I’ve lived through the wars. I’ve received battle scars from all sides of the war zone. I’ve been bruised from the Windows Guilds. I’ve been lacerated by the Mac Clans. The Linux Tribes have hurled their stones at me, vying for my head. These noble warriors have battled valiantly over the decades. All of them have their unique and special skills. None of them are perfect.
My friends from the Mac Clans have made the rallying cry ‘it just works’—their mantra now for most of my life. In many ways, the Mac ecosystem is reliable and easy to use. Those of us who dive into the warm waters of the Mac ocean are free two swim about it, comfy and secure. However, I believe, that this mantra points to the fault of the Mac ecosystem. Because things are so simple and reliable, we just assume it is secure as well. We are lulled into a false sense of security.
The Mac OS has enjoyed a ‘security by obscurity’ for all of its existence. The 100 million Mac users are dwarfed by the over 1 billion Windows users. This has meant that Apple has been under the radar, and safe from the volume of attacks that are aimed at the Windows ecosystem. However, this low level of attacks means that Macs are not as battle-tested as they would be otherwise. Vulnerabilities may never be discovered or are slower to be discovered. The vulnerabilities do exist, no computing system is perfect, and Mac is no exception.
Let me close the Apple discussion with this. Many (most?) users of Apple Mac products practice no security whatsoever on their devices. Very few even take the beginning step of running antivirus on their device. This means that if there were a vulnerability, the user would never know. The false sense of security gained by Apple's reputation could indeed be putting you at greater risk than the known security issues found in other environments, simply for the fact that you assume you are safe and take no action to truly be safe.
Microsoft Windows enjoys the largest install base of any traditional computer operating system. Windows also enjoys some of the oldest and most mature code base of any traditional operating system. Windows also sports an amazing level of backward compatibility; software written decades ago can often run on the newest Windows computer. While all of this is amazing feats and amazing features, it all combines to make Windows very difficult to secure.
Enjoying the largest install base means that the ecosystem is huge. This means that a virus written for the Windows world has a tremendously large world to play in. Why write a virus for Mac, when you can only work with 100 million devices, when you can write it for Windows and have 10 times the return? This means that a majority of the malicious software written, is written for Windows.
Windows sports a mature code base. This may sound secure, but in reality, it is often the oldest code that has the most vulnerabilities. Sometimes the code was written so long ago that the very threats that are attacking it today were never imagined at the time it was produced. It also means that there is bundled into the Windows operating system lots of old software that hasn’t been looked at and secured in years, sometimes decades.
Lastly, backwards compatibility means more loose ends that need to be handled from a security perspective. We run old software, on old code, none of which was ever designed to be secure. The very fact that Windows does support old software opens itself up to another large world of insecure programs, never designed to be secure.
The ultra-portable world of smartphones and tablets is the next frontier of cybersecurity. There are more Android devices running today than traditional Windows/Mac systems combined. This is a massive ecosystem, and it is enjoying explosive growth. The operating systems are relatively young and enjoy a more aggressive stance on security—however, nothing is perfect. Data can be stolen from your Android or IOS device. No code base is perfect. Apples aggressive encryption systems have been cracked open, Android phones are notorious for being easy to access.
No device is perfect. No company gets it 100% right. If you deal in important data, you had better take steps to protect it. Antivirus, patching, security training, solid cloud backup, are all important tools for protecting your business. Cyber attacks happen all the time and on many fronts.
It is up to you to take action to protect your business and your data. Join ACS on October 10th for “20 TECH TACTICS TO SECURE YOUR BUSINESS.” This free training for business owners and managers will increase your knowledge of technology security and give you powerful tools that empower you to implement security enhancements in your business starting the minute you get back to your desk.
Get your free tickets now.