Windows 7 vs. Snow Leopard: Which is More Secure?

But now we have a couple new(ish) kids in town: Windows 7 and Snow Leopard. It’s time to see if that statement still holds true.

Well, after using Snow Leopard for a few months, and taking Windows 7 for a good spin, I’m happy to report I’m still more secure on a Mac. I’ll explain below.

First, however, let me clarify my statements a bit. It’s clear that both operating systems are mature and powerful, and they both support a vast array of security features and capabilities. But to paraphrase Jeremiah Grossman, it needn’t be the case that one operating system is more secure per se; what matters is where you’re safest.

Safe and secure are two different concepts, and I’m convinced that what matters to the consumer is where he is safest. And I’m convinced I’m safer on a Mac than I ever was on Windows.

So let’s start with some basic general comparisons in the two systems. It’s clear that there are many similarities in how the two systems set out to protect their integrity and users’ data. They both look not just at the fundamental issues of user privileges and file access control, but also at programmatic actions. For example, when a program attempts to install itself in the system applications area, both systems prompt the user—even a privileged user—before the operation proceeds.

Additionally, both systems include basic firewalling capabilities as well as security updating mechanisms. It seems that most software producers these days have finally “gotten it” with regard to turning features like these on by default. In fact, many consumer-level security settings are on by default in both of these systems. Kudos to both Microsoft and Apple for that.

Neither operating system includes anti-virus protection by default. Those are left for the consumer to install if he feels it necessary. And there’s where on element of safe vs. secure comes in.

Neither system is immune to viruses, and we certainly have plenty of examples of this fact. But the fact is that the vast majority of malware and viruses is still written for Windows systems. Until that changes, Macs are safer, even if they aren’t necessarily more secure.

Indeed, many Mac users don’t use anti-virus products at all, and can use their computers for years without encountering anything that would warrant it. This surely can’t be said for Windows users.

Additionally, neither system requires a separate administrative user for performing administrative functions and non-privileged desktop users for running applications and such. Call me old school, but I believe that it’s still a good idea to separate administrative and production tasks, and would recommend that to anyone using either of these systems. It’s a bit of extra work, but it’s worth it in my view. And yet, pretty much only us gray-haired security geeks do it on our desktop systems.

With that out of the way, let’s take a deeper look at some of the security criteria that matter to consumers.

Windows 7 vs. Snow Leopard Security: Feature by Feature

• Familiarity with security mechanisms. Although I remain fundamentally more comfortable with UNIX-based systems than others, the fact is that many of the relevant security functions that end users will perform are done in “GUI land,” far from any command line sorts of environments.

Both systems have made great strides in making security controls accessible and understandable to the end user. Most common security controls are presented to the user and are easy to work with.

The one thing where I still give a slight nod to OS X is that I can still get to the UNIX command line to fine-tune things that I can’t get do (or find) in the GUI environment. That gives me just a little more comfort when it comes to the security of my business data.

Qualitative score: Snow Leopard gets a B+ while Windows 7 gets a B.

• Separation of data and executables. Although their respective naming conventions differ, both systems do a pretty good job overall at separating system files from user files. In particular, I look for system files like executables and libraries to be in their own locations (e.g., /Applications, c:Program Files) and not generally modifiable by end users. User data, on the other hand, should be readily available and only accessible to the designated owner/user.

In the past, I’d had problems with installing applications (as an administrative user) on Windows systems, and then running them as a non-privileged user. Many programs just didn’t work well in this multi-user manner. I’m pleased to say that the situation has improved over time.

Although the systems haven’t changed much from their respective predecessors, the scoring has gradually equalized a bit.

Qualitative score: Snow Leopard gets a B+ while Windows 7 gets a B.

Next Page: Windows 7 vs. Snow Leopard: program management, access controls