So, I asked this question in the class I teach "Why Mac OS X has no viruses" -- it is a good question, since the Mac user-base is gradually increasing and most laptops and PCs (with Microsoft Windows-based OS) are so easily infected by malware, virus, adware, spyware, etc..unless you take proper security measures, of course.
One student answered: "..because Mac has a very small number of users, so hackers are not interested".
While this is a possible reason, but not the only reason -- so I decided to do my "homework". So below are my reasons why it is so. Oh..but I am still with a Dell running Windows XP...meanwhile, wifey has recently got a Mac Book Pro -- and flaunting it around the house right now. :-)
Top 10 Reasons Why Mac OS X has No viruses
1. OS X is built on UNIX (actually, FreeBSD) – which is a multi user system with a security architecture built into it at the beginning of design itself. WINDOWS came from single-user architecture with security and multi user capability as an “after thought”. Patching does not help much!
2. UNIX had networking built into it from the beginning; again in Windows this was included at a later date. Also, most of Mac OS X was developed after the Internet, so the vulnerabilities were addressed during the design of OS X. Most viruses exploit the Internet connections, email and file transfer.
3. Windows built Internet Explorer into the O/S at a very deep level, and allowed code execution within the browser. In OS X the browser is a completely separate application -- not an integral part of the OS. Most virus or hackers exploit this vulnerability, since some malicious code can be run in the browser itself.
4. In earlier Windows everything ran as the system user (what!), so the capability to compromise an entire system was easier. Simply during a breach, hacker=system user! Close your eyes.
5. Microsoft’s backward compatibility mantra does not do them any favors -- all Microsoft OS need to run old software, so they need so many old APIs, all of which can have holes in them. The patches help “patch” the holes, but the patches may have holes too! Like the chicken-and-egg problem?
6. OS X has no registry. Ah ha…this is one of the biggest mistakes Microsoft made though it helps in organizing the applications well – how about organizing the security?
7. OS X asks for your password before allowing you to run new software or install something. Not fool proof, but at least fool resistant. Well.
8. Where do viruses usually hang out in Windows:
a. At the root.
b. In the user’s local settings temp folder.
c. In these folders: \windows, \system, \system32 — the most common places where viruses hide.
d. As registry entries.
None of those areas are exposed to the environment (or users) in OS X. You can’t see those folders. Virus writers can’t access them. Thus, viruses can’t exploit those areas. A recent Mac virus may have tried to exploit this – not much success.
9. Earlier, Mac’s ran on PowerPC (by IBM and Motorola), so not many weaknesses were not exploited by viruses. Many PCs. Laptops run on Intel’s microprocessors. Note however that Mac has started to use Intel’s processors now – welcoming some possible viruses? You can say that Mac maintains a “clean and secure” gene-pool, but how long will it last?
10. Mac has a smaller user-base, so there is more incentive for hackers or virus coders to attack the “big-fish” Microsoft XP or Windows Vista ..but not a tasty one :)
Wednesday, September 16, 2009
Tuesday, September 15, 2009
Survey about Using Good Passwords (asking for your 2 minutes)
This is a small survey which I plan to use as part of a research paper. It will less take less than 2 minutes. Please answer the following questions and hit submit.
Thanks for your participation and your time! Take care.
Link to the survey:
http://spreadsheets.google.com/viewform?hl=en&formkey=dEVhR3BkcUFobWM2VUZyUWV0Tmp2WEE6MA..
Microsoft Tool
http://www.microsoft.com/protect/fraud/passwords/checker.aspx
iPass Tool (best password will be highlighted in green)
http://sunrise.webfactional.com/ipass
Thanks for your participation and your time! Take care.
Link to the survey:
http://spreadsheets.google.
Microsoft Tool
http://www.microsoft.com/
iPass Tool (best password will be highlighted in green)
http://sunrise.webfactional.
...and another PHISHING attempt
"bsnl" is an internet service provider in India. These crawlers are getting smarter..but phishing is still phishing!
I like the warning message:
"...you are required to do this before the next 48hrs of receipt of this e-mail, or your Web mail Account will be de-activated and erased from our database."
Thank you very much -- I would be happy if you delete me from the "phishing database" :)
Thursday, September 10, 2009
DGTFX Virus Alert (yeah sure, ..it is an email phishing scam!)
Received this in my INBOX today. It is a phishing scam obviously..actually -- it not that "obvious" since the email looks pretty legitimate at first examination. But the scammers forgot that I teach IT security courses here ..oops, so it is no use messing with the wrong guy :) Anyway -- be careful guys.Good idea to alert your IT department, or consult a security alert focus group if you have any doubts. As the good man says "better safe, than sorry". Peace.
Monday, September 7, 2009
"Digital Life" after Death?
Seems like an irrelevant discussion at first thought, ha? No, I thought the same..while I was browsing through the September 14, 2009 issue of the TIME magazine. But the article "Managing your Online Afterlife" caught my attention after reading a few paragraphs.
So, what happens all the digital data floating around the WWW after you die? Apparently, major companies do have some security policies now to give access to information or emails exchanged by loved ones. Facebook, MySpace, Google, Yahoo! all have a policy of their own.
I found this article particularly interesting because it shows how important we (or relatives of loved one) consider any kind of digital information. If it was of no value -- no one would fight for it. In my opinion, yes, there is a lot of "precious" - social, personal, emotional, and intellectual information out there ..stored on data servers quietly clocking away in a dark server room.
As the author points out ..soon we might see a clause in someone's Will that tells -- how and who can access, and share information in my "after life".
Humm. Do I need to start using my dairy again?
So, what happens all the digital data floating around the WWW after you die? Apparently, major companies do have some security policies now to give access to information or emails exchanged by loved ones. Facebook, MySpace, Google, Yahoo! all have a policy of their own.
I found this article particularly interesting because it shows how important we (or relatives of loved one) consider any kind of digital information. If it was of no value -- no one would fight for it. In my opinion, yes, there is a lot of "precious" - social, personal, emotional, and intellectual information out there ..stored on data servers quietly clocking away in a dark server room.
As the author points out ..soon we might see a clause in someone's Will that tells -- how and who can access, and share information in my "after life".
Humm. Do I need to start using my dairy again?
Subscribe to:
Posts (Atom)
