Bulletproof Windows?
There was a time when Windows was brittle, and Apple seemed hardened by comparison, but those days are past. Self-replicating worms and blundering vulnerabilities had angered Microsoft’s customers, prompting then PC chieftain Bill Gates to launch the Trustworthy Computing initiative in 2002.
Synack’s Wardel says that “back in the day, Windows had a horrible track record in terms of security. I think Apple rested on its laurels, while Windows did almost a full 180 and started to take security incredibly serious.”
In the intervening years, Microsoft has undergone a Security Development Lifecycle, implemented a bug bounty program, gone on a Windows hacker hire binge, and has woven exploitation mitigations into its core. When Apple does the equivalent, it is often insufficient or trivial to bypass, Wardel says, noting the caveat that many of Cupertino’s security team are “incredibly bright” and making “great strides to secure the OS”, notably with the upcoming El Capitan OS release which he advises all to adopt.
“Microsoft has gone through its hamster wheel of pain,” says Wise. “Microsoft has taken a whole lot of abuse and is now a very securable environment.”
It only takes one bad Apple
Macs in the enterprise are often unmanaged. They are the abnormalities in an otherwise homogenous fleet of Windows machines, often forgotten by system administrators whose skill sets are strongest with Microsoft, says Neal Wise of Assurance.com.au, a Melbourne-based security consultancy.
Management of Apple devices is often more piecemeal than Active Directory for Windows and non-uniformed, a practice that Wise is most concerned about because it creates a weakness in the enterprise security chains.
The immaturity of Apple security tools plays a role, too. High-value users become high-value targets and attacks against them will go unnoticed in many organisations thanks to a lack of development, adoption and proper configuration of defences.
Wise, a Mac and Unix aficionado, is a big believer in “control parity” because this helps eliminate the entry vector caused by the lack of management of a small number of Macs in Windows fleets.
Wade Alcorn of Alcorn Group says the same. He and all experts in this story reckon no system administrator should buy Windows or Mac based on the inherent security chops of those systems. Rather it should come down to, at least in part, the skills of the tech team.
In terms of security, the Mac vs PC security debate is drowned out by the timeless basic security tenets captured by the Australian Signals Directorate’s Top 35 controls. “Patching, full disk encryption and verification wins hands down in this situation,” Alcorn says. “They need to get the basics right, regardless of whether it’s a Mac or a garden variety Dell.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
