Business Week tech columnist Stephen Wildstrom piped in on the Windows vs. Mac OS security debate with one of the most reasonable explanations I have heard yet.
In “Why Worms Shun Apple's OS X,”
he writes: “OS X offers inherently better security for several reasons.
The most important is that it was designed with relatively little
concern for compatibility with earlier versions, while Windows is full
of compromises so that it works with older and less secure operating
systems. Microsoft's concern with compatibility, which largely reflects
the demands of corporate customers, has resulted in old flaws being
Stephen makes exactly the right point. Microsoft made compromises
for the sake of backward compatibility that increased the Windows
security-vulnerability footprint. Apple chose a different approach to
backward compatibility, of running older applications in a special
“Classic” mode that from a security perspective acted as kind of a
clean room separate from Mac OS X.
I've never bought into Microsoft's argument that Windows popularity
is the real reason for ongoing security problems. I rebutted that myth
in my Mr. Gates Neighborhood post, among others. And there's no question that Mac OS X rights management architecture is a natural deterrent to many kinds of attacks, at least compared to Windows.
Much as I like Stephen's explanation, it's only a partial one. There
are plenty of other reasons for Windows security problems, such as the
aftereffects of bundling the browser with the operating system or the
general increase of security exploits.
No question, Microsoft is serious about security. And I would argue
that with Windows Service Pack 2, the company sacrificed backward
compatibility for the sake of improving Windows security. I'm sure that
was a tough call for executives to make. But it was probably the right
one, given the options of the time. Looking ahead, Microsoft might want
to consider its Virtual PC technology as a way of providing backward
compatibility for older software, while improving Windows Vista
security. [Microsoft Monitor]