PC vs. Mac in Security: Experts Share Opinions

The eternal debate in the hands of experts, most of whom share the same opinion.

Those notorious "I'm a Mac" TV commercials from Apple always paint the picture that Macs are nearly impervious to malware – but that's not the truth. For the most part, it all comes down to the user base that malicious hackers choose to target.

Regardless, the subject of which platform is more secure – the PC with Windows or the Mac with OS X – is constantly debated by rabid fanboys from both sides.

CNet's Elinor Mills decided to get the experts' opinions on the subject by polling no less than 32 security gurus on his or her take on PC vs. Mac security. Here are a handful of what the experts had to say:

^{Paul Kocher, president and chief scientist at Cryptography Research: "The fair answer is that with the latest versions of each operating system there isn't a compelling security reason to pick one or the other. It used to be that Apple was doing a better job, but with Windows 7 Microsoft has caught up. There are some differences; Windows has a better security ecosystem. On the other hand, Apple tends to have more expensive hardware and has a smaller market share, so it attracts fewer malware writers. Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit."}

^{Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.}

^{"This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."}

^{Rich Mogull, CEO at Securosis: "It depends on which version of Windows we're talking about. Clearly there are major differences between Windows XP and Windows 7. Second is, are we talking about safety versus security? Microsoft has done more in terms of its inherent security features than Apple has in the operating system. All of that said, Microsoft gets attacked a lot more than Apple does. Right now your odds of being infected as a Mac user by malicious software are quite a bit lower than a Windows user, unless you do stupid things, such as download free versions of commercial software. And some of the pornography sites on the Internet, the dark corners of the Internet have stuff that will hurt a Mac.}

^{"But I want to give Microsoft credit because the more advanced features they put into their operating system are superior to what Apple has done. It's really a balance because there's little motivation for Apple to do more at this time. The Mac OS has got some holes in there that Microsoft has closed down. But since it's attacked less there is less motivation for Apple to close the gap."}

^{Tyler Reguly, senior security research engineer at nCircle: "If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down. If you compare Windows 7 to Snow Leopard, then the simple winner is Windows 7. Microsoft brought in teams of security professionals to look at their code and find problems leading to a more secure product while Apple is often criticized for ignoring issues.}

^{"The idea of the consumer being protected due to lack of market share is fairly obtuse, as more people buy into the product and market share grows, targeted attacks will grow as well. You also have to consider that Microsoft has a patch program in place that provides patches and updates on a more regular basis than Apple, this is something that the consumer should care about, as should they care about the plethora of PC security products that exist.}

^{"The big risk is client side attacks and most of that could be prevented by using adequate software on the desktop, along with common sense while surfing. Until consumers can learn to do this on a regular basis it won't matter if they are running a Mac or a PC...they'll be at risk."}

^{Joe Stewart, director of malware research at SecureWorks: "The answer is 'for the average user, at this moment in time it is less risky to use Mac OS than Windows.' The paradox is, by promoting that idea we've just made Macs a little less safe, since we are potentially increasing Apple's market share by a tiny fraction, making it more of a viable target over time. Fundamentally Mac and Windows suffer from the same weakness--human programmers make mistakes and users are easily social-engineered. Whichever platform has the most users is ultimately the riskiest to use."}

^{Graham Cluley, senior technology consultant at Sophos: "They're both mature operating systems from the security point of view, and as good as each other. But, crucially, it's not about the operating system that is being run on the computer, it's the fleshy human sitting in front of it...I would argue that an Apple Mac user wanting to watch the 'Erin Andrews Peephole Video' is just as likely to download a bogus browser plug-in to help them do that, as a Windows user. And it doesn't matter that Mac OS X will ask them to enter their username and password to install the plug-in--they want to watch the video, they will enter their username and password. Social engineering is the unifying threat that puts all computer users at risk, regardless of operating system. And that's what most threats exploit.}

^{"So, the next question is--when people ask me what kind of computer should they buy for home, which one do I recommend? Well, I recommend Apple Macs to my friends. Compared to Windows (where we see 50,000 new malware samples every day) malware for Mac is still a novelty. Mac malware is becoming more common, is in-the-wild, and is financially motivated...You can still get hit--but there are a lot less arrows being thrown at Mac users...I do tell my friends that they should run antivirus on their Macs, just like I do on the Macs my wife and I use at home."}

^{Dino Dai Zovi, independent researcher: "Neither. Consumers should see if Apple's iPad or the forthcoming devices based on Google's Chrome OS suit their needs because both are significantly more secure than any general-purpose desktop system, Linux, Mac, or PC."}

Read the full article here, which includes a response from Microsoft.