No contest: Mac vs. Windows security

Cloud computing, mobile technology, and Web 2.0 have altered the debate on whether Microsoft or Apple offers superior security

For nearly two decades now, security experts have debated whether Microsoft or Apple offers superior security. The battle heated up again in the wake of news out of Black Hat about a newfound weakness in the Mac platform. However, the question of whether Microsoft or Apple is more secure is no longer even relevant: Security threats of today and tomorrow aren't as tied to specific desktop platforms as they once were.

Macs have far more theoretical vulnerabilities than Windows machines, as I wrote last week. (I am a full-time principal security analyst at Microsoft.) It's been that way for a long time. However, Macs are attacked far less because they are used less than machines running Windows. Call it security through obscurity. Now that Macs are increasing in popularity in the enterprise and beyond, though, they're no doubt on the cusp of being targeted by hackers. However, I predict that Apple will rise to the occasion and fill the vulnerability gaps. It has to, or growth will slow.

[ Also on Roger Grimes presents a controversial take on Mac security in "Apple security under attack: The view from Windows" | Download Roger Grimes's new "Data Loss Prevention Deep Dive" PDF expert guide today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]

Still, the question of whether Mac or Windows is more secure is no longer relevant. The computer security paradigm is shifting at this very moment. Cloud computing, Web 2.0, and mobile technologies are exploding, and with those changes, traditional attacks are making way for a new crop that ignore platforms. Think ANSI bombs, boot sector infectors, macro viruses -- seen any of those lately?

I worry about the risks associated with cloud compromises more and more. For example, if someone compromises a public cloud product and takes over one customer's instance, how easy would it be for that person to get to all the cloud's data? I know hackers have a far easier time taking over multiple websites hosted on a single Web server than they would taking over sites hosted in separate machines. Whether you're a Mac or a Windows shop doesn't factor into the equation.

Default data syncing, too, is becoming a fact of life, and it opens new potential security holes, regardless of platform. The mere act of opening a document on any computer or device could automatically send a copy of that document into the cloud, regardless of your intention. Is it well protected in the cloud? If you then open a document on your least secure device, can that machine access all your synced cloud documents? Who else in the cloud can see my documents?

1 2 Page 1
New! Download the State of Cybercrime 2017 report