Apple's OS X operating system has some of the best out-of-the-box security there is. Naturally, there have been some issues uncovered, but it's nowhere near as bad as Windows. Now, some people like to claim that it's a market share issue - just because Windows has a higher market share, it's more of a target, and OS X less so. Nothing could be further from the truth. Windows just typically allows things that other OSes do not. Worst of all, so many Windows programs don't run properly without full administrative privileges, that restricted accounts are almost useless. It's too much of a bother to run securely.
Amazingly, a Windows product manager of security admits that some viruses and root kits can bury themselves so deep into the Windows Operating system that the only alternative is to format the machine and start from scratch. Wow. That means re-installing everything.
The converse of that is an experience I had just today. Customer needed to replace an aging iMac with a newer model. They were already set up with Open Directory and network homes. "We're going to need you to come in and set this up for us," I was told. "Nah, just take the new one out of the box and plug it in the same way the old one was. That's it." I think they had a hard time believing that, but it was the case. I dare you to do that with a Windows machine. Go ahead - I'll wait.
Of course, Microsoft keeps making improvements. Windows XP is pretty stable, and, once configured is a pretty good OS. Windows Server 2003 and Active Directory are a good combination, too. However, XP has been out for several years now, and Microsoft is now starting to get everyone ready for "Vista", their next operating system. Vista does sport some impressive features, with new graphics capabilities being one of the shining stars. Of course, I'm here to talk about security.
OS X has a wonderful feature: if you're running with a standard (restricted) account, and you need to perform a privileged operation, a dialog box will appear and ask you to provide administrative credentials. While I envision some new style "C:\ongrtula.tns Windows 95!" adverts, welcome to the year 2000, a very similar feature is planned for Windows Vista.
This feature of temporary privilege escalation is completely intertwined with OS X. It is pervasive. It helps form the very basis of the security model. Windows Vista is calling this 'new' feature User Account Control (UAC). Under Vista, all accounts will run as a standard (non-admin) user. LIke OS X, when elevated (admin) privileges are required, a dialog box appears asking for admin credentials. So far, so good.
Interestingly, rather than something that is truly integrated with the operating system, this functionality is included as a simple executable component that resides in the Windows system directory. While that already is a bad idea, as it could become corrupted or even replaced by a trjan or malicious user, it gets worse. You can disable the functionality altogether. Let me repeat that: you can choose to disable UAC. Fire up msconfig, go to the tools tab and disable UAC. Done.
My mind goes blank when I try to imagine how this got approved. Just as it's now too inconvenient to run as a standard user, people will find it too inconvenient to have to type in an admin id and password for seemingly trivial tasks. There's already a report from the Yankee Group that finds UAC "annoying" and that most users will simply disable it. "It is clear as day that Vista is going to really annoy users," analyst Andrew Jaquith wrote in the report.
As has been typical, it's not so much that Microsoft doesn't provide adequate security controls, but the fact that end-users will do an end-run around them. The disturbing part is that they're able to.
