• United States




Macs’ low popularity keeps them safer from hacking and malware

Oct 02, 20096 mins
Data and Information SecurityHackingMacOS

From Windows to Flash to QuickTime and iTunes, malicious hackers target the most popular platforms

For two weeks, I was having a heated discussion with some diehard Mac-only fans in a stock forum. It was one of those self-perpetuating, boring Windows-versus-Mac flame wars, where neither side ends up believing the other. Each side sincerely believes their platform is better and destined to rule the world.

My main debate with the Mac-only fans is over Mac’s true security. See, I know that Macs are attacked less than Windows because they are less popular. Pure and simple. Macs contain no special, secret security sauce that makes them more attack-resistant than Windows Vista (which was released in November 2006). Macs and OS X do not contain a single computer defense mechanism that the competitors do not already have or haven’t had longer.

[ Moving to Windows 7? Check out InfoWorld’s Windows 7 Deep Dive to make sure you’re ready. | Tune in to InfoWorld’s Security Channel and subscribe to the newsletter for the latest IT security news. ]

If anything, Macs have more known vulnerabilities — by far — than Windows and are often patched slower. You can check any independent security vulnerability database you like to see the figures behind my statement, but Secunia has been my favorite for a long time.

Mac-only fans rightfully point out that Windows is successfully attacked thousands of times more than Macs. This is true, which translates to lower overall security risk against generalized, nontargeted attacks. I can’t argue with that.

But my contention is that Mac’s relatively safety is due to its status as a minority player; if the platform gained significant market share, it would be successfully attacked just as much as Windows Vista or at least in proportion to their growing popularity. The same could be said of any platform out there that hasn’t earned as much market share as a more popular rival. Whatever is most popular is successfully attacked the most. If criminals want to make the most money possible, they go after what is popular. I call this theory Roger’s Hacking Popularity Corollary.

I should note that although I work full-time for Microsoft and I love Windows 7, I also love my OpenBSD and Ubuntu machines at home. In addition, I support two iMacs for my daughters at college. I don’t think one platform is good and another evil. I think all the OSes have their benefits and best uses. The AS/400 midrange platform that I’ve spent 20 years on may be a text-prompt, keyword-loving darling, but it crunches numbers faster than any PC platform.

In the beginning …

There is one nagging fact that buttresses my claim. In the history of personal computing, with few exceptions, whatever is the most popular software in a particular category is also the most successfully exploited software. When Apple computers were the most popular computers, as was the case in the early 1980s, they had the most malware. In fact, the first PC virus, the 1982 Elk Cloner, was a Mac virus. When I got into the field of anti-virus research, the only viruses around were Mac viruses.

The IBM PC came in October 1981, but didn’t become the dominant PC platform until 1986 — not coincidentally, the year of the first IBM-compatible computer virus, Pakistani Brain. From that year until now, Windows has dominated the personal computer world, and so have attacks against it. (Check out some PC market share history figures.)

One Mac defender countered my corollary by noting that between 1983 and 1985, when Commodore and Atari computers briefly outranked Apple, and just before the IBM-compatible machines took over, Apple still had the most malware. This is true and it’s a small exception to the rule, but it’s notable because Commodore and Ataris were mostly home and gaming computers. Most models didn’t include floppy drives (it was mostly ROM memory and tape cassette storage if you were lucky), modems, and other input mechanisms needed to spread malicious infections. Meanwhile, Apple computer owners were raging on dial-up BBSes (bulletin board systems) and trading software as fast as they could, a perfect environment for the spreading of malware.

Because I don’t want to get mired in a 20-plus-year debate, I’ll agree to modify my corollary to begin in 1986. Certainly something that has largely held true over the last 23 years is still trendworthy. Some readers may say that since 1986, Microsoft Windows has been the most popular software, so my claim is self-supporting to my goal. Yes, that’s true on the OS level, but my rule applies to more than just operating systems.

Not just Microsoft or Windows

Find me any software product that is the most popular product in its category, and I can assure you it is more successfully exploited than its next popular counterpart. I can’t think of an exception.

Windows is attacked more than its competitors. Internet Explorer is the most attacked browser. Microsoft Office is the most attacked word processing and spreadsheet software. ActiveX is exploited more than Java. The most popular software versions even hold true within a particular product family. For example, Microsoft XLS and DOC files are exploited more than XLSX and DOCX files.

At this point, some might suggest that Microsoft products are the primary target for attacks and overall market share has nothing to do with it. The fact is, in every instance where the non-Microsoft product is more popular than the Microsoft product, the non-Microsoft product is attacked more. QuickTime and iTunes is exploited more often than Windows Media Player. Macromedia Flash is attacked more often than Silverlight. Adobe Acrobat’s PDF files are attacked more than Microsoft’s XPS or DOCX files. Apache Web Server is successfully exploited more than IIS. PHP is exploited more than ASP and ASP.Net. Java is exploited more than .Net. SSH is attacked more than RDP. This all lends further credence to my corollary.

Readers, I invite you to prove me wrong. Send your exceptions to Roger’s Hacking Popularity Corollary to Although I’m not sure one or two rare exceptions with very small populations would invalidate all the examples I’ve shown above, I’m open-minded. Given enough examples, I’m willing to forget my corollary.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author