Email this article to a friend

The ITT List

Friday, Feb 4, 2005, 3:30 pm

Why Macs Are Over-Hyped

By Abraham Epton
Now, I'm not a Microsoft partisan. In fact, I hate, loathe and perhaps also despise Microsoft, although (because?) I use Windows, and I have a certain, and growing, respect for Apple and their engineers. But for some reason, Apple fanatics have gotten even more annoyingly vocal recently, and so I'd like to take issue with one of their main contentions: that OS X, the Macintosh operating system, is some sort of manna from heaven, while Windows is the stuff on the floor in the back of a gas station. This is actually a pretty broad topic, so I'm going to try to restrain myself to discussions of security.

This isn't an issue of concern only to pasty-faced nerds whose last date literally took place in the last millenium (2001 was in this millenium, thank you very much.) Security is an issue that directly affects the performance of almost everybody's computer, and if you've ever been annoyed at how much spam you get, well, a lot of that is probably the result of someone else's computer being compromised.

The first, most significant and most oft-repeated reason why the Mac seems more secure than a Windows PC is that Windows PCs represent roughly 85% of operating systems sold last year, compared to around 5% for the Mac. This has several implications. First, virus writers themselves will likely be running Windows, be fooling around on Windows, be writing code and compiling on Windows, so right off the bat, we would expect most virii to be written for Windows.

Second, virii spread as a function of the number of computers they infect: the more they infect, the faster they spread. So the fact that most computers run Windows means that virus writers will be vastly more tempted to attack Windows than OS X. This effect is probably not linear: there is very little point in writing a virus for the Mac, since there is little risk of achieving the critical mass essential for notoriety, or of reaching enough people to make the enterprise profitable, both of which are the main attractions for most virus writers.

Moving on to a more technical discussion, however, most Mac advocates argue that even if the Mac were to represent a worthy target, it wouldn't be as susceptible to virii as the PC. This is undoubtedly true, but not entirely for the reasons Apple partisans would have you believe. First, the number of peripherals, the amount of software, and the number of users of the Mac are all much, much smaller than for the PC. Having to accomodate all of these potential uses of the operating system is what makes it so difficult for Windows to run well. We're talking about an operating system of incredible complexity, built with over 40 million lines of code (the same site gives an estimate of 30 million lines for one version of Linux, and I couldn't find an estimate for OS X.) So Windows has to have all kinds of different components interact (which are themselves quite complicated; MS Office has over 25 million lines itself, and if even one of them has a security flaw, the entire system can be compromised. Office aside, most things that are made for Windows, hardware or software, are made by companies other than Microsoft, and the products are thus out of Microsoft's control. Apple retains a much tighter rein on products than does MS, and so has to worry a lot less about interoperability issues.

So we're probably talking about the combined efforts of hundreds of millions of (entirely human-produced) lines of code powering your PC or Mac right now. And flaws in the security of your system are much, much harder to find than, say, flaws with a car (a common and inappropriate comparison.) If a valve on a car doesn't work, it's hard not to notice right away. If just one line of code is flawed in a very subtle way, the system is vulnerable. And again, we're talking about hundreds of millions of lines of code, here; any system, Mac included, is insecure. There's no way around it.

How subtle are we talking about? To give you an example, one of the most common security holes is called a "buffer overflow". The technical definition is quite complicated, but basically, whenever a program accepts input but doesn't make sure that the user doesn't give it too much, that user can have the system execute any code that he wants. This isn't the kind of thing that is immediately obvious when looking at the code; you have to be looking for it, and even then, code of a certain complexity can make such a problem fairly hard to find. Not at all impossible, but since there can be thousands of places to look for holes in any one program, an improperly-written bounds-check can easily slip through. And once it does, that's it, the system is vulnerable.

So the problem of security in computing is much more subtle and tricky than Mac partisans would have you believe. Their computers are vulnerable, too, no matter what they say, because it would be almost impossible for them not to be. Any time humans are writing millions of lines of essentially very complicated text, there will be mistakes and typos. And there don't have to be very many before a system is very insecure.
View Comments