At Ars Technica, we are fairly platform-neutral in nature. Many of us own and use multiple platforms as a matter of course, and so we find it somewhat amusing whenever we hear stories involving arguments designed to convince people to “switch” from one platform to another.
Nevertheless, it was somewhat of an event when Sophos, the Abingdon, UK-based antivirus company, released a statement in their latest Security Report that urged people to switch to Apple Macintosh computers. According to the report, “the continued dominance of Windows-based threats has prompted Sophos to suggest that many home users should consider switching to Apple Macs, to shield themselves from the malware onslaught.”
At first glance, it seems incredibly surprising that an antivirus company, one that makes the vast majority of its money selling Windows-based software, would suggest that people switch to another platform, particularly one where its products would no longer be necessary. There are many possible answers to this question, but before we get to them, allow me to don my leather Felhide Cap (+8 Fire Resistance) and look at the statement itself. Is the Macintosh safer, and why?
Clearly, the Macintosh platform has orders of magnitude fewer threats to worry about. Sophos currently tracks 180,292 different viruses, malware, worms, trojans, and spyware written for the Windows platform. Currently the number of threats for OS X can be counted on one hand: there was Opener, a trojan script that when run would install itself in the user’s startup folder and attempt to crack the users’ passwords in the background (technically it could be considered a worm as it attempted to replicate over network shares using a security hole that existed in earlier versions of OS X), and more recently there was Leap-A, a self-propagating (if terribly broken) virus that when run would infect the user’s applications and attempt to spread itself over instant messaging. Neither of these threats spread very far in the Mac world.
Interestingly, Sophos at the time played up the threat of Leap-A, insisting that it presented a real danger. A Sophos representative said that “some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real.” Real it may have been, but for various reasons (including the fact that a bug in the design of the virus meant that infected programs were unable to run) it did not become a serious threat at all, and basically disappeared from “the wild.”
So with approximately five orders of magnitude fewer threats to worry about, clearly OS X represents a safer choice for the end user, assuming that said theoretical user does not utilize any form of virus protection. The reasons for this large disparity in potential threats typically drives endless debate. Many technical reasons are given, such as the fact that OS X ships by default with no open ports (with SP2, Windows now presents a similar face to the world, thanks to the firewall being on by default), the fact that OS X protects system files by disabling the “root” account (the equivalent account in Windows is actually the ‘System’ account, which is not accessible, and Windows File Protection actively prevents system files from being changed), or that OS X’s Unixness somehow prevents viruses from attacking (this last claim is somewhat dubious, given that the first Internet-wide worm in history affected Unix systems, and in fact the term ‘rootkit’ originated on Unix systems, thus the name).
More plausible reasons for the lack of malware involve Internet Explorer’s use of ActiveX controls, which while theoretically useful are typically used by dubious web sites to install spyware. Another likely reason is that it is easier for virus writers to write Windows malware—many viruses are hobbled together from existing virus code in Visual Basic, for example. Windows users are more likely to be running as an Administrator account, which prevents the user from seeing any warning messages before applications make certain changes to the system (Windows Vista will address this concern by making limited user access accounts the default). Virus writers are also much more likely to own Windows machines. Apple’s worldwide market share sits steady at just over 2 percent. While market share alone is not enough to explain a five order of magnitude difference in malware, it no doubt plays an important part.
In the old days, viruses were typically written by bored hackers looking to gain some fame and notoriety. In today’s perpetually plugged-in world, malware has become a serious business, driven primarily by profit. In a report by antivirus company McAfee, the company notes that while the number of serious virus outbreaks has dropped from 48 in 2002 to 12 in 2005, and none so far in 2006, the number of trojans that are involved in setting up spamming and phishing campaigns has increased dramatically. Spam is typically sent from infected machines that are part of a botnet, including some Linux and OS X machines—these infections rely typically on flaws in third-party software, such as PHP, and are thus independent of the operating system they run on. Many of these spam messages are phishing scams, which can be sent to everybody in the world regardless of platform, as they rely solely on social engineering to do their nasty work.
So to sum it all up, is Sophos right? Would most home users be better off, security-wise, with a Macintosh? I’m going to go out on a limb and say yes, they would. (They’d be even better off with an AmigaOne, with no malware threats whatsoever, but such exotic pieces of hardware aren’t everyone’s cup of tea). There are many times when people complain to me about their computer “running slow” or behaving strangely, and while my first suggestion is to install some antivirus software (or hire me to do it for them), I also bring up the option of getting a Macintosh instead. So far, nobody’s actually taken me up on my suggestion, but I continue to make it. Just make sure that you don’t wind up installing Windows via Boot Camp or Parallels, as that would bring you exactly back to where you started in terms of security.
Regardless of which platform you choose, however, the rise of e-mail and phishing scams makes it even more important to practice skeptical computing. As to why Sophos would tell people to switch to a platform where they would no longer need their software, I confess I still haven’t figured that out.