Today, my attention was directed at this blog, discussing the security of Apple’s OS X. I suggest you read it, as it makes a number of good points.
Some parts also remind me of the issues I brought up in this earlier blog, and some of the comments that followed. For example, there is the mention of Windows ACLs, which are a clear example of security-by-design, which OS X and most other *nix-based OSes lack (including linux).
Another thing is that he points out that exploits for OS X most certainly do exist. Just because the chance of getting infected on an OS X machine is much smaller than on a Windows machine, doesn’t mean that OS X is actually safer by design than Windows, or that Apple has a better security policy. On the contrary, in many areas, OS X is actually trailing behind Windows.
Lastly, he makes the point that I’ve also made in the past: an exploit doesn’t need admin/root rights in order to be effective. Eg, for a spambot, the exploit mainly needs to be able to send email. Most regular user accounts will have sufficient rights to send email, so you get the point. Just think about anything you normally do on your computer, under your own account. Perhaps you have compromising pictures stored on your computer, or sensitive personal information, such as your bank details etc.
Basically, everytime you hear someone talk about “safer by design”, referring to OS X or linux, you know that they have no idea what they’re talking about. These self-proclaimed experts just perpetuate this myth, without knowing the facts about security.