Snow Leopard Security vs 7ista Security:What debate?

--
My attention was drawn today to a blog entry over at MacDailyNews that summarized an article comparing Snow Leopard security to 7ista (aka Windows 7) security. I was hoping for something rip roaring and insightful. Instead I found the source article to be essentially worthless and trivial. Ho hum.

HERE is the source article, entitled "Windows 7 vs. Snow Leopard: Which is More Secure?", published at the Datamation site.

Below is my critique of the article, as posted today at MacDailyNews:

If author Kevin van Wyk had extensive experience with computer security, this article might have been of interest. Unfortunately, the article is incomplete, contains some significant errors and entirely skipped obvious security concerns:

1) He sez: "Neither operating system includes anti-virus protection by default."

Bullshite. 10.6 has a malware detection system running by default with signatures for some Trojans. However, it is fair to say that this is an extremely limited and immature anti-malware system. Hopefully Apple will pursue it further in the future. Mac OS X Server has incorporated ClamAV for many years. It would be good to see it moved into the client version as well. However, it must be noted that getting Mac OS X malware signatures incorporated into ClamAV is extremely difficult, partly due to the anti-Mac culture over at the project site. Thankfully, the author of ClamXav for Mac has made some headway in this respect.

2) He sez: "Neither system is immune to viruses, and we certainly have plenty of examples of this fact."

Bullshite. There never have been ANY viruses for Mac OS X, period. There are, however, Trojan horse malware for Mac OS X, all of which require LUSER behavior in order to be installed. Most likely Mr. van Wyk simply does not know proper malware terminology. BTW: There are currently 21 known Trojans for Mac OS X compared to 100s of thousands of various malware for Windows.

3) He entirely skipped the security history of both operating systems. Windows 7 has been cracked from out in the wild several times at this point. Mac OS X has never been cracked from out in the wild without user assisted sabotage. Plus there is the fact that Windows in general has over 10,000x more malware of all varieties than Mac OS X. (That simple fact blows the 'security via obscurity' myth to hell. It also indicates that Mac OS X is by nature profoundly more secure than any Windows system).

4) The article ends on a pointlessly wimpy note: "I remain a firm believer that I�m safer on Snow Leopard than I would be on Windows 7."

No one has to 'believe' Mac OS X is the safer. The facts prove Mac OS X is vastly safer than Windows 7.

5) He completely left out security dangers caused by non-system software. On Apple's side this includes Safari and most of all QuickTime. On the Windows side this includes Internet Explorer, well known to be the single worst web browser on the market, as well as ActiveX and JScript, both of which are wide open security holes begging for hackers and crackers to enter any Windows machine. Microsoft also deliberately provide only an archaic and hobbled version of Java as a retaliation against their losing their J++ abomination lawsuit from Sun Microsystems. Whereas, Apple provide a much more up-to-date and secure version of Java.

6) He left out the fact that Windows 7 does have superior memory address protection (Address Space Layout Randomization, ASLR) over Mac OS X 10.6, which helps fend off some buffer overrun system pwning. Hopefully Apple will take memory address protection more seriously in 10.7.
--

Update: The State Of Trojan OSX.RSPlug, aka the 'Porno Trojan'

The net-cracker effort to bring the 'RSPlug' Trojan horse from Windows over to Mac OS X continues apace. As of this week we are now up to version E, aka Trojan OSX.RSPlug.E. Again, this Trojan is showing up at scam pornography websites.

The difference with variants D and E, however, are particularly nefarious. Instead of the Trojan itself being the full payload of malware, it downloads the actual payload from the Internet. This means the Trojan can install literally anything into your system. It's not just for DNS forwarding phishing scams any more.

Of course, it will be possible to kill off the payload Internet sites one by one as sub-variants of D & E pop up. But once infected, a Mac could theoretically become zombied, which these days is the prime goal of net-crackers. Botnets can make big money. As was popularly reported last week, the taking down of one particular bot wrangler killed off as much as 70% of SPAM distribution for a few days. That's a massive botnet. Imagine the profit the bot wrangler was pulling in. Sadly, the botnet involved remained intact and another bot-wrangler stepped in to take advantage of it, restoring SPAM to its usual blasting volume.

You can read the details about Trojan OSX.RSPlug.E over at Intego's website.

One hilarious flagging giveaway of this Trojan is the continued laziness of the developers' social engineering method. Instead of altering their tease line to potential wetware victims, they left it exactly the same as the Windows version. This means that anyone who is both Mac and Windows savvy will realize immediately that something screwy is going on. The blunder is the tease line "Video ActiveX Object Error". For those who don't know, ActiveX is a scripting monstrosity perpetrated by Microsoft several years back. Yeah, it was another of their attempts to make the Internet proprietary. ActiveX is entirely irrelevant on Mac OS X, thank goodness, as it is a gigantic, wide open door for malware infection on Windows. The only web browser on Mac capable of running ActiveX rubbish is FireFox, and you have to specifically install an ActiveX extension. Therefore, for the moment, if you run into a "Video ActiveX Object Error" on a website, you have just run into an attempt to infect you with the Trojan OSX.RSPlug.
--