Posted on March 2nd, 2010
Some people often say that they are more secure on a Macintosh than on a Windows-powered PC. With these two new kids in town, Snow Leopard and Windows 7, we may need to see if the statement still holds true. It is clear that both OSs are powerful and mature, and they both support a wide array of security capabilities and features.
It is clear that there are plenty of similarities in how the two operating systems set out to protect your data and identity. They both handle not just at the basic issues of file access control and user privileges, but also at programmatic level. For example, when an application attempts to install itself, both operating systems notify the user, even the privileged user, before the installation proceeds.
In addition, both systems include basic firewall features as well as security updating systems. It seems that most software developers these days have at last “gotten it” with regard to turning these important features on by default. In fact, most consumer-level security settings are turned on by default in both operating systems. Kudos to both Apple and Microsoft for that.
Neither operating system includes built-in anti-virus protection by default. The users can install an anti-virus software they feel it necessary. Both operating systems are not immune to malware and we certainly have seen many examples of this fact. However, a significant percentage of viruses and malware is still developed for Windows environments, until that changes, Macs are relatively more secure.
Indeed, most Mac owners don’t use anti-virus protection at all, and can even visit high-risk websites without coming across anything that would warrant installing an anti-virus software. This definitely can’t be said for Windows consumers. Additionally, neither operating system requires a dedicated administrative user for handling administrative functions. Rigorous user hierarchy may cause widespread protests from casual computer users, but it’s still safer to separate administrative and user-level tasks.
With those facts out of the way, now let’s take a closer look at the security criteria that matter to users.
Familiarity with security mechanisms
(Windows 7 vs. Snow Leopard = Draw)
Both operating systems have made great strides in allowing security controls both understandable and accessible to the end user. Essential security controls are presented smoothly to the user and as a whole, are easy to work with. However, unlike its rival, OS X users can use UNIX commands to fine-tune many things that they can’t get to work in the GUI level. That gives us just a little more control when it comes to managing overall system protection.
Separation of Data and Executables
(Windows 7 vs. Snow Leopard = Draw)
Although their respective files structure and naming conventions differ, both operating systems do a pretty good job in separating user files from system files. In general, all system files like libraries and executables are not modifiable by end users. However, user data is accessible and readily available to the designated user.
In previous Windows versions, many users face problems with installing a 3rd-party application as an administrator and then running it as a non-privileged user. Many apps just didn’t work well in the multi-user Windows environment. Luckily in Windows 7, the situation has improved considerably. Although both systems haven’t changed significantly from their direct predecessors, both perform comparably well in separating data and executables
Privilege management
(Windows 7 vs. Snow Leopard = Draw)
Some people feel that both operating systems have been taking a few small steps backwards, maybe with the rationale of making easier user experience. A security-savvy user is forced to create administrator and user profiles in both OSs in order to completely separate both tasks.
Program management
(Windows 7 vs. Snow Leopard = Snow Leopard Wins)
Not much has changed compared to previous versions of Windows or OS X. But, this is the area where Snow Leopard truly shines. Arranging all of a program’s files into one “bundle” in the ‘/Applications’ folder surely makes a world of sense. Whenever a user wants to remove unwanted apps, upgrade to new versions and archive apps; all of those basic functions become very easy in Snow Leopard and remain a nightmare for many Windows 7 users. In general, we can’t remove a major app from a Windows environment without leaving behind major residue, be it orphan DLLs in the file system, temporary files, empty folders and useless entries in the complex registry hive.
Access Controls
(Windows 7 vs. Snow Leopard = Draw)
Just like their predecessors, both systems set up a default user for administrative access. Fortunately, the default read-write access on critical system files is disabled on both platforms.
As in the past, we can tweak Snow Leopard installation so that the desktop user is unprivileged and only the administrative user has full read/write control over apps. But we may still need to sweep through the system regularly to clean up any default access controls that were left behind by many application installers that leave ‘/Library/Application Support’ and ‘/Applications’ open to world read/write.
When controlling network access with the firewall in Snow Leopard, you can use three settings: allow all, allow per-application, and disallow all. Once you learn a good way to work with these, they are relatively simple, but the UI isn’t as seamless as it should be. Windows 7 similarly allows users to adjust firewall settings. But, they only have two extremes to choose from: It has a very simplistic interface in basic settings and if you choose the advanced settings, you will find a hugely and overly complicated interface.
Certainly, there are a few more criteria that should be compared, but the above factors are important aspects of a platform’s security to most end users. A reasonably tech-savvy user certainly has his/her own preferences. With Windows 7, Microsoft may have made great strides in developing simpler security feature for the end users, but perhaps they’ve taken a bit too far in a few areas, such as firewall controls.