The Real Reason Why Apple’s Security Is 10 Years Behind Microsoft’s

The Real Reason Why Apple’s Security Is 10 Years Behind Microsoft’s

Last week, Eugene Kaspersky — the eponymous founder of the industry leading Kaspersky security company — made some waves by claiming that OS X was “at least 10 years behind Microsoft in terms of security.”

Since Kaspersky’s eyebrow-arching claim, there’s been a lot of bickering about whether what he said was true, or whether his comments were self-serving. Maybe Kaspersky’s right, though, and Apple should follow in Microsoft’s footsteps and outsource OS X security to the anti-virus industry?

Over at MSNBC, Paul Wagenseil makes an interesting argument that Apple may very well be ten years behind Microsoft when it comes to security… not because our favorite operating system has more holes in it than Windows, but because Apple insists on patching all OS X’s security vulnerabilities itself. Instead, Wagenseil says Apple should follow Microsoft’s lead, and turn over most of their security to the third-party antivirus industry.

“Microsoft has improved their security massively since 2002,” Hypponen said. “Today, they are [a] model for good security process in many ways.”

Microsoft got to that point by essentially outsourcing Windows security. The entire anti-virus industry, with sales of several billion dollars per year, is built on defeating malware that targets Windows.

The existence of that industry frees up Microsoft to work on patching its Windows, which it does extensively every month. Microsoft’s open model lets major Windows software makers such as Adobe or Oracle do the same without Microsoft’s approval.

Apple, on the other hand, disdains third-party anti-virus software for Macs — though it does exist — and insists on patching certain pieces of third-party software itself.

In regards to the latter point, Apple’s shown some signs of loosening up some of its insistence on personally patching third-party software. For example, Oracle will apparently now managing updates to Java for Mac.

That said, Apple is still ridiculously slow to patch vulnerabilities in its operating system. It took well to patch Flashback, the most recent OS X malware that infected over 600,000 Macs, and in the past, Apple has taken months to patch various iOS security problems.

Apple’s doing a lot right when it comes to security: GateKeeper, app sandboxing, and so on. Could Apple keep OS X even safer by pulling a Microsoft and outsourcing most of its security to third-party antivirus companies? Let us know what you think in the comments.

  • David Robison

    I’ve done enough Windows OS installs to know that Microsoft’s billion patches is NOT a good long term strategy. That said, since Apple actually releases full OS updates that people want and actually install, they have an easier row to hoe.

  • nefan65

    Translation: “Microsoft is years ahead of OS X in security, because MS Windows users HAVE to use AV in order to function; thus a revenue stream for us”. Why would they be biting the hand that feeds them?

  • Ahmed Al-Hamadi

    Manage*

  • Oscar Armando Peña

    Liers

    As long as the outsource of the security aspect does not make the OSs slow; I’m ok with it.

  • Benjamin Evans-Raspison

    Apple are behind Microsoft in the security aspects only because it has been a windows dominated world and has only recently changed, therefore Apple had no reason to develop antivirus as there weren’t to many users around compared to the windows users. Major companies had this aspect covered anyway and started to develop security software for Macs. I would say there’s hardly and point in Microsoft’s own antivirus because it has so many as you call it pot holes and other vulnerabilities. Besides at the end of the day its all down to the user.

  • bradknowles

    Of course the anti-virus industry wants everyone to outsource their security to them — they want to keep the gravy train going.

    Yes, Apple can do better than they have done in the past. Outsourcing security for third-party components like Java is part of that. Working more closely with the community to find and eradicate bugs would also be part of that. But don’t outsource security of the entire OS — that’s just stupid.

  • imajoebob

    Who would you rather have as your doctor: the one who’s great at treating his patients’ illnesses, or the one who’s great at keeping her patients healthy?

  • Conrad MacIntyre
  • Michael

    I look at it like this. When a problem comes to windows Microsoft says oh someone else will fix it, the result can be good, or bad, but most of the time it’s slower performance and lack of compatibility. Sometimes problems can also just be ignored and left in the dark. When a problem comes to Mac os apple says, shit guys, we need to patch this and make sure it does not effect anyone else, they take action, they solve, and barely any new big problems come by.

    I work as a computer technician, and really, out of all the viruses out there, most anti viruses don’t fix or prevent, they just drain speed. If a fake antivirus virus comes on its using holes in the os to make you scared, and Microsoft does nothing, nor does the anti virus companies. But when it comes to apple, they patch and remove leaving the end user no need to go to a shop and fix it, or if they go, they simply go to the apple store and fix it in a jiffy.

    Keep it up apple, don’t let these anti virus fuckers pressure you.

  • Lane Jasper

    The one thing I DID notice was that there was a patch available from other sources at least a week before Apple’s update to jave to find/kill the Flashback trojan but overall I think Apple does an amazing job at handling this. And their updates are much better in regards to not having to download 50+ different security patches a week (damn near) as with Microsoft. Apple FTW!

  • drblank

    Kaspersky didn’t make any specific details did he? He is probably trying to a name for himself to sell more software. I still have yet to find a mac based virus attack my system. I’ve seen Win-based viruses, but haven’t seen and mac based viruses. There are plenty of mac based anti-virus apps out there. Java should be developed by Oracle since it is their software, just like Adobe has to do the same with Flash, as long as they continue to offer it.

  • Andrew John

    Like I’m going to take advice from companies who thrives on you HAVING malware or viruses on your computer. I read this as being code for “we will target OSX with our backyard hackers to frighten users into paying exorbitant fees so we can remain rich”. Kaspersky released its flashback removal tool at the same time Apple released its. I know who I’d prefer to trust. Would you trust a Russian billionaire?

  • Stu Thomas

    Erm, Apple is a blend of two ancient (evolved) and secure operating systems, so Microsoft is, what say, 20 years behind?…rofl. What a load of self-serving drivel, penis envy.


    What makes Windows, Apple, or … secure is good administration, some political and management kung-fu, with a dash of Feng shui.
    Lolz.
  • lwdesign1

    There are hundreds and hundreds of millions of computers running Windows in the world. There are hundreds of thousands of viruses, trojans, spybots and other malware out there that run on Windows. Each one of those boxes is (or should be) running some kind of antivirus/malware software or it will grind to a terrible halt in a short amount of time. Multiply these hundreds and hundreds of millions times $40 to $80 per year for this software and you see what a lucrative business it is. Would you run a Windows box without antivirus? I wouldn’t and I don’t.

    Now, lets compare this to the Mac and OS X. There is currently ONE extant trojan that has infected a tiny percentage of the hundreds of millions of Macs in the world. Apple has already released a series of fixes for it, and anyone who has updated their software via Software Update is protected. 
    In fact, there are hundreds of millions of Macs who surf the web and receive emails every day that have no virus/malware protection whatsoever–and this means BILLIONS of dollars in potential revenue for companies like Kaspersky, Symantec, Panda, etc. No wonder there’s such a furor over the Flashback trojan: There’s money at stake and a huge untapped new market to exploit.
  • Chris Star

    It appears that the impetus for Kaspersky’s comment about Apple being “at least ten years behind” comes from the increase around that time of Microsoft’s outsourcing program. What a self serving dick. Mac OS was always inherently more secure and stable, hence they had NO NEED to rely on third party software developers, whereas Microsoft needed desperately to find a stop-gap solution. Yes, it’s partially that there were far more win-based computers out there to be targeted, but also because Microsoft simply didn’t address issues with their OS offer in the way that Apple has. Good security shouldn’t be measured by the amount of patches you have nailed over the holes in your OS.

  • jim123321

    Honestly thats a pile of crap, Kaspersky is just trying to open a revenue stream from the growing Apple population, like hell would i use a Kaspersky product if i even needed it anyway, they couldn’t even pay me to use the rubbish they release!

  • Bakari Abubakar

    You say windows ahead of mac in security, I say I just want an OS that works without crashing every other minute. I don’t care what anyone says, a mac system is 10 yrs ahead of windows when it comes to stability. Isn’t that what we want in a computer? One that actually works when you need it to

  • Irma Geniuos

    And their updates are much better in regards to not having to download 50+ different security patches a week (damn near) as with Microsoft. Apple FTW!

    Why does that matter?  I have both systems and Windows does not require more bandwidth for patches per month.  With Windows patches I also have the option of checking what patch is for or simply clicking a button to install all of them.  If I just want to install all updates periodically both systems work essentially the same.

  • technochick

    Flashback was NOT a Mac OS issue. It was a Java and Flash issue. If those companies had done a better job of coding their software without holes in them there’s have been nothing to patch

  • technochick

    Like I’m going to take advice from companies who thrives on you HAVING malware or viruses on your computer. 

    no they thrive on you being afraid of having malware on your computer. as long as you have the fear you have or will get something they have you

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , |