ECN Forum Forums Technical Discussion Re: Computers and the Internet Apple Computers

>apples are not more secure, software or hardware wise

Hmmm. I'd be interested to know why you say this. In my opinion there are several very good reasons why they ARE more secure -- for one thing, services on an Apple that expose a network port (or for that matter any other application that could be exploited by crafting a malicious data file) are only permitted to run in the context of a single, non-privileged user account. Therefore, even exploits that do manage successfully to take control of the execution path within any arbitrary image are still restricted in the resources they may access and hence limited in the amount of harm they can do.

Compare this with Windows/PCs where in general network services run in the context of the system Administrative account and therefore any expoit may quickly escalate to take full control of the entire operating system.

On Apples, application configurations are normally stored in simple, editable text files and these files may also be owned individually by the application users so that users of one set of application are not allowed to tamper with other applications. This is inherently safer than the Windows design with its monolithic registratry database (which I personally loathe for many other reasons).

The same thing applies to the general design of the OSes and it is a systemic failure in Windows that normally sees a single "bloatware" tool doing three or four jobs, whereas the Mac/Unix way normally provides a suite of simple tools each which does only one single job. The things to consider here are that (a) Needless complexity, introduced by lumping multi functions in one package, is an enemy of good security because it often hides what is going on and (b) If one service becomes compromised within such a "multipurpose" tool then there is a far better chance that the exploit may then affect the others. As a good example, consider the way that the IIS server in Windows includes mail, FTP and HTTP services, which have all been afflicted in the past by similar exploits.


When writing C code on Apples the compiler issues far more detailed and useful warnings about instructions in your program that may lead to security weaknesses (unchecked buffer sizes, dangling pointers and so on) than Microsoft's compilers do, so hopefully there will be fewer broken components that leave loopholes for hackers to exploit in the first place.

Finally because the Apple BSD unix OS code is freely available for all to inspect, rather like Linux, and because BSD unix is now a solid and mature piece of code, there is far less leeway for bugs to remain buried for years like timebombs, as has happened in certain proprietary OSes for the Intel architecture :-)

I am not saying that Apple is unique in having these advantages -- I program Apples, PCs, Solaris boxes and mainframes and they all have different strengths and weaknesses.

For the record, this Mac here has never had any trouble with viruses, despite being plugged into an "always-on" ADSL link this last three and a half years, while my PC laptop managed to get infected within about 20 minutes when I connected once before its firewall was configured.

Anyway, I'm going on a bit now... I just joined as there are a couple of other points on the PC section of the forum that I thought I might be able to help with. It's a great forum -- been reading it a couple of years now!