But I Use a Mac!

Even after everything we’ve told you about how real the risks are, you might still be thinking, “But I use a Mac! Everyone says the Mac OS is secure and that the Mac is just 10 percent of the machines on the Net. Won’t the hackers go after the Windows machines first?”

It’s true that the Mac OS generally is considered to be significantly more secure than the Windows operating system. Here are a few reasons:

Š      The Mac OS was designed with the user as its primary focus. Among other things, focus on the user means focus on his or her security.

Š      The Mac OS does an excellent job of preventing you from opening security holes accidentally, both through a clear user interface and through warnings when appropriate.

Š      Its Unix base has been time-tested over a number of decades

As supporting evidence for the Mac’s superior security, in 1999 the U.S. Army chose the Macintosh as the Web server for its main site after its Windows-based server was hacked by a 19-year-old. The World Wide Web Consortium (W3C) also stated publicly that “the safest Web site is a bare-bones Macintosh running a bare-bones Web server.”

Snow Leopard takes the Mac’s inherent security to new levels. The following improvements have been made within the Mac OS itself. They’re fairly esoteric for most of the rest of us, but we mention them to point out Apple’s ongoing security efforts:

Š      Enhanced protection of an area of memory known as “the stack”, which makes a class of attacks known as “buffer overflow attacks” more difficult.

Š      The use of 64-bit applications and OS components throughout Snow Leopard, taking advantage of the significant hardware security capabilities that are part of 64-bit environments. For example,

o     Increased protection of an area of memory known as “the heap”, such that code can be executed only from designated areas of the heap, making heap-based attacks much more difficult.

o     The use of stronger checksums to detect changes to the heap.

o     The passing of function arguments via registers rather than memory, which makes many kinds of attacks more difficult.

Snow Leopard also increases the use of sandboxing in applications. Sandboxing means restricting the sorts of things an application can do. For example, an application could be sandboxed so that it could read files but not write them, and could not access the network. Sandboxing is a way to limit the damage a hacker can do if they gain access to your machine and run the application. Many of the applications that ship with Leopard and Snow Leopard, and all iPhone apps, are sandboxed.

It’s also true that Windows machines represent 90 percent or so of the machines out there on the Net. In this case the Mac’s smaller installed base ends up being a good thing. Remember, most attackers aren’t looking for your specific machine; they’re looking for any machine. And because the methods of breaking into a Windows machine are different from those for breaking into a Mac (or a Unix machine), most hackers are looking specifically for Windows machines. The popularity of Windows machines also has a snowball effect. Because most hackers are looking for Windows machines, most of the automated scripts that are written target those machines, so most of the script kiddies, who can’t do much on their own, end up attacking Windows machines. And when the script kiddies grow up and really start to learn things, guess what machines they write new scripts for?

Once again though, specific statistics are a good idea:


In the Open Door study we mentioned earlier in this chapter, nearly 74 percent of all the attacks detected specifically targeted Windows machines. Not a single Mac-specific attack was detected during the month of the study.


So, using a Macintosh does go a long way toward enhancing your overall safety against many types of attacks. But we could not identify a good 10 percent of attacks (or an average of 6 per day) as being against a specific type of machine, and with Mac OS X’s excellent support of Windows services, some of the Windows attacks could even be effective against Macs if you’ve enabled these services. Also, many other security issues (especially those we list in Chapter 3) apply pretty much equally to all types of computers. In fact, some might even apply to Macs to a greater degree. Plus of course the iPhone is the number one smart phone out there, and getting more popular all the time.

Finally, the Mac’s transition to Intel chips moves it just a bit closer to Windows, which runs almost exclusively on the Intel architecture. Mac OS X is still radically different from, and more secure than Windows, and use of Intel chips does not mean that any more Windows-specific attacks will work against a Mac. But it does mean that some of the techniques that hackers have developed against Intel-based Windows machines are applicable to Intel Macs. This fact, combined with the Mac’s recent upsurge in popularity, along with significantly more media attention, are tempting more hackers to target the Mac.