Antivirus vendor ESET released the results of a survey that found more than half of Americans believe that PCs are “very” or “extremely” vulnerable to cybercrime attacks, while only 20 percent say the same about Macs. Is this perception real or an illusion?
Some security experts gathered by CNET weighed in on the topic. The summarized responses are below. Here’s the short of it: there’s a difference between safe and secure. A house in the rich part of town maybe safer, because fewer folks in that neighborhood are attempting to break-in., while a house in the poorer section of town may be less safe because more folks there are trying to break-in.
However the houses themselves may be of equal security with doors, locks and burglar alarms. And so it is with PCs run with Windows and Macs powered by OSX. More criminals attack Windows compared to Macs, because there are more Windows machines and thus more opportunities to do damage and profit. So by default you may be safer with a Mac, but not because of some inherent technical advantage, but because you’re in a neighborhood where less people are trying to break-in.
What the experts said:
- Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users
- A lot of attacks have to do with social engineering and that kind of attack is platform agnostic
- Criminals would far rather attack Windows PCs as there are lots more of them. So you are much less likely to be bothered by malware if you use a Mac, or run Linux on your PC
- In my mind, the OS question is quickly becoming moot, and will soon be replaced by the already-intense Web browser holy wars–especially with Google jumping into the fray there
- Social engineering is the unifying threat that puts all computer users at risk, regardless of operating system. And that’s what most threats exploit
- Browser security is one of the more important items to consider today from a risk perspective
- Mac is probably more secure in that more people write Windows exploits. This would probably change if the majority of people had Macs
- Mac OS has far more published vulnerabilities per user than Windows does
- I just don’t think this question (Mac or PC) has any real meaning today. Far more relevant to me are the browser and e-mail clients a consumer is using, irrespective of the operating system or hardware platform
- Mac OS has fewer countermeasures [against attacks compared to Windows] and lots of easily exploitable bugs, but the market share is low, making it a less likely target
- Operating systems as such are no longer the primary target of consumer-targeted attacks; applications are. In light of that fact, I’d say each operating system has its benefits and liabilities. The real risks lie in the consumer’s browser choice, and security habits. From a browser standpoint, I would choose Firefox over IE, and IE over Safari
- Choices and practices define security more than an operating system does
- The security posture of the average Internet user depends less on their computing platform and more on their browser choice and configuration
- Regardless of the operating system, the easiest way for an attacker to compromise a system is by going after the application level and causing the user to click, open, or run something they should not
- Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it’s easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn’t much risk of being exploited or installing malware