How Safe is MacOS?
Hello everyone! I am in the cybersecurity industry for almost 8 years now. Through all these years, many people had asked me topics related to security. One of the most common belief is that MacOS is much more secure that Windows OS. Some even think that it is "hackproof" or free from malware. Today, I am going to discuss this topic and hopefully this article will serve as a reference to anyone who asks me similar questions in the future 😎.
What is MacOS?
To understand how secure is MacOS, we first have to know what it is. If you take a look at the history of MacOS, it is actually based on Unix.
Source
Unix as an operating system is really built with security in mind. In this article, the author discussed the fundamental difference in design principles between Unix and Windows and he says,
These differences in the design and relative security of Unix and Microsoft OSs illustrate a distinct difference in philosophy between them. Unfortunately, the difference appears to be that where Unix has a philosophy of security built into the fundamental design of the system by default, MS Windows has a philosophy of "Who cares about security?"
With the file level permissions, sudo and su permissions restrictions, Unix is indeed much better designed for security in a multi-users environment. (At this stage, I will like to point out that Windows security has also improved drastically with the introduction of Windows 10.) However, this does not mean that Unix is virus-free and hackproof. In fact, the first computer worm, Morris Worm, was written to target Unix-based systems. By extention, it will be foolish to think that MacOS is virus-free.
Recent Vulnerabilities on MacOS
I got reminded of this topic because of a recently discovered vulnerability on MacOS. The vulnerability, coined as "KeySteal", opens a door to steal all passwords in your Mac’s “login” and “System” keychain, which leaves you wide open to attack even if you have security measures like Access Control Lists and System Integrity Protection using Apple’s latest T2 security chip. Here is a video of the vulnerability being exploited,
Vulnerabilities in MacOS's Keychain function is not new, a similar one was discovered in 2017. Besides the weakness in its Keychain security, the latest version of was found to have a vulnerability which allows bypass of its privacy feature. This vulnerability, though already fixed, was found almost immediately post release. This goes to show how easy it is and how interested security researchers (and hackers) wants to break the security on MacOS.
Besides the 2 more prominent vulnerabilities, there are dozens of vulnerabilities discovered in 2019 alone. You just need to head over to CVEDetails.com to view them. CVE is short of "Common Vulnerabilities and Exposures". It is a database of vulnerabilities found by security researchers all over the world.
Conclusion
For the past decade, MacOS had benefited mainly from "security through obscurity". As the user base is low compared to Windows, and most companies issue Windows-based PCs to their employees, there wasn't much incentives for hackers to exploit MacOS. In the past, hackers mostly take the path of least resistance and aim to do less work for the most reward. Therefore, writing viruses and other malware for Windows made the most economical sense.
Lately, attacks have become more targeted. There are probably many high-value individuals who are using MacOS and increasingly, we are seeing MacOS used in corporate environments. As a result, we can expect more focus from hackers to target MacOS. The bottomline is not to be too complacent and take security for granted just because you are a Mac user. No system is 100% hackproof.
Thanks for reading! Do share your thoughts and let me know which operating system you are using.
As good as usual, thanks for these information @culgin! Resteemed to my CyberSecurity community! :-)
Thanks for dropping by and the support!
Posted using Partiko Android
Very interesting article. As I work in IT I clean up a lot of peoples PC with malware and people who let scam callers from the phone into their computers.i can see this problem getting worse over the next 10 years as people’s dat becomes more and more exploitable.i think that there is no such thing as real privacy anymore, every where you go on the internet someone is watching and collecting you information and passing it on to advertisers.this is one reason why I moved from Facebook to #steemit. Thanks for you post
Thanks for the comment! I am also using less of Facebook and more of Steem these days. I hope more people see the light :)
Posted using Partiko Android
I’m with you on that for sure.
Exactly, MacOS is safer because there are easier targets out there.
Haha.. this is increasingly becoming a dangerous thought. Based on my work experience, cyber attacks are getting more and more targeted. There are many high value targets (e.g. CEO of companies, celebrities and etc..) who are using Mac. So there will certainly be more focus from hackers to target MacOS moving forward. In a nutshell, don't get too complacent just because u are using a Mac :)
Posted using Partiko Android
Hello, I get here thanks acrypto.Piotr. It has given me an excellent referent. Your information is valuable, thank you for sharing it.
Thanks for your comment! @crypto.piotr has all my support :)
Thank you so much for participating in the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!
Hi @culgin!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.635 which ranks you at #5675 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 221 contributions, your post is ranked at #26.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Excellent post on MacOS security, in my opinion there is no system 100% secure, everything depends on the precautions the user takes when using it.
P.S: @crypto.piotr I recommend you to follow and I think it hit the nail on the head, you won a new follower :)