Sunday January 29, 2006
Why MacOSX really is more secure than Windows -- a lot more
Non-techie friends keep asking me if MacOSX really is more secure than Windows. "Is it true it really doesn't have viruses?" they ask. It's hard to imagine that Apple is so good that it doesn't have viruses at all, while Microsoft is so bad that it has thousands of them. And, if Apple is so great, why don't people use them? This is like telling them that a college football team could win the NFL -- surely MacOSX isn't that impossibily good. The real story is far more intersting. Read on...
1. People run old versions of Windows that don't automatically run security updates
Microsoft has recently added features to Windows where it will update itself automatically when security fixes come out -- but large numbers of people still run Windows 98, ME, and so on, and don't have this feature, or have versions of Windows that shipped with this feature disabled by default. MacOSX shipped with this feature, so there aren't hoards of MacOSX machines floating around the 'net that are dangerously out of date with security patches.
2. People run versions of Windows with known security problems
New versions of Windows mostly cater to developers. They offer new and better ways to program them using VB and now C#, but all end users ever seem to get is flashier graphics and a re-arranged control panel. New versions of Microsoft don't include the customizations and drivers by OEMs (Dell, Gateway, Toshiba,etc), so if you upgrade, it'll take a lot of work and know-how to get all of the features of your laptop working again. So, Microsoft has a hard time selling end-users new versions of Microsoft. When Apple ships a new version of OSX, they fly off the shelves. When they shipped new versions of the previous MacOS series, 2-9, those flew off the shelves too. If you're ever in a CompUSA after a new MacOS release, you'll know it -- half the people there have a copy under their arm, and usually nothing else. When a new version of Windows comes out, you might see some posters and banner ads, but that's about it. Microsoft often publicly laments about the slow update of their operation systems.
3. People don't install security updates for Windows when they're available
The large numbers and extreme severity of changes needed to make Windows secure relative to the 95/98/NT4 platform necessarily breaks software. Companies and individuals are hesitant to turn on automatic updates or run updates manually out of fear of breaking software, and these fears are well-founded. That's the price of backwards compatability all the way back to DOS.
4. Microsoft Windows' is big tangled mess full of tons of code, a lot of it written before the Internet went mainstream
Microsoft Windows contains vast amounts of legacy code dating back to Windows 3.1 and from versions introduced henceforth. And it was all created in a pretty damn monolithic style. So, not only is project huge and spanning three decades, but the general style it's written and designed in is also outdated. MacOSX, by contrast, was written with far more modern practices for modularization, and it contains far less code that has to be secured. The windowing system is part of the kernel in XP; in OSX, as in all Unix-like systems, is split across numerous processes, each with a specific task, each isolated from most possible errors in each other part. The engineers at Microsoft might be extremely smart, but Windows is extremely hard to work on -- they have to do ten times as much work to accomplish the same thing that similar engineers at Apple can accomplish.
5. Microsoft is extremely successful in a large part because they've ignored security, and they can't and won't stop being who they are
While Windows' reputation is hurting it, it isn't killing it, not by any stretch of the imagination, and Microsoft got where it is today not just by budling and not just by making their own versions of other companies successful products, but by doing so extremely quickly and by adding powerful features at the same time. This is a recipie for disaster.
When Microsoft made Outlook, they thought to themselves, hey, what if you could mail people forms that were little applications and people could see the running application instead of just a plain mail message? Hey, wouldn't it be cool if these little programs could access files on the computer and the address book? But they didn't stop and think that someone might email someone else an email that emailed itself to every email address it could find on the system (which, when it arrived at those other people, would then, again, email itself everyone on *their* systems, and so on). And they certainly didn't think that about a thousand people would think that was really funny and repeat the experiment. And they certainly didn't think that people would take it to the next, and use this feature to turn people's computers into spam-sending zombies, or to use it to install software that steals your credit card numbers and bank information. Microsoft didn't make a small coding error -- they made a huge design error. And they didn't learn their lesson. This wasn't the first or last. Their formula is just send loads of poorly thought out features out into the field and then retract them if they absolutely have to. But retracting them is a process that takes several years, because people don't upgrade Windows, at least not for the most part. At any given time, there are several of these sorts of problems plaguing Windows users and everyone who has to share the Internet with them. But quite often, the features don't cause problems, and people wind up loving them. Microsoft nows thinks features over a little more carefully, but when the question comes down to giving developers and users something really cool but introducing a massive security problem, Microsoft still introduces the feature. It takes their competition years to figure out how to do something similar but in a safe way.
6. When your old computer gets too screwd up, you buy a new one, and it's probably a Windows machine, and Microsoft makes money
Microsoft was charged with sabotaging Windows such that problems with it would compel usrers to upgrade and buy Windows again with their computer. That new version would have all of the old problems fixed but have a fresh batch of new ones. Microsoft list this case in their first anti-trust trial (they've sense lost another one) and was found guilty, despite their armies of lawyers (no, they're not just getting a bad rap). Consulants have a saying: "When you're not part of the solution, there's money to be made in prolonging the problem". Microsoft obviously took this to heart. So, back to the football analogy, Microsoft is, and has been, throwing the game. NT4 was supposed to be a thousand times more secure than 98; 2000 a thousand times more secure than NT4; 2003... XP... now we're hearing the same thing about LongHorn. But each new version turns out, in retrospect, to be as bad as the last.
7. Apple isn't that good either
This needs qualification: they really are that much more secure than Microsoft, but so are a lot of people! Dozens of operating systems have been introduced that are fundamentally, practically, actually, theoretically, and provably more secure than Microsoft Windows -- BeOS (which is very pretty and intuitive, too); Solaris; NeXTStep; Linux; BSD; VMS; OS/2; ... It isn't a matter that Apple is fantastically, unbelivably amazing so much that people don't realize how much better anyone and everyone can do than Microsoft -- even that Microsoft could do than they've chosen to.
Footnote on "newer, more secure versions of Windows": Of course, new versions of Windows aren't fundamentally secure (everyone who works in computer security knows that security can't be bolted on), but new versions at least fix known problems and take practical measures while at the same time unleashing piles of new, untested code that's certain to contain other vulnerabilities. New versions of OSX aren't more fundamentally secure. New versions of Linux aren't fundamentally more secure. Again, security is designed in or else it's just a patch on a flat tire.
As to why people don't use Apple: ignorance about MS-Office for the Mac, and fear that you won't be able to "talk" to Windows users, and that you'll be cut off from society. Games -- all of the hot games are for PC. Maybe some also come out for the Mac eventually, but for many, even the slightest chance of being left out makes it not worth while. Vender options -- if you buy a Mac, you're buying it from Apple. On PC hardware, you can decide that you like Dell, or Panasonic (ToughBooks rock!), or AlienWare. And that's not just a matter of personal taste -- some machines are ultra-light portables, under two pounds (the OQO is under one pound and runs XP!). Some are MIL spec water resistant, shock resistant, and rugged. Some have 1000 watt power supplies.
But people don't buy Apple for security -- despite what Microsoft will have you believe. And they don't buy it for how it'll fit into their life -- that's just as big of a joke. If Microsoft were to advertise the real reasons people buy Windows, well, people would be offended.
Not to start a flame war here, but screw you and the operating system you "surfed" in on.