A friend recently sent me a blog "The Myth of Apple's Insecurities". The blog says "If an OS is built on shaky ground, everything layered on top will suffer. This is the position that Microsoft is in now. Apple was in this very position at the end of the last century. They decided to start over, providing a clear upgrade path and supporting legacy applications on the new platform. OS X was developed from BSD and NeXT, built on a foundation that dates back twenty years or more, with the OS base code freely available for download, yet there have been no significant security vulnerabilities in OS X. This isn't due to market share, this isn't due to lack of attention, this is due to proper coding and development. That isn't to say that there are no chinks in Apple's OS armor -- there definitely are -- but the foundation is solid, therefore those chinks aren't likely to destroy the whole shebang. The same is true of Linux, and most UNIX-derived operating systems."
I think that this is a fair point. But it's what wasn't said that bothered me.
The malware game is escalating. Web based attacks are rising. Therefore, even if the MAC platform is the most secure OS in the universe, the user can still be attacked by applications running on it or on the web. Recent security holes in Adobe Acrobat is just one example.
Therefore, all those Mac users should not believe that their platform is bullet proof. They too will need to be running some kind of intrusion detection and prevention system, which is constantly updated, to effectively protect themselves.
Further, while I can agree that the MAC platform is arguably more secure because Apple controls the hardware better than the PC world does, this doesn't mean it's infallible. Last week's Apple advisory on AirPort Extreme Base Station with 802.11n is but one example. Furthermore, if the MAC marketshare increases beyond it's current 5-8% of the market then expect much more attention from the criminals and more software and hardware exploits to be found.
My bottom line: No computer user should be thinking they are secure because of the operating system. As virtualization becomes more common, research like Blue Pill has shown that most OS's are prone to attack.
The debate amongst MAC and Microsoft disciples misses the point. Enterprises who need proven security don't use MAC's, PC's or even Linux. They continue to use AIX, HP-UX, Solaris and other forms of proven Unix. However, even these have security holes. Solaris's telnet security hole found in February this year is but one example.
The next two to three years are going to be tough in the computer security business as malware attacks increase in sophistication. Caveat emptor.