Naked Mac versus protected PC: What wins?

Naked Mac versus protected PC: What wins?

Summary: What's easier to manage — 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?


What's easier to manage — 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?

"We're processing gigabytes of malware daily," says Alex Eckelberry, Sunbelt Software. (Source: Sunbelt Software)

The question came up during a discussion I had at the Ruxcon security conference at the University of Technology Sydney last weekend. I was chatting to independent security researcher Nishad Herath about Morro and why Microsoft decided to give the software away for free.

Herath reckoned at least one driver for Microsoft was that some "security conscious" organisations — law enforcement agencies etc — were increasingly turning to Mac OS X because managing malware was easier on a Mac than on Windows.

With Morro, Microsoft would level the playing field with Apple when it competed for this type of business, Herath hypothesised.

"I did a bit of research into this," said Herath. "I found that because of the high volume of malware directed to Windows environments [in general] and the significantly lower stream of malware targeted to OS X, they [OS X administrators] had an easier time detecting malware."

At least some administrators would rather deal with targeted attacks than the possibly millions of accidental pieces of malware that might affect what are likely to be a pre-Vista Windows systems.

Cisco's chief security officer, John Stewart, raised a similar question about antivirus at this year's AusCERT conference. Stewart wondered why businesses were spending money on antivirus when they were still clearly spending money remediating malware-affected systems. He called the "cost equation an entire waste of money".

But these are strange times in computer security. Administrators know phishing and browser-related attacks can work against users from both camps; so it's not as if by deploying Mac OS X, users are immune to all threats.

But if part of your job is to prevent malware, you can't escape the fact that PC-targeted malware has exploded while predictions of the same fate for Macs have not materialised.

And if antivirus is your answer to malware, what about flaws affecting antivirus software? Is there any product that hasn't suffered an exploitable flaw? Norton? McAfee? Trend Micro? ClamAV? Kaspersky? Here's a link to a search on our record of AV software where flaws have been discovered.

As Herath pointed out, "introducing any additional code in to the system increases your attack surface".

Meanwhile, antivirus vendors such as McAfee have all but admitted that they can't keep up with the volume of malware being generated for PCs. Malware has also put Symantec under pressure to create less intrusive security software.

While some elements of a security package are worth the cost, the commoditised component of it, the bit that Microsoft has promised to give away in Morro, is clearly not. Morro is the nail in the coffin for this cash cow.

Topics: Symantec, Microsoft, Security, Windows

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Mac vs PC

    I have to say that Macs usually win the virus/spyware/malware debate. I have been using Macs for over 15 years and the last time I had any virus or malware issues was with the AutoStart 9805 worm in 1998.

    Every few years or so, I scan for malicious files, but have not found any since '98
  • PC vs Mac

    I've been running windows systems (servers & pcs) for around 10 years with Nod32 and since then I've never had a virus or malware on any of them (talking about 10 servers and about 30 computers I manage)

    Just for the record: we cleaned a virus off a OSX Mac just yesterday using anti-virus software. It's not very common tho.

    The main problem with PC's is trialware that people trust is ok on your computer. As OSX has hardly any trialware this is not so much of a problem. I never install trials or gimic software on computers that are used for work.
  • mac v pc

    I agree, we have both macs and pc's at home and always have much less trouble with nasties on our macs.

    Having said that, I'm a little disappointed that the question posed "What's easier to manage â?? 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?" didn't actually seem to be addressed in this article, it merely seemed more of a segue into a discussion piece.
  • This is a dumb article.

    Of course windows systems have more malware, its the most popular platform around. Microsoft have 90% of the market and if I was a malware writer I'd be looking for the platform leader, because there is greater chance of successfully breaqching that platform.

    There are two things the Mac has on its side and that is an insignificant market share and time. Netiher of those are an excuse for not taking reasonable measures to protect your system, and both of those elements will change.
  • RE: This is a dumb article.

    Spot on, if the situation was reversed as said then naturally the idiots creating Malware are going to target the bigger "audience" - why play to a few bystanders when you can perform to a full house? :D.
  • Real Cost

    So yeah less malware is target at Mac's so is less business related software, and large scale management, as well as decent email programs and
    So on those 200 pc's how would you do Roaming Authentication, LDAP, Active Directory, it is harder than AD on windows. How about access to shared resources, you could setup a complicated Apple file server, or simply stick with the windows server that is already doing your email, files and login.
    Heck even Linux networks I have managed are easier to maintain, deploy and upgrade than a few mac users.
  • reply to Real Cost

    I have both worked on the Wintel side as well as for an Apple reseller for a number of years

    For me the decision is quite simple. Mac's are easier to set up and maintain. To give you an example. I have a site that one of my staff maintain that has approx 800 mac desktops/laptops and 1 technician looks after the lot. That's everything from 7 separate SOE, through to managing a Mac mail server, OD as apposed to AD etc etc.Try doing that with Windows, at best you will need 3 full time staff.

    The fact that you believe that setting up an AD is easier than an OD shows your inexperience in the OSX platform. With Mac's you don't have to worry about CALS, or which version of Vista you need (Home Basic, Home Premium, Business or Ultimate). On a mac you get OSX 10.5 and that has everything & it is included when you purchase a mac.

    Similarly on the server side, there are 9 versions of Windows 2008 server. 9 versions, what a joke. On a Mac you get OSX 10.5 server when you purchase an xServe and once again it comes with everything.

    I would be interested to see what your thoughts are on the points that I have mentioned.
  • Mac's are easier to setup and maintain

    Yes I have to agree - I work for a large media company with more than 12,500 users across multiple sites.

    A site with say 200 windows users will have more than 20 staff managing Windows-based PCs and Servers.

    Yet on our site that has around 300 Mac users we have just two staff. And a comparison of service desk stats between the two platforms also confirms that we are having far fewer issues logged with OSX.

    And we haven't had any significant issues integrating Mac OSX into our (predominantly) Windows environment. AD, Exchange, OCS and even user profiles have all been successfully integrated. For Windows applications that haven't been ported to OSX we just use VMWare View (VDI) and deploy them via Safari.
  • 10 to 1 users to admin ratio?

    If it takes 20 staff to administer 200 Windows users you really need to replace your admins with people who know how to work with Windows.

    Your IT department is having you on.
  • virii

    Sadly you'll find that 90% of virii are written with Microsoft especially in mind, so its no real surprise that macs have less issues with it!
  • Mac's are simply the BEST Edit Platform

    Fellas... I run 2 iMac's OSX10.5 running Final Cut Pro and they and the editor's driving them work hard. Huge amounts of files are continually downloaded using Safari and is scanned with iAnti Virus (free) and to date... we have seen no virus/spyware/malware. The systems have yet to crash.... and don't expect such as all programs are Apple... no third party applications are employed whatsoever with the exception of iAnti Virus. I also used to run PC's running Avid Liquid Silver and Chrome... but lost massive amounts of productivity due to system crashes and viral attacks etc.... even though the platforms were supposedly protected by a variety of anti-virus programs and firewalls. End of the day... if you are a serious producer (TV) (Graphics) Photographics) .... get real and productive on a iMac or Mac Pro. There is nothing better!
  • RE RE: This is a dumb article.

    Okay, first thing wrong with what you say. It does not MATTER who is the largest in the market share. If you're going to get the big fish, you go after entire networks, not just one or two home computers. To create a botnet, sure, you exploit home users and use their computers for DDOS. However, what runs many servers and networks? Linux. Just look at the uptimes in netcraft, the numbers speak for themselves.
  • RE:10 to 1 users to admin ratio?

    I agree 20 / 200 is hilarious, man can I get a job there? they must have so much spre time.
  • Naked? opps hope this does not get filtered!

    Same ole, same ole!

    The usual mac vs windows vs linux thread vs <add os's here>.

    The whole thing depends or who, where and how you work and the $$$$ available, if it takes many admins on windows - yay more work for everyone! :))
  • This is well known.

    This simply isn't true, if there was nothing but mac's and linux sure there would be more mal ware for them, however, the unix kernel puts virus's in a very hard to thrive in environment

    most virus's find themselves a nice place to hide in the windows computer or where ever. but when you consider that 90% of the file system is read only to the user. there is really no were except /home/user for the virus to hide, and even then only 2 or so files are ever executed automatically from within that directory.

    this is not simply who is the biggest target. because unix is not a virus friendly environment and there is no way that the virus is able to propagate if it is unable to keep itself on the system.
  • PC's are not the problem user behaviour is

    I have not had a computer virus or malware on any of my PC's for at least the past 8 years.

    It also has nothing to do with Macs being more secure than PC's. It is everything to do with market share and targeting. Why would hackers spend time, money and effort targeting 3% of the global desktop market (Macs) when you can do the same (Windows) and hit 97%!!!

    Not rocket science and all the disingenuous stories about Mac being safer don't change that root fact that it is about market share and user behaviour.
  • not to mention

    non serious computer users, you know the typical grandma "aww I'll get a computer for the lil grandkids so they can use the internets for school" she has no idea about computers and 90% chance she'll get a windows based 1, "whats this internet pop-up, i have a virus :O I'd better download what it says for me to, oh noo! poooorn!!!"

    mac probably isnt more secure, it just has a higher percent of users who are with it enough not to fall for the r-tard viruses... wheres micro has the 'whats a computer' end of the market downloading all the viruses in the search for free porn and a sizable inheritance from Prince Zuki from zimbabwe
  • Complete Rubbish!!!

    We run both Macs and PCs at work on a ratio of around 80:1 (PC:mac).

    The macs take roughly 800% more human resources to maintain as the user base for macs are so narrow minded they honestly dont know what they are doing outside the applications they use. From my working experience this is true everywhere.

    We have more kernel panics from our mac users than bsod's from our XP users.
    It all about the users.

    If you run top quality antivir and antimalware software and update it every day you will not get any infections (ESET or Kaspersky work well).
    We maintain our firewall rules and update them regularly and we get no infections.
    The only exception is from staffers who insist they know what they are doing and click on every pop-up they surf to. Most of those are also caught before they hit the desktop.

    The only people that would engage in this argument, clearly don't work in support and have no idea how computer illiterate the vast majority of mac users actually are.

    PCs if maintained correctly and diligently are just as "safe" as any of the minority systems like macs/linux. The key is simply having the best software available and keeping it updated.
    Once configured correctly this takes no human resources.
  • Mac's are easier to setup and maintain

    Incorrect- I mamage a network of around 300+ users all windows based with 25+ servers and 7 remote sites across two countries and i have a staff of only 3.
  • knowledge

    You would probably find that generally PC:Mac knowledge is 80:1 also.
    Unix based systems are far easier to maintain provided staff are adequately trained and the network is set up right. You cannot compare trying to manage unix based systems on a windows environment.