Безопасность mac os linux и windows

Businesses allocate a lot of resources in making sure that their systems are secure. For example, they could have a dedicated security operations centre along with firewalls, SIEM and identity management solutions for cybersecurity. For operating systems, enterprises have anti-malware solutions installed on the devices themselves. But what about the inherent nature of a specific OS. Is Mac more secure than Windows devices from hackers? In this article, we take a look at the various factors that compare operating systems for cybersecurity posture.

So, we have three leading OSs in the world. First is Windows, the most widely used OS particularly in the enterprise space, then we have macOS, the Unix-based OS used in Apple’s computers and finally, the open-source Linux (and associated distributions) used scarcely by a select group of people for niche applications. 

Windows  

According to experts, the reason why Windows is considered less secure than competing operating systems is not because of the lack of security standards and innovation from Microsoft, but because of its large attack surface and predominant use in enterprises. The size of people that use Windows is massive, and because of this, hackers around the globe target the operating system more than the other ones. 

The majority of new malware are therefore designed for Windows specifically in mind. On the technical side, Windows is equally, if not more, secure than other operating systems. In fact, the security engineering of the Windows operating system at Microsoft has rolled out significant innovations in the last few years to tackle cybersecurity issues. It has even deployed ML models to scan for potential threats continuously and has the biggest malware signature database. 

But the persistent attacks using any potential or unpatched vulnerabilities of the operating system are leveraged by hackers for their nefarious ends. So the Windows operating system does not come with some inherent flaws that make it more vulnerable than other platforms. It’s just that malicious hackers will try to target Windows over Linux or macOS because of the higher probability of successful attacks, just because of the attack surface and the number of users.

Microsoft has also taken a very proactive stance of rolling out regular Windows updates so that any vulnerabilities can be patched quickly. Windows comes with an Anti-Malware software by default which is very capable of detecting all kinds of malware with the help of things like signatures, YARA rules and reputation checks, even though it will not safeguard the organisation against more advanced attacks.

In addition to this, Windows also has a sandbox installed in its stores, which safeguards a PC from threats which other security systems may have missed. Also, Windows makes use of code signing checks, which leads to less data tampering. On a Windows device, code signing is done both at the time of installation and the first run of an application. 

macOS

Mac OS has a reputation for being secure by default. But that mostly means that it is not operating several network services out-of-the-box which can be attacked. The Apple T2 Security Chip embedded with many newer Mac models — keeps Mac OS safer than ever. Secure Enclave coprocessor in the Apple T2 chip presents the foundation for Touch ID, secure boot, FileVault, and encrypted storage capabilities. The T2 chip also presents a default tactic of obstructing the free and open-source software from loading up. macOS system security encompasses the boot-up process, software updates and the ongoing operation of the OS.

Macs face fewer viruses compared to the Microsoft Windows operating system. It’s not like macOS is free of malware and we see vulnerabilities found in the OS from time to time. PCs have been more popular, with the number of Windows operating systems connecting to the web far exceeding those of Macintosh or Linux. The result has been an influx of cyber attacks targeted at PC users and the Windows operating system. But now the times are changing, and Mac OS X’s market share is about 10%, and therefore cybercriminals are taking notice and beginning to set their sights on the Apple operating system.

System Integrity Protection (SIP) is a security feature of Apple’s macOS operating system introduced in OS X El Capitan in 2015. It consists of many mechanisms which are enforced by the kernel. This protects against modifications by processes without a particular entitlement, even when executed by the root user or a user with root privileges.

Linux

Linux is entirely open-source, unlike other operating systems, meaning one literally has thousands of people around the globe tearing apart the Linux source code on a daily basis. The open-source community looks for every single security vulnerability and then issues a security patch for it. The more people you get to look and review your code, the better. On the contrary, when you only have a select team of people (as with Windows and macOS) to review code, you’re definitely going to run into some significant issues, and you will have far more vulnerabilities than the global crowd-sourced one.

A lot of industry experts say that Linux could be safer than both Windows or macOS. Linux has advanced options to sandbox any process and the reason why some analysts and users view Linux as more secure than Windows and macOS. Linux implements various aspects of security that are intended to complement each other. Instead of looking at anti-malware or firewalls, Linux kind of recognises that permissions solve 99% of the issues in cybersecurity. 

For example, Fedora is a Linux distribution from the community-driven Fedora Project which is sponsored by Red Hat. Fedora applies Security-Enhanced Linux by default, which implements a diversity of security policies, including forced access controls, which Fedora embraced early on. Fedora renders a hardening wrapper and does security hardening for all of its packages by applying compiler features like position-independent executable (PIE).

Contrary to certain beliefs, the open-source nature of Linux helps patch security issues very quickly and spot any security flaw due to a collaborative nature. On the other hand, many add-on security measures are missing on Linux like code signing and sandboxing. Due to its free, open-source use, as well as small security support, Linux OS is not very much trusted by some. According to some organisations, open-source isn’t secure because people can get to that source code, and this is just not the right logic today. In fact, many companies use Linux operating systems like the Red Hat Enterprise Linux, which is specifically hardened for data security.

Takeaways

Worldwide just over three-quarters of desktop computers run some variant of Microsoft Windows, with Mac OS 10 a very distant second at just over 10% market share. Windows and Mac OS are very different operating systems in terms of their underlying code with modern versions of Windows-based on the Windows NT kernel and Mac OS instead based on UNIX. 

If one looks at issues of vulnerabilities in Mac, Windows or Linux or really any operating system, it’s very similar. Because building an operating system is a very hard task, and therefore, all of them have similar kinds of vulnerabilities. So technically Mac is not particularly more secure than Windows. But the bigger issue is what are attackers targeting. If an attacker is trying to target as many people as possible, they are not going to go after a smaller install base (macOS or Linux).

There isn’t anything specific about Mac OS that makes it inherently more secure. Instead, the differences between Windows vs Mac OS and Linux means that malware often has to be coded separately for each platform. So a Mac isn’t necessarily more difficult to attack or less vulnerable than a Windows PC. 

Hackers go after an OS with the biggest install base, i.e. Windows. Therefore most of the malicious software only works on a Windows system. This means that if someone is running a Mac at home, and they accidentally click on a malicious email link, the malware won’t probably run because it’s only meant to run on a Windows system. That doesn’t mean that there aren’t any macOS attacks out there, but it’s rare. So the bottom line is that yes, Macs are more secure than Windows systems, but probably not for the reasons people think they are.

The good news is that Microsoft and Apple have developed pretty comprehensive ways of securing users systems and while neither of them is by any means perfect both companies invest plenty of resources into finding and patching vulnerabilities usually in a pretty timely manner. 

Also, hackers don’t particularly target Linux due to its low usages among business users. Compared to Windows and macOS, it has the smallest market share and less than 5% of the OS market. Now, the good thing is Linux does not give its users admin access by default and therefore limits the damage that users can do by clicking on links that they could be malicious. It’s considered Linux has more people working to spot vulnerabilities in their platform, enabling them to catch any threat sooner than the rivals.  

Each OS has its own pros and cons. There are differences amongst the OSs when it comes to crucial security traits such as built-in anti-malware tools, sandboxing, system protection and codesigning. It’s up to an organisation and an individual to make an informed choice about picking a particular operating system platform which aligns better with security goals. 

When admins go to battle over which operating system is the most secure, it’s time to turn to our guide on endpoint security. The real answer is here!

Every sysadmin has their own favorite kind of box, and while most enterprises these days tend to have a mix of OSs in their fleet, organizational needs will typically favor deployment of one platform over another. This leads to the inevitable comparison of operating systems in terms of security, with some admins believing one platform is intrinsically more secure than another. If one admin insists macOS is more secure than Microsoft Windows, and another chimes in that SELinux trumps them all, who are you to believe? Is there any objective answer to the question of which is the most secure?

In this post, we’ll review some of the technologies and arguments that lead some people to claim one platform is more or less secure than another. We’ll then round off by suggesting that what drives these claims is a fundamental misunderstanding of what “enterprise security” really means, and what it involves on a practical level.

Security Features

There are certainly differences among the OSs when it comes to key security features like built-in anti-malware tools, sandboxing, system protection and codesigning. Is one OS clearly better than the others? Let’s see how they stack up.

Anti-Malware

Windows 10 comes with a free built-in AV-suite that gives most paid legacy AV solutions a run for their money. It is reasonably competent at detecting commodity malware through the use of signatures, YARA rules and reputation checks, although it will not protect the enterprise against more advanced attacks, and it is also subject to various PowerShell bypasses. Despite that, it’s a lot better than Apple’s rudimentary trio of application security technologies, Gatekeeper, XProtect and Malware Removal Tool. Linux doesn’t come with any built-in AV, although there are free packages like ClamAV available for it, just as there are for the other platforms. Round 1 to Windows then.

Sandboxing

A sandbox is a closed or jailed environment in which a process is executed. The beauty of sandboxes is they protect the rest of your computer from untrusted processes, as the sandbox effectively prevents the process from reading and writing to other files, interacting with other processes or changing system settings. This is especially important for web browsers that can run JavaScripts. If a malicious script on a website can break out of the browser’s sandbox, it could infect the rest of the computer.

Windows and macOS both sandbox apps installed from their own App Stores by default, but there’s nothing to stop apps installed from other sources from running uncontained. Linux has a wealth of options to sandbox any process, so long as you’re something of a power user. SELinux and AppArmor are readily available on major distros, and this might explain why some Linux users believe Linux is more secure than Windows and macOS. One on the scoresheet for Linux systems.

Codesigning

Codesigning is an authentication technology that ensures that an application or process has come from the source it says it has come from. In addition, codesigning ensures that the executable, package or bundle has not been tampered with since it was digitally signed.

Windows, Linux and macOS all make use of codesigning to some degree, though all platforms ship with some unsigned code, too. The problem with unsigned code is that bad actors can replace a binary with their own or inject malicious code directly into an unsigned, running process.

On Macs and Windows machines, codesigning checks are made not just on installation but also on first run of the application. This extra security is missing on Linux boxes. No clear winner, but arguably Linux is lagging behind the other two on this one.

System Protection

You want an OS with protection from rootkits and malware that tries to modify or replace the core system utilities, and in this category macOS comes out on top. Apple’s System Integrity Protection (SIP) is built-in and entirely transparent to the user. The effect of this is that even root cannot change some things – a situation many Linux power users would find intolerable, but which is a great defence against certain kinds of malware behaviors. Windows has secure boot and trusted boot to protect the system prior to any AV solution kicking in, but these are not even close to being as solid as Apple’s SIP and the additional secure enclave that exists on touchbar-equipped Macs.

The Popular (and Wrong) Arguments

As can be seen, there’s some variance in the main security features offered by each OS, but overall none is a standout winner or loser when it comes to features. Even so, adherents of one platform or another tend to have a favorite argument or two to back up their position. Let’s take a look at these and see how convincing they are.

1. Windows is the Least Secure Because of its Install Base

There’s no doubt that Windows is the most targeted of all the operating systems simply because the size of the install base makes it the most efficient to attack. If you’re writing malware that can run on 88% of the machines being used in the enterprise, you’re much more likely to achieve a compromise. While that’s statistically true, that doesn’t mean Windows is inherently less secure than other OSs. One could just as equally argue that the popularity of Windows means Microsoft have the most experience of defending against malware attacks. The real point here is that there’s more malware aimed at Windows, and that means you definitely need a good endpoint security solution, but that turns out to be true regardless of which OS you’re running.

2. Linux is the Most Secure Because it’s Open Source

We see people arguing this all the time. The many eyes theory of security is patently flawed. As SentinelOne researcher Dor Dankner recently showed, Linux has a little-recognised privilege escalation vulnerability that was introduced to the Linux kernel in 2004. Despite the code having been reviewed, nothing was done to ameliorate it. Likewise, openssl contained the Heartbleed bug for over two years before eventually being discovered.

3. macOS is the Most Secure Because Apple!

Apple have done well to position themselves in the minds of the public as being “security conscious”, in large part thanks to the closed nature of their mobile platform, iOS, and some very public battles with the FBI about security and privacy. It’s not clear how far this perception extends towards macOS, though. Apple’s marketing certainly makes a big deal of security being “built in“, but the truth is that Mac security features like Gatekeeper, XProtect, and MRT are easily defeasible and not particularly comprehensive. Again, one could argue that having less experience in defending against malware, Apple are not as well-schooled as Microsoft in the art of building a hardened OS.

4. Linux is the Most Secure Because it’s Highly Configurable

It’s true that something like SELinux probably has more ways to ‘harden’ the system than macOS or Windows, but very few enterprises are going to be able to deploy a locked down SELinux install as the desktop OS of choice for their staff, at least not if they want to get any useful work done. It’s rather like saying a vault with no door is the safest vault money can buy. Sure it is, but it’s also practically useless. Security and usability go hand-in-hand, and users will often make less secure decisions if they have to fight against the OS just to get their work done.

Security isn’t a Feature of Your OS

Given that there’s neither an overall blend of technologies nor any knock-down argument that establishes one OS as “more secure” than the others, what is the best way to answer the question?

Despite what some OS vendors claim, security is not a feature you can build in to an operating system for the simple reason that security isn’t a commodity that you can “add” or “take away”. While features like codesigning, sandboxing and system protection are all part of a good security posture, enterprise security is ultimately a practice or set of practices that need to be in your organizational DNA.

Businesses need not only OSs with security features, they need integrated security software solutions and employees who follow security best practices. It’s no use having a system policy that prevents the execution of untrusted software if a local user can be convinced – and has the ability – to simply override it.

The truth of the matter is that regardless of which platform your admins prefer, every OS has its vulnerabilities and it’s likely that your network contains a mixture of operating systems and a mixture of vulnerabilities. With over 80% of pentesters, hackers and hacktivists saying that they leverage social engineering in cyber attacks, it’s clear that choice of OS is really not that significant.

What is most important is that you have solid endpoint security with automated detection and prevention capabilities across your entire fleet, regardless of OS. You also need visibility across your network in order to identify and search for attack indicators. With a single agent solution like SentinelOne that protects Linux, macOS and Windows alike, it really shouldn’t matter what your admins personally prefer to use, or which they claim is the most secure.