A Lot of Problems in Mac OS X Security Compared to Windows Says Security Expert

Attacks on Mac OS X to increase, shifting away from Windows

By on 9 Aug 2010, 15:18 GMT
Attacks on Mac OS X will increase, as the threat landscape will shift away from Windows and focus on platforms that have a smaller market share, believes one of the top security experts from AVAST Software. In a recent interview with Softpedia, Ondrej Vlcek CTO AVAST Software, noted that although Mac OS X continues to be a minor player on the OS market, its continuous growth over the past years is also bound to attract increased attention from attackers.

“I think we will be seeing more and more attacks towards Mac. Of course, it's still a minor platform in terms of market share, currently estimated to be between 6% and 7%, compared to something like 92% or 93% for Windows. For attackers it's much easier to focus on 90+%, but that's changing; the market share is growing all the time,” Vlcek said.

More importantly, Vlcek noted that Apple has some issues in the way it deals with the security of Mac OS X. Essentially, AVAST’s CTO revealed that Apple is now where Microsoft used to be a decade ago in terms of how the Cupertino-based company tackles vulnerabilities.

“And also as the platform is getting more popular it's quite evident that there are a lot problems in the security of the Mac OS in general. What I mean is that Apple's approach towards security vulnerabilities is not very fortunate. It somehow reminds me of Microsoft's style from maybe eight, ten years ago,” he added.

Microsoft currently releases patches for Windows and a range of other products in accordance with a fixed, monthly schedule. When it's necessary, the company also releases out of band security updates, resolving vulnerabilities outside of the normal patch cycle.

In contrast, Apple simply lets vulnerabilities pile up, and releases patches somewhat randomly, whenever it considers them to be necessary, but without adhering to a schedule. Microsoft indeed used a similar approach in the past, but it has since then moved to monthly patch releases, a move which was catalyzed by feedback from customers which wanted structure for the company’s security bulletin releases.

Vlcek also noted that the sheer number of vulnerabilities in a piece of software is not a relevant measure of that’s product’s security. “I'm not a big fan of the total numbers. I don't think they are very indicative. I mean, I just don't think comparing that Mac had 127, while Windows 156 is completely fair. You cannot compare the absolute numbers, because the severity of the vulnerabilities can be very different. And even if you somehow manage to count in the severity aspect and look for high criticality, their global impact may be very different as well,” he said.

“So, the total number isn't that important. But Windows has undergone huge scrutiny from all researchers in the world. During the last years, basically all security researchers focused on Windows and the browsers. Apple and Mac OS were sort of left aside. I think it's really only a matter of time until those people turn their attention towards the minor platforms, or maybe they'll no longer be minor then, and at that point I assume you'll see many more problems on these Oss,” Vlcek added.

Follow me on Twitter @MariusOiaga.

6 Comments