Changing from a PC to a Mac ?

There is a serious content limitation on Mac or Linux. HTML content can be displayed on a prim, but only Windows users will see it.

If I'm wrong (if you can get web content (not just images) to display on a prim on a Mac
without running a Windows emulator) I'd like to hear about it. I have a class Im teaching
where i have to use a really lousy blackboard because half the class has Macs. There is a beautiful inworld blackboard solution but it appears to work only if you have a Windows machine.

Seriously, IM me if you know a solution to this.

I won't see it on Windows, since I don't have Quicktime installed. The whole media-on-a-prim thing seems pretty broken to me.

I'll agree that Windows has security flaws that cannot exist in other operating systems. But that statement is misleadingly incomplete at best, as the reverse is also true. Other OS's have flaws that cannot exist in Windows. Each system has its own set of strengths and weaknesses, hand in hand with its own unique architecture.

Here's an interesting article from 2007: http://blogs.zdnet.com/security/?p=758

According to the article, there were 243 security flaws discovered in OSX that year, while 44 were found for XP and Vista combined (Win 7 wasn't out yet, obviously). Of those, none of the OSX flaws were deemed "extremely critical", which was good for Mac users, but the number of "highly critical" flaws in the Mac OS outnumbered the Windows ones by more than ten to one (234 vs. 23). "Moderately critical" and "less critical" flaws were in the low single digits on all.

I haven't researched every single flaw myself, of course, but I'd be willing to be that a large portion of the OSX holes couldn't be present in Windows, just as most of the Windows holes couldn't be present in OSX. Again, they're different systems with different strengths, weaknesses, and architectures.

Now, is my purpose in referencing these numbers some sort of attempt to say OSX is actually less secure than Windows? Absolutely not. I also wouldn't say Windows is less secure than OSX. The point is simply that they're both inherently insecure, and that's that. As I said earlier, there's no such thing as a secure operating system.


If I'm a burglar, and I want to break into your house, I will. But of course, my approach will vary depending on what kind of house you've got. If you've got a glass door somewhere, I can get in by breaking the glass. If you've got a wooden door, I can drill a hole in the wood in no time flat. Or I could pick the lock on either just as easily. One way or another, I'm getting in. It's just a question of discovering your particular setup, and then it's all gravy from there.

The only way you could keep me out would be just not to have any doors or windows of any kind. But then you'd be living in a fallout shelter, not a house, and I think we can both agree, neither one of us would enjoy that prospect.


Here's one of my favorite computer security stories: http://www.informationweek.com/news/security/showArticle.jhtml?articleID=207000434

At a security conference (which is a euphemism for a hacker conference), contest participants were invited to break into three completely clean, straight out of the box machines, running Linux, Windows, and OSX. In direct network attacks on the operating systems, all three were secure, no breaches, all safe and sound. But the next day, precisely 2 minutes after the rules were relaxed to include attacks on browsers and other client-side applications, the Macbook Air was broken into and taken over. Neither of the other two systems were breached until the next day, when the rules were relaxed even further, to include installation of popular third party apps.


So, to address Argent's comment about Internet Explorer, can that program be a source of trouble? Sure, but so can Safari. Again, if you're going to have doors to the outside world, you make it possible for unwanted guests to poke their heads through them. Simply having the "I'm a Mac" guy stand guard out front doesn't change that. "I'm a hacker" kick I'm "I'm a Mac" in the nads, take his lunch money, and leave him sobbing on the playground, in two minutes.

Again, there's no such thing as a secure operating system, and I think we can all agree on that. As for what constitutes "more secure" and "less secure", well, that's often a matter of semantics and rose colored glasses.

In any case, for whatever it's worth, I don't use IE, and I recommend no one else does either. Whether it's got any more inherent weaknesses than any other browser or not, the fact remains that it's the most targeted of the lot. In this context, I don't really care what the reason is. IE also doesn't tend to work as well as some of the others, so it's a double whammy there. I'm perfectly happy with Firefox (along with my favorite plugin, NoScript, which prevents any code from running on any web page until and unless I specifically allow it).


As for MS having "done nothing" to address fundamental vulnerabilities, much of Apple's behavior would fit that same description. Apple won't even acknowledge any flaws in their system exist at all. And their patching process after a flaw has been forcibly announced by a third party often takes months, or even years, for them to complete. Their policy has always been simply to pretend problems don't exist for as long as they possibly can. Say what you want about MS, but at least they're a bit more honest about things (usually). Both companies do the best they can, I'm sure, from their own points of view. I just don't like the way Apple typically approaches the issue. Denial is never healthy.

Here's another interesting article, which touches on this bahavior of Apple's, which I just mentioned, talks about yet another recently discovered flaw in OSX, and predicts that things will only get more difficult for Apple and its customers as its market share continues to rise: http://www.dailytech.com/Another+Major+Mac+Computer+Security+Flaw+Discovered/article15832.htm


Now here's my disclaimer (again). Mac users, if you like your Mac's, great! Keep right on enjoying them. There's absolutely nothing wrong with that, and I'd never say there is. All I ask is that we be honest and fair in these discussions. Let's leave the fanboyism out if it. If someone points out a legitimate concern about any system, we should be happy to learn the information. We shouldn't get defensive, spend half an hour in-world berating the other person and accusing him of not knowing his job just because his taste in machinery differs from yours, or pretend problems the do exist don't. This goes for all users of all systems, equally. Let's all be reasonable adults.


I'll close by repeating a quote from the security researcher talked about in that last article, "There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun." Yeah, the future is bright for more discussion on this subject (fortunately or unfortunately, depending on your point of view).

:0 i always point mac-interested folks to check out the online apple store's 'refurb' section, near the bottom of the front page of the store. great deals for great macs 'like new'!

Thanks Chosen.......a little more articulate than this back woods redneck. I don't want to further any arguments on any side of this subject. I think it's important for people to understand that your security on the internet is constantly being threatened. The only safe method of guaranteeing your safety is to unplug your connection, throw away your modem, and play pong with your machine (but remember to scan the game with antivirus software first).

There's this almost constant implication that Windows is the most insecure operating system in existence........as you pointed out. So the natural thought would be that operating systems such as OX or any of the Linux distros are much more secure. And consequently the users of those operating systems often neglect taking extra steps to secure their computers........a pretty dangerous misconception.

The OP of this thread expressed his desire to switch to Mac with the expressed concern for Windows vulnerabilities........and, in my opinion, was falling into that wide spread myth that he would no longer have security problems. I hope this thread has opened his eyes to the facts.

I'm an almost exclusive user of Windows platforms. I've only turned on a Mac once or twice in my life. I have (and still do) used Linux. Familiarity with Windows is my main reason for sticking with the platform.........I have no problems with any other operating system. What works best for any individual is what that individual should use. But, the tauting of the security concerns as one of the main reason to use one over the other is misleading........and could well get some users in trouble.

There is a fundamental difference between the surface area exposed to attack in Windows and in any other modern OS.

Counting flaws is meaningless, given how much od OS X is open source and thus more exposed to detailed examination. We can not tell how many *comparable* security flaws are in Windows because Microsoft's source code isn't available for examination.

Most operating systems have the same general categories of security flaws, except where they expose unique interfaces to attack. Windows and OS X, when normally configured, have all the same interfaces exposed to attack, EXCEPT for Windows Lan Manager (because all Lan manager services are addressed over the same small set of common IP ports), and Internet Explorer.

But I would. Windows is less secure than OS X. Safari has fewer fundamental design flaws than Internet Explorer.

No, it's a matter of analysis of the design.

Security is my job, so I do. And, no, Microsoft has NOT been responsive to flaws. And Microsoft has NOT been honest. They created this problem in 1997. They still haven't fixed it, despite repeated calls from the security community. They refuse to admit it's a problem. They KEEP pushing new versions of their crazy idea of aggressive and powerful "rich content", in ActiveX, .NET, and now Silverlight.

Actually, not so. Apple used to have a weaker version of one of the core security flaws in IE enabled by default... the option to "Open 'safe' files after downloading". That option has been turned off. Microsoft can't do the same thing because the component that makes that decision... the ActiveX HTML control... is used by too much of the OS to cripple it.

No fanboyism here. I call it like it is. I've had Apple fans attack me for being a Microsoft shill, when I've found the Microsoft approach to something superior. This just happens to be one of the areas where Microsoft has screwed the pooch and won't admit it.

Who the hell are you talking about now?

Your first two paragraphs seem to be at odds. On the one hand you just KNOW Windows is more vulnerable, but on the other hand, you can't tell how vulnerable it is, because you can't see the code. Sorry, but I'm just not following your logic there. Perhaps what you were trying to say could be better stated?




Didn't you just say counting flaws was meaningless? But now you seem to be saying the fact that Safari has less flaws than IE is meaningful. Again, I'm losing your logic.

Clearly, this subject is not an easy one to communicate about effectively.




Both of which can easily be distorted via semantics and rose colored glasses.

There are examples in this very thread. Even your own comments in this thread could be interpreted any number of ways, despite what I'm sure were perfectly honest intentions on your part.




They've been infinitely more responsive than Apple. No one could reasonably deny that. MS talks openly about security issues all the time, whereas Apple's written policy is to stay absolutely silent about them at all times.




Here's where semantics might play a role. By the sound of it, you're calling one of their fundamental underpinnings of their core architecture a "problem". But if all you say is true, they obviously don't see it as such. "Yes it is! / No it's not!" doesn't make for much in the way of useful discussion, as I'm sure you well know. But that's the direction these things too often go.




And yet you already said simply avoiding porn sites and using alternative browsers has kept you from ever having been attacked through any of these vectors (or any others). So how is this problem so fundamentally significant if it can be so easily sidestepped?




So Apple worked around a single problem by changing the default behavior of one feature in its browser (which if I recall, took them well over six months to do, after the problem was first announced by an independent security firm), and that to you constitutes responsiveness and honesty across the entire subject of security?

In any case, ActiveX control can easily be turned off in IE. So I'm not quite sure what you mean.



I wasn't accusing you of being a fanboy. It's plainly obvious you don't think all that highly of either MS or Apple. My comments in this regard were aimed at all participants in general, not you in particular.




Not you, so don't worry about it. The person in question is well aware of what he did. I won't name names. I'm just asking that no one else do the same thing. It's silly, childish, and accomplishes nothing but to waste the time of all involved.

The *design* of certain aspects of Windows are inherently insecure. It doesn't matter what code they have implementing the "security zones" model, it is inherently impossible to make that model secure. This is not a bug in the code, it is a fundamental flaw in the design.

No, I said that counting specific instances of vulnerabilities was meaningless. These lists of bugs are the same flaw, over and over again. And they are all *implementation* flaws, flaws that can be fixed because they are situations where the code is not working as it is intended. Design flaws, where the code is working as intended and the design is insecure, are far more serious and far harder to attack.



I could. 1997 is 13 years ago, and they have yet to so much as acknowledge that they made a mistake. They risked having the company broken up by Justice Jackson rather than admit that they had made a mistake.

Apple only took four years to fix the "open safe files" flaw. Microsoft still had that as the default behaviour, and haven't acknowledged that it might be an error.

I don't care how much Microsoft talks about the issue, if they are just talking around it.

Individual people at Microsoft do. The company *can't*, because of the background behind the way this flaw was created. They merged the desktop and the browser to try and create an end-run around their agreement with the DoJ not to bundle applications with Windows. If IE was part of the OS, it wasn't just an application, so they created a scheme that "forced" them to merge them.

For years their choice was deny that scheme could have any problems, or unbundle (REALLY unbundle) IE. They have too much face tied up in it to back down.

It's like Apple and their idiot games with mouse buttons, except that having to buy a third party mouse is a minor problem compared to having your system exploited through a "cross zone attack".

That's not what I said.


Four years, actually, 2004 to 2008. I don't know which firm you're referring to, but it was obvious to me and I reported it to Apple when the first Safari beta came out.
Compared to Microsoft, yes.


IE itself is a wrapper around an ActiveX control, and most plugins are ActiveX components. All you can do is change the zone definition to require the HTML control to treat SOME requests to invoke OTHER ActiveX controls differently. Controls in the trusted zone... which has to exist, and includes the core functionality of IE itself... are trusted. Cross zone attacks are still possible. They can not be fixed except by removing the ability of the HTML control to directly load or grant rights to any content at all, and moving the responsibility for that out to the application.

At least a couple times in this thread it's been mentioned and/or implied that no matter what platform, operationg system or security software you might use the best defence is common sense and staying away from dangerous or suspicious websites. So decided to do a little Googling to see some sort of list of sites everyone should stay away from........fully expecting to find such list full of porn sites. Surprise, surprise...........the top ten according to Google itself doesn't contain a site that even remotely appears to be related to pornography!! Rather harmless sounding sites in fact:

http://trendsupdates.com/top-10-of-the-most-dangerous-sites/

Perhaps its because porn naturally implies seedy, illegal stuff and the spreaders of such destructive software know that and purposely leave them out of their sites for delivery. Or maybe it's because so many lawmakers are constantly looking at those sites for anything they "make a statement" with . Anyway, pretty interesting.

And I bailed on the conversation.......both Argent and Chosen have a bit more expertise than I do. So its their baby now. I said my piece and I stand by what I said. Be careful out there.

edit:

According to what I just read in Resident Answers this should be clickable:

[IMG]http://trendsupdates.com/top-10-of-the-most-dangerous-sites[IMG]Didn't work.........I'm still clueless.

I'm about ready to bow out of this one as well. Argent and I can go on forever when we get into it. It's always enjoyable, but it's not always productive, and in this case, I don't think we're going to accomplish much in the way of productivity.

My only reason for getting involved in this thread in the first place was that my name was mentioned in response to a blanket statement. I thought I should respond to substantiate that the blanket statement was indeed inaccurate, and to offer a little information as to why. I probably should have left well enough alone after that.

But I didn't, and my main point from then on in, which I don't think anybody has disagreed with, was simply that there's no such thing a secure operating system. Anyone purchasing any system based on what might be arbitrarily labeled as "more secure" or "less secure" may well end up learning the hard way that it just isn't so.

Whatever the technical reasons may be for why the various holes in each system do exist, while perhaps interesting to discuss from a purely academic standpoint, really aren't relevant to the overall point, as far as I'm concerned. If I've got a boat with a few small holes in it, it might not sink quite as dramatically as another with one huge gaping hole, but does it really matter? It's still going to sink, either way. No matter what amount of "surface area" has been broken, and no matter how we choose to define what that term even means, sunk is sunk.

One might argue that the small holes are perhaps more easily patchable than the big one, and that might be true, in theory. But again, does it really matter if that's not what happens in practice? We've all agreed that a lot of these problems take months or years to get fixed, after they've been discovered, and some never get fixed at all. I don't care if all it might take is a piece of duck tape and a spit-shine, or if it would take rebuilding the whole damned boat from scratch, if neither one is going to happen any time soon in the first place.



To sum it all up, I'll leave it at this. If you want a Mac because you like using the Mac OS, awesome; get a Mac. But if you want one just because you think it'll solve your security problems, save your money, because it won't. Instead, enroll in safer behavior, and invest in better security software.

You can't expect any computer to "just work" without safe operational behavior and without regular maintenance any more than you could expect any car to "just work" without safe driving and without regular oil changes. No matter the make or model, both a computer and a car are machines. As such, both break, both have design flaws, and both require a modicum of education on the part of their operators.

Bottom line, these things don't run on magic. Security is an active, ongoing process, always. You can't just slap the word "Mac" on the box, and then miraculously no longer have to maintain the thing. That might make for good entertainment in sarcastic commercials, but it's not how reality works.

This paragraph makes no logical sense whatsoever. You're playing games with words.

The first part states that there is no *absolutely* secure OS.

The second part attempt to generalize from that into the statement that there are no relative differences in security between operating systems.

The latter does not follow from the former, no matter how many times you repeat it. Of course there are relative differences in security between operating systems, or else there would be no point in applying security updates and patches, because the patched operating system wouldn't be any more secure than the unpatched one.

Yes. It matters. A boat with a few small holes in it may never sink in normal use. Most boats have leaks, and most boats never sink.

But that IS what happens in practice. The bottom line is, there are NO active viruses for OS X.

It won't solve all of them if you keep engaging in risky behavior, but it will simplify them to the point where safe behavior is easy and convenient.

My personal experience, over the past twenty years, is that this is simply not true. The amount of necessary maintenance on Macs is massively lower. Just for one example, buying my daughter a Mac mini to replace her PC saved me an enormous amount of wasted effort. Instead of having to rebuild her system from scratch every few months, because... oh, the things she did to that poor computer shouldn't happen to a lawyer... I've had to touch her Mac twice: once because she'd gone in and deleted applications "she wasn't using" and managed to delete some that she really needed, and once to upgrade it to Leopard.

My son is a gamer, and much more technically inclined than her, but because he's running Windows I have to spend much more time fixing what he's broken. Not as bad as she used to be, but it's still like keeping a Model T running.

You can't just slap the word "Mac" on the box, no, but if you put an actual Mac in it you go from having to change the oil every 300 miles to having to change it every 300,000. If you're like many people, by the time you need to change the oil you've bought a new computer anyway.

Yes, some of those ads make me cringe too, but most of them are unfortunately all too accurate.

I believe that was me who mentioned your name in response to that blanket statement........I probably should have left that a little more vague (or perhaps not mentioned in the first place...........maybe I'll PM you first next time the urge comes up ).

The next two paragraphs I quoted above are the exact point I was wanting to make to the OP. No dissing or tauting of any operating system or platform. And the issue about Macs "being more secure" fosters a false sense of security which deminishes security software developers incentives to make and market security tools and programs to help the users who choose Macs. There is very little available..........and primarily because of the misleading (false?) assumption that Mac users don't need it. Safe internet practices are THE MOST important security measures anyone can take stay safe. But, it's not enough.......the cyber criminals are not standing still. One needs all the defenses available. One of THE MOST important defences is FACTS. And Apple has allowed a substanial percentage of it's user to believe something that is not true.

I find these discussions interesting too..........but I suppose it's time to put it to bed. The OP has his answers. He can choose which way he wants to go.

What kind of tools are you suggesting they use? Antivirus software? Firewalls?

That's why Apple doesn't sell antivirus software? Oh wait, they do!

http://store.apple.com/us/product/TQ843G/A
http://store.apple.com/us/product/TR408G/A

Yes, anti-virus, firewalls, mal-ware scanners...........the the whole shebang.

Two software suites? Great!! Where's Symantic? McAfee? The "Big Dogs", ya know. I never said there was none..............I said there is very little. I also said that Apple allows the myth to continue about it's "security".

I'm done with this thread, Argent............I have next to no experience with Macs as an operating system. But, I do have experience with protecting myself on the internet. I do know safe internet behavior. I do know I have many tools to help me with that safer internet behavior with Windows. I do know that Mac users do not have the choice (and, potentially, the quality) of tools I have. That's the sum total of my stance in light of the question or statement by the original poster. You're arguing with my stance..........you won't change my mind with semantics. I'm not wrong in my position on this subject.

Most of that software is actually dangerous. I recommend against people permanently installing anything but a pure antivirus on Windows, and nothing at all on other platforms. Occasionally checking with Spybot S&D is useful, though most of the "hits" you get are meaningless. The "enhanced" firewalls and "security suites", including Microsoft's own product, are 90% snake oil. Using any of them (even antivirus) on platforms with no active threats is more likely to cause you loss than going without. Using more than antivirus on Windows increases your chance of loss. If you're using something like Zone Alarm, you're just reducing the reliability of your system for no good reason.

That IS Symantec. One for OS X alone, and one for OS X and Windows with Boot Camp.

That's because it's not a myth.

Every recognized computer/software/security expert from Peter Norton (Symantec) and Gibson Research to radio computer wiz gal Kim Komando that I've read seem to disagree with you.

It's a myth.

Symantec is in the business of selling snake oil. They have tried to sell antivirus software for Palm OS (zero active exploits in the wild), Pocket PC (zero active exploits in the wild) as well as Mac OS X. People have had had complete data loss on their handhelds (taking out backups on their PC as well as the data on their PDA) due to misfiring antivirus software, thanks to Symantec and Peter "figurehead" Norton.

Gibson Research? Steve Gibson only started using the Mac in 2006, and while he's a smart guy and a great hacker he's not a "security expert".

And a *radio show host*?

When I think of "security expert" I think or someone like Bruce Schnier or Marcus Ranum or Steve Bellovin. Not people selling security software. But you go ahead and believe what the likes of Symantec and McAfee and Intego have to say. They need your money.

I don't want to restart any arguments, but this article appeared on Cnet today, and I thought I should pass along the link.

http://news.cnet.com/8301-27080_3-10444561-245.html

32 security experts were asked, "PC or Mac, which is more secure?" Read (all) their comments, draw your own conclusions.

Interesting read. I think that should put this topic to bed once and for all.

Thanks

I think after reading all the expert comments the consensus seems to be, at least for now, if you don't have a full IT department to support you. get a mac. If you don't want to get bitten, don't swim with the sharks. And there are far fewer sharks in Mac waters.

The media on a prim thing works pretty well for a specific application very important to teachers (the ability to draw freehand on a blackboard with reasonable speed).

With HTML on a prim you can hook up to twiddla.com and get an *excellent* blackboard. Without it, there are blackboards of this kind but they are not nearly as useful.

And there IS a fix. WINE (Wine Is Not an Emulator) will run SL on at least the sample Mac it was tested on. SL was reported slower but HTML on a prim worked.

On the general thread, the Evil Empire (of Windows) is under constant attack because it IS the Empire -- because it is most of the target space. As a result its vulnerabilities are well-known and constantly tested. I doubt that the other OS's are nearly as much advantaged in this area as their users suppose.

I was once a UNIX creature and fellow UNIX creatures airily remarked that of course all the things we did with great aplomb could not be done in *Windows* (sneer). Then I found that they all could, just as easily. Since then I have been a loyal subject of the Empire (and I have never had serious virus or spyware problems, I am attentive).

--Leslie Beaumont

Since Microsoft released Interix that hasn't really been true. Before then... even Microsoft had problems (see the Hotmail/Interix memo).

And the dead is resurrected again.

As has been said many times in this thread computer security is squarely on the shoulder of the users of the computer......regardless of the platform/operating system used by the computer in question. Using raw numbers or isolated examples of mistakes from the past to further and argument for one side of the other mostly throws confusion into the mix.........and does nothing to make securing any individual computer better in a real or effective way.

Any computer or computer system (network) can be breached. Some might be easier to breach than others. And if you actually read the facts Macs are easier to breach than Windows........yet they remain somewhat more "secure". That's where the responsibility of the user comes to play............to answer why that is so. That takes a little digging. The answers are out there.......and it's not readily available (quite unfortunate). Cyber criminals rely on that lack of ease of information and the average, every day, user of home or personal computers' willingness to take the word of the manufacturers hype for their product over a competitor. Saying that, in any given day, 100 Macs are breached vs 1000 Windows machines is almost criminal in itself........it's not a lie. It's worse.......it distoring the facts. It's using facts to back a untrue "fact". I will admit that Apple does not make these claims.........it's the users making those statements, tossing out those numbers and examples. But Apple does not go out of it's way put out the real facts.........and take timely measures to fix what is weak. It appears Mac advocates and users rely on anonymity as their major frontline for defense against cyber/security problems. That's a dangerous way to attack this problem.

Whatever platform/operating system anyone chooses it's the individual making the decision responsibility to take find out what the facts are. And choose according to what they find and what works best for them. If that turns out to be Mac that's the correct decision for that person.......if it's Windows (Linux) the same is true. The OP, in his opening post, stated concerns for computer security as his main reason for wanting to switch to Macs from Windows. My first reaction was that that reason might put the OP at even greater risk in the security ares.........and cautioned against a move with security as the basis for such a decision. It appeared he was under the misconception (and by all experts I've read, it is a misconception) that Macs are inherently more secure than Windows machines.........in other words more harder to breach or hack. No matter what system you use you need to provide your security............both common sense AND any other help you can get (anti malware, firewalls, VPN"s, whatever works for you). Or take your chances. At the moment taking your chances with Macs is better than taking your chances with Windows (but only the foolish take that chance in Windows.....because of the real facts. Windows are a bigger target)...........but simply because you are a smaller target. Not a harder target to shoot.... but simply not as desirable target due to sheer numbers being in your favor. Apple is aggressively trying to change those numbers which means as Apple increases it's numbers the users become a more desirable target. If one understands that, then one can defend themself properly. In the end it's up to everyone to secure their own systems. We just need the tools. But to use the tools we need facts. I hope this thread has shown some of those facts. Opinions matter much less than facts.......mine included.

And some are *systematically* easier to breach than others. Windows has proven itself systematically more susceptible to exploitation than UNIX throughout its entire life cycle. The difference in risk is not merely significant, it's overwhelming. And throughout this period people like you have been saying "this study shows UNIX is more susceptible", or "we're just about to see that change", and it hasn't. There is no reason to assume that there will be a significant change in that in the near future.

And that is a legitimate reason.

A Mac with no firewall and no antivirus software is less likely to be compromised than a Windows desktop with antivirus and firewall installed and active. Because there are no listening ports open to be attacked.

Yes, people have been making this argument for years, but the fact is... if you'd bought a Mac for this reason in 2004 you'd have had six secure years of no viruses, and completely missed out on several widespread infections, and saved six years of payments to Peter "trust me, I'm a security professional, buy my software for your Mac" Norton.

Using Windows at all *is* taking a chance. Antivuirus won't protect you against new exploits that haven't been reported and templated to create signatures.

Antivirus and firewalls and leaky sandboxes won't protect you against software abusing "legitimate" APIs in IE. And even Microsoft doesn't trust IE: IE is effectively disabled in Windows Server unless you explicitly enable remote access for it in an obscure administrative control panel.

And it's very hard to *not* use IE, even if you "turn it off". You use Rhapsody? You're using IE. You use Windows Media Player? You're using IE.

Over and over again Windows has proven itself susceptible in many places even when it HASN'T had a majority of the market share... in web servers, for example.

Fact: the Windows "security zones" model is inherently insecure.
Fact: the Windows networking interfaces and protocols can not be adequately firewalled because of the use of named pipes rather than sockets to distinguish protocols.
Fact: the Windows command line requires reparsing of command line arguments, the UNIX command line doesn't.

On the other hand, UNIX has had its share of insecure interfaces. With one difference: the insecure APIs have been removed and deprecated.
Fact: The UNIX "r" suite of remote access protocols use host-based access control and are inherently spoofable. As a result these protocols are no longer used.
Fact: the UNIX "system" function call is no more secure than the Windows ShellExec API. As a result applications should use exec() instead. Most do.

The *systematic* flaws in UNIX have been pared away and eliminated. Microsoft has refused to replace the systematic flaws in Windows.