What makes Apple’s Mac OSX more secure than Microsoft Windows?
According to a pair of security researchers, plenty of factors help Mac security. Among them are technological factors like the kernel that Mac OSX uses. Plus, there advantage of lower market share than Windows, which still makes it a lower-profile target.
During a Black Hat Webcast Thursday, experts laid out the top trends in security, including how security researchers began to focus on Mac security more closely in 2008.
“One of Apple’s best security features is actually their market penetration,” Ioactive security researcher Tiller Beauchamp said. “If you look at the desktop market they’ve got 9 percent market penetration. That makes OSX from a security perspective kind of a small target.”
After all, Beauchamp added, malware writers want the biggest bang for their buck. This means they’re more likely to invest their time in something that will recruit the most number of nodes for a botnet
Security researcher Jesse D’Aguanno with Praetorian Global agreed with Beauchamp that both the perceived security and the market penetration of OSX are great strengths for Apple. Though in his view, that could change over time.
“The perceived security of OSX has always been just that,” D’Aguanno argued. “There have always been issues with just as many issues with the OSX operating system as with other operating system. But it is perceived to be more secure and not as well targeted.”
D’Aguanno thinks that if OSX were to gain more market share, it could be followed by a widespread impacting the OSX.
“There was a time with Windows when personal firewalls were not common and there were a lot more system directly facing the Internet so it was really prime time for worms,” Beauchamp said.
Plus, most systems sit behind NAT
“So if there is going to be a worm I think it’s going to be a worm like a MySpace worm that exploits client side software through a large social network,” Beauchamp said.
A 2008 report on Mac security from Sophos forecast that malware was likely to increasingly target Mac users in the future. Apple released 35 security bulletins in 2008, which was slightly less than the 38 bulletins released by Apple in 2007, Beauchamp added.
Beauchamp and D’Aguanno are hardly strangers when it comes to trying to hack Macs. At Black Hat Las Vegas 2008, D’Aguanno released a MAC OS X rootkit called Irk . For his part, Beauchamp stayed busy in 2008 building a Dtrace based tool for offensive and defensive security operations on a Mac. Sun originally developed Dtrace to help monitor functions on the Solaris operating system. The Mac security version is called Re:Trace.
In response to a question from InternetNews.com, Beauchamp admitted that he hasn’t updated the Re:Trace tool all that much since the summer.
“It’s one of those things where as time allows I get to work on it and you know how that goes,” Beauchamp candidly stated. “I’m really looking at the tool as still in the proof of concept phase and it needs to be more robust.”