more vulnerabilities discovered [in Apple products]. In general Apple’s making good decisions related to security architecture. Do I buy into the Apple is more secure thing? Not so much. Apple’s authentication infrastructure is better-engineered than UAC. It’s less obtrusive. But there are plenty of implementation flaws to be found. Any third-party application is bound to be the weakest link.”

That may not sit well with the Mac faithful, but Dai Zovi, a former @stake researcher and co-author of a new book called “The Art of Software Security Testing”, knows whereof he speaks. The lesson, it would seem, is if you’re looking for computers to p0wn, forget the OS and go after the apps.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: