Vantage point




Sunday, May 07, 2006

More on Mac

As I expected, several people wrote in great emails in response to the Mac OS Virus Vulberability post. All of them were very useful in dispelling some of my vast ignorance. :) Reproducing them.
----
Eswaran wrote -
Gaurav,

I think you are missing several points here.

1. Mac OS architecture is entirely different from Windows (even
Vista), it is almost a flavour of BSD. The nature of viruses in both
platforms are entirely different. In Mac OS, the virus will typically
masquerade as an email attachment asking you to open it. In windows,
there are many viruses which spread without any user action - which
spreads more effectively that something that depends on the user to
do something. This is not to say that there will never be viruses in
Mac. Application writers can get stupid.

2. Virus writers have real financial benefits. Almost all viruses now
install spywares which are used to show popup ads in windows PCs
based on search queries.

3. Apple moving from PowerPC to Intel has nothing to do with viruses.

4. McAfee says Mac viruses will increase in the future. They have a
big incentive to scare customers.

5. Marketing managers at Apple will definitely don't want more
viruses. That there are no viruses in mac is precisely the reason why
the market share increasing, and it will go right back down if and
when there is a big virus outbreak.

----
Mitesh wrote -
Hi Gaurav,
I read your post about Macintosh. I own an Apple iBook running Mac OS
X. It definitely has some advantages over Windows:

* Mac has a very stable OS...never crashes...nor do I get the "blue
screen of death" (Read wiki for more about blue screen in case you
want to know). I have never had one application bring down my system
in Mac and force me to reboot. Never. And I use it everyday. I have
never had to do maintenance stuff like disk defragmentation, cleaning
off, reinstaling, formatting etc.

* Safari is a robust browser..unlike IE which crashes sometimes if you
open more than 5-6 windows.Safari has built-in pop up blocker plus
tabbed browsing..something whcih IE still doesnt have. Firefox of
course is another good browser.

* No anti-virus product on Mac. The core of Mac OS is that it is based
on Unix BSD(berkely standard distribution) which was developed in 70's
i believe. Its a very stable core. I agree there are no viruses for
Mac because its usage in market is very less. Outside US, its almost
negligible. But beleive me, its even difficult to write viruses for
it. Virus writers are of two types: one you mentioned - brilliant
programmers who spend crazy hours trying to break the Windows OS and
in their desire to find the flaw and exploit it, they unintentionally
(or intentionally, most of the time) cuase damage to millions
worldwide. The other types are hired secretly by companies. Lets say
McAfee hires bunch of such nerds, pays them, to make a virus or worm.
It then releases a patch in a few days, and sells it for say $50 for
downloading..It will generate lot of revenue. I am NOT saying McAffee
does this or any other company, but I think there is a strong
possibility something like this happens. Its all business. Sometimes
it is also possible that competition drives this. I mean maybe a
competitor of say McAfee releases a worm that McAfee cannot detect and
then the competitor releases a patch that fixes the worm before McAfee
releases it. Mac as of now has no viruses whatsoever that I know of.
It may change in future if they get more popular but believe me the
Unix kernel is very strong to break. Windows has miliion

Some more software differences:

* Apple's Preview software opens PDF files in seconds..ever noticed
how long Adobe Acrobat takes time to open. (its Adobe I know not
Microsoft, but then Microsoft doesnt have its own in-built PDF viewer
like Mac).

* Apple provides full operating power of Unix commands (like in
Linux). In windows, you have the ancient DOS command prompt which is
useless for active s/w development. People have to download tools like
Cygwin on Windows. In Apple the commands r inbuilt.

*Have you ever noticed how in Windows when you click 'Start' the first
thing you see is 'Shutdown'. How intuitive? Also, all software tools
in Windows have menubar at the top of the window...like File.Edit.View
.Help etc. Then why the start toolbar is at the bottom in Windows by
default. Mac OS is very intuitive and easy to use. One has to just use
it once to know it. It has very friendly GUI. Windows has it too, but
it is not a success because of that. Its popular because of the
brilliant marketing by Microsoft in mid-90s when it released Windows
95. (and i really appreciate Microsoft because of that). But other
than that, the product they are marketing does have technical flaws.
Look at their history on Wiki or elsewhere. Even their first product
MS-DOS. Microsoft never made MSDOS; they only commercialized it.

* there are many many small things in Mac that are way better, both
aesthetically and technically. Example, uninstalling an application in
Mac just means dropping the single application file in Trash bin. In
windows, it asks you bunch of questions, then it may pop up a message
some files are shared with other applications.."Do you want to
delete?". Then there are those registry entries to worry about. Its
totally cumbersome. Nothing in Mac.

There are many differences, but its so difficult to quantify...best
solution will be to try it once. I know your post was just about
viruses in Windows and Mac; not their fundamental differences. But I
so love my Mac that I cant just stop talking and distinguishing. Sorry
about the long email.
I had used Windows all the time when I was in India and then in US
too, but after buying Apple laptop, I use it whenever I have the
option.


- Mitesh.

----
Vishnu wrote -
Hi,

The market share argument is complete nonsense (or atleast mostly).
One counter-example, Apache is the web-server that has the biggest
market share in the web-server space and inherently, IIS is still less
secure. So the market share argument is something thats atmost, only a
minor reason behind why windows is less secure (my estimate is that
it contributes to less than 20%).

Secondly, despite being contrary to popular opinion, windows machines
can be secured. things like Use NTFS with journalling not FAT32, use a
firewall, use a seperate administrator a/c and a seperate user a/c.
etc.. etc.. etc.. I could go on. This is probably more of a marketing
deficiency rather than a purely technical one,
in my opinion, they should probably use completely different
code-bases/architectures for the home user .Vs. the business user. But
I am afraid I know why it won't work.

The reason that windows is open to such vulnerabilities is because of
the ignorance of its users. Users of other operating systems like say
linux are more technically adept, so at the least are atleast aware of
these issues, compare that to your typical windows user. Mac OS X, the
code base is based on a type of unix, very similar to linux, hence
most of the technical arguments apply to both linux and mac os x.

However, putting the blame entirely on the user is not a solution.
This is one of the biggest problems in software engineering today. Try
adding a completely transperent security model to outlook express
without adding anything more than a simple switch to disable it.

'How not to alienate your users and at the same time not complicating
your product', is the biggest puzzle of this century (I would probably
go to the extent of calling the the fermat's last theorem of Software
Engineering). The linux way is something like build all the
complexity you want, then sugar-coat it with usability. The microsoft
way seems to be the exact inverse - start with a simple, as intutive
as technology allows system and then integrate complexity, without
losing "the windows user experience", marketspeak for windows
usability. imho, both seem to be failing.

Second reason is microsoft's obsessive need to be backward compliant.
Long long ago, so long ago, when you had to dial into vsnl to get
online, a lot of programs were written without any assumptions about
security and they need to run on your brand new, windows xp media
center pc. So, what do you do? pop a unhelpful dialog saying, "sorry,
but this software won't work", or let it work and violate security?
Microsoft (could be read as market-dynamics) chose the second way, but
what's the right answer to that question! I wish I knew, so do
probably every one at redmond.

So, the biggest flaws of the flawed windows security model in my
opinion is "not-being-default", and "obsessive need to support old
applications". This is not to say that windows is completely secure
devoid of technical faults, but the ones being focussed popularly are
smaller side effects of the bigger issue.

The biggest advantage that Mac OS X has(d?) over Windows is
Objective-C. Objective-C is a sort of java. The reason why O-C is such
an advantage is that it has automatic memory management. The lack of
which is the biggest reason behind the prevelance of 'viruses' and
worms and exploits, etc.. etc... This gap is being fixed with
microsoft's .net. But still, legacy code, old programs, etc.. would
still keep this gap pretty big, for quite some time.

----
Mukundad wrote -
Hi Gaurav:

Reg. your latest post, Mac OS has become vulnerable not because of a switch in processors but because Mac OS X is essentially running Unix as its engine that lets you do all the Unix stuff like Telnet, FTP etc. from within the command line OS. All the previous versions of Mac OS were closed in (no command line options) even though they offered networking support and even if they could have been technically hackable to write malicious code, the degree of difficulty was remarkably higher (just as someone would find it difficult to penetrate Mainframe code to target Big Blue's boxes). As rightly pointed by you, Windows has been targeted due to its widely installed base but also because Windows grew out of its DOS moorings which essentially was Unix simplified and rehashed that meant everything from opening ports for access to networking to compromises earlier on with respect to the water-tight security vs. interoperability question. Lest you start thinking I am a Propeller Head :-), let me clarify that I am of your ilk (MBA from Marketing and Finance in India and MBA from MIS in the US but have been dabbling in computers for the last 18 years and so can be thought of to be reasonably dangerous :-)).

Warm regards,


So a couple of very important points I learnt -

- Virus writers are not just of the "project mayhem" kind. A vast number now write viruses for financial gain too. This point also reinforces what I was saying about virus attacks being good in market terms because it shows that your product is actually doing well enough for virus writers to make money from them. That was the main point of the post really, that a growing number of virus attacks is, in some way, good news. Regarding the inherent superiority of Mac OS, as I said, I am not sufficiently equipped technically to go into it. But having worked inside the hardware sales industry for a while, and knowing how the dynamics of inter-corporation co-operation work, I will be keenly following how the Mactel platform does in the market.
- While widespread marketshare is a reasonably big reason, the vulnerabilities in Windows are a much bigger reason for the widespread malware attacks. The explanation has been given in the mails above.

I am thinking of buying an iBook myself in a couple of months, so these mails have been very enlightening.