Windows vs Mac Security -Excellent analysis

Slashdot | Windows vs Mac Security

The article linked in the Slashdot entry has the more provacative title " Is Windows inherently more vulnerable to malware attacks than OS X?" After looking at the assessments at the bottom of this article, I can only nod my head in agreement. These are hard-learned lessons that UNIX has learned many times over. Sendmail running as root? Geeks the world over would shake their heads in mock disbelief if you told them you were running sendmail as root, yet it seems that Windows encourages this sort of behavior with all of the applications. Just look at the first four criticisms:

• All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.
• By default, Windows launches all services with SYSTEM-level privileges.
• SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore
• The activity of SYSTEM is next to impossible to control or log.

If that isn't a recipie for disaster, I don't know what is.

And don't get me started on the Windows Registry. Finding what you're looking for in the registry is the computer-equivalent of finding the other sock in the dryer.

And here's something equally damning:

• Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread. Attackers use this same mechanism to cloak malware. A privileged user must never be denied access to a debugger on any system. My right to track down malware on my computers trumps vendors' interests in preventing piracy or reverse-engineering. Maintaining that right is one of the reasons that open source commercial OS kernels are so vital.

Put simply, Microsoft or someone else can run code on your computer that, the computer user, don't have the authority to tell what's going on. It's like buying a house with a room you're not allowed to enter at any costs. While that may work for horror fiction, it's a terrible way to run your computer.

I could go on, but I think you get the idea why I think if you run Microsoft Windows, you're just asking to have your computer pwned.