arthead -

Comparing macOS vs. Windows security

Windows and macOS have their pros and cons and, often, security comes down to the individual use case.

While there has been a long-held perception that macOS devices are more secure than their Windows counterparts, that may no longer be the case.

The truth is that each operating system has strengths and weaknesses when defending against threats, and more often than not, security comes down to the user.

What threatens modern desktop security?

Regardless of whether a desktop is running Windows or macOS, numerous security risks remain a threat. Two of the most pervasive risks, malware and social engineering attacks, can target both platforms.

Malware is a catch-all term that refers to any program or file that is harmful to a computer user. It can perform various tasks such as stealing passwords and credit card numbers, monitoring user activity or causing a complete system failure.

Social engineering attacks also come in various forms. Usually, they involve an attacker who poses as someone else (such as a technical support engineer) to trick a user into giving up passwords or other sensitive information.

History of Mac vs. PC security

Since the 1980s, Macs have had a reputation for being far more secure than PCs, especially when it comes to malware attacks. Back then, PCs relied on DOS (disk operating system) and faced frequent attacks from boot sector viruses.

Over time, DOS gave way to Windows. Early desktop versions of Windows proved to be extremely susceptible to both hacking and malware attacks. The problem became so bad that in 2002, Microsoft launched its Trustworthy Computing Initiative and temporarily stopped work on Windows Vista so that it could focus on addressing the security flaws that had long plagued Windows XP.

Although they were not immune to malware, Mac systems of the time suffered comparatively few infections. The higher frequency of attacks on Windows likely stems from the fact that Windows was a vastly more popular operating system. In 2006, a marketing analytics firm reported that Microsoft Windows accounted for 97% of the market and that Apple only had a 2.47% market share.

These statistics had a significant effect on operating system security. Whether for profit or notoriety, malware authors typically want to infect as many systems as possible. As such, it made far more sense for malware authors to target PCs instead of Macs. At the time, Apple's small market share helped the company's devices fly under the radar and largely avoid attacks.

Today, Macs are far more popular than they once were. Much of Apple's increase in market share stems from home users, but macOS systems are gaining traction in business environments, especially corporations that produce creative content.

A chart comparing the strengths and weaknesses of macOS and Windows 10 security.
Each operating system has security strengths and weaknesses that should be evaluated based on its intended use.

Security architecture of macOS

The macOS security architecture consists of three discreet levels. The bottom layer of the security stack contains the Berkeley Software Distribution (BSD) and Mach. BSD is an open source standard and is responsible for the basic file system and network services, and handles access control for users and groups. Mach is the component that manages hardware abstraction and controls the operating system's threads. The Mach component defines several ports (which are known as Mach ports). Each of these Mach ports corresponds to a particular task or resource. The Mach component acts as a low-level gatekeeper, controlling which tasks can communicate across which Mach ports.

The middle layer of the macOS security architecture is CDSA. Although Apple created its version of CDSA, it stems from an open source standard. The main component of the CDSA layer is the Common Security Services Manager (CSSM). The CSSM is a set of security-related modules that provide cryptographic services and trust policies. The names of the individual modules are Cryptographic Services Manager, Data Storage Library Services Manager, Certificate Library Services Manager and Trust Policy Services Manager.

The CDSA is also extensible using plugins. These plugins provide security services for the operating system. The default CDSA plugins include AppleCSP Cryptographic Service Provider, AppleCSP/DL Encrypted Data Storage Provider, AppleFileDL Data Storage Library, AppleX509CL Certificate Library and AppleX509TP Trust Policy Library.

The top layer of the security architecture consists of the macOS Security Services. This layer contains a collection of macOS security APIs used by the applications.

Mac security strengths and weaknesses

Mac's biggest security weakness may be a false sense of security that remains somewhat prevalent among Mac users. Apple's growing popularity makes macOS a far bigger target than it has been in the past. The volume of threats directed at macOS devices has grown at double the rate of threats against PCs as of 2020, according to security research by Kaspersky.

Apple is working hard to keep macOS secure. The operating system has a reliable security architecture that does an excellent job isolating the OS kernel from threats. And, while it is difficult to quantify its effect on security, the average user often finds Macs easier to use. This inevitably helps prevent security issues because users are more likely to enable an operating system's security features if they do not feel intimidated by it.

Windows security architecture

The Windows security architecture uses a component called the Local Security Authority, or LSA. The LSA's main job is to authenticate local requests and create sessions whenever a user logs on. When a user enters their credentials, Windows creates a one-way hash of the user's password. The LSA compares this hash against the password hash stored in the Security Accounts Manager (SAM) database to determine whether the user entered the correct password.

Whichever operating system you use, it is important to enable the built-in security features and to apply security updates as they become available.

If the Security Accounts Manager validates the user's login attempt, the LSA uses the SAM database to find the security identifier (SID) that corresponds to the user account, as well as the security identifier of every group that the user belongs to. The LSA then creates an access token containing these SIDs.

Whenever the user attempts to access a resource, a kernel mode component called the Security Reference Monitor examines the resources access control list to determine whether to grant access or not. In doing so, the access control entries stored within the access control list are compared against the user's access token to determine the user's permissions.

PC security strengths and weaknesses

From a security perspective, the greatest strength of Windows may be the frequency of operating system updates. Although IT professionals almost universally loathe Windows Update, Microsoft does an excellent job of releasing timely security updates to counter newly discovered threats.

Microsoft's security policies are another strength of Windows. Security policies applied at either the local computer level or through the Active Directory allow for granular control over almost every aspect of the operating system. Administrators can use these security policies to harden Windows in a way that meets their organization's security needs.

Windows biggest security weakness is that it is excessively large and bloated and contains numerous legacy components. Although these legacy components receive updates, obscure features leftover from the days of DOS can function as attack vectors.

Mac vs. PC: Which is more secure?

Neither platform is perfect when it comes to security. Both OSes have suffered malware attacks, hacks and other security incidents. Even so, both Apple and Microsoft go to great lengths to keep their operating systems secure. Whichever operating system you use, it is important to enable the built-in security features and to apply security updates as they become available.

Dig Deeper on Desktop operating systems