Vito Cassisi – Tech Blog Delving into technology

Illogical Immunity

Good luck! I'm behind 9 proxies, and on a Mac!

It's the age old argument. What platform is most secure, Windows, MacOS or Linux? Apple wants you to believe that their OS, MacOSX, is the best option, which is evident by their ad campaigns featuring two men depicting a 'PC' and a 'Mac' respectively. Perhaps the most relevant skit can be found here. Linux, on the other hand, is known to take security very seriously. Some would say too seriously, with constant nagging not unlike the infamous Vista UAC. Of course, it's arguable that security is a lot more important than avoiding the incessant tending to security dialogues. Then there's Windows. It has a reputation for being riddled with viruses, spyware, or just malware in general. This mentality may have started in 1986, five years after the first virus was deployed on the Apple II. Since Microsoft's software was so popular, it became the obvious target for future attacks.

Think to how operating systems are labelled in terms of common stereotypes. You've got Linux, the one that only the most hardened of 'nerds' can master, where problems can be fixed easily - if you know how the whole OS works from top to bottom - and it's locked down to nasties. MacOS, the virus free virgin OS where everything is simple and pure, and everything is creative and fun. Then there's Windows, the master of spreadsheets, and the one that's compatible with most software/hardware; but it's always chucking a sickie. Fortunately, stereotypes aren't my thing, so I find these attitudes quite amusing. Unfortunately, it only takes a few minutes of browsing an active forum or comment section of a news site to hear this nonsense spout as gospel. To the credit of online communities, most people have wised up; perhaps due to the introduction of 'rank' based comments and online reputation.

Your everyday computer user is often influenced by these lingering stereotypes. Not only have they been around for several years, but they require little explanation. To teach people the truth, or at least, put these claims into perspective, would require a fair amount of technical explanation; most of which people just don't care about. Herein lies a problem, one that boggles the minds of those competent enough to understand. Security is no longer a question of OS platform, but the product of user awareness. You see, a criminal can just as easily obtain your bank account details whether you're on a PC, Mac or multi-million dollar mainframe running a Linux distro. The platform that's going to cause you trouble isn't the OS - it's the Internet.

Viruses and spyware are old-hat. Sure, they're not extinct, but they're far from the preferred method of obtaining personal details. The Internet allows criminals to obtain your personal information the old fashioned way, by scamming you through trickery. I'm sure many of you have had friends initiate a chat session with something along the lines of "Hey, I found this funny picture of you: *insert link here*". Looks innocent enough to most people, so you click it. At this stage you're met with a site similar to the sign-in page of your awesome-newfangled-social-networking account. An experienced user would probably notice that the link is odd, or that asking for details is suspicious. The everyday user would probably think "Urghh, it always asks me to login", and would then proceed to enter their details. Naturally, this would leave the owner of the fake site with access to all your details associated with said account. This phenomenon is called 'phishing'. It's not a new occurrence, but it's definitely the hardest to combat. Whilst viruses can be tracked via software, phishing requires the user to employ common sense. Your 'secure' OS can't do a thing about it.

Whilst many phishing sites use your details to spam your friends with advertisements, others do a lot more damage. Many people share private data on sites such as Facebook, to the extent where obtaining that data can lead to identify theft. In addition, phishing attempts for your bank details is a common occurrence. For example, there's been official-looking e-mails sent out requesting updated bank details; banks will never e-mail you asking for sensitive data.

So what can users do to protect themselves? The obvious thing is to be vigilant when using the Internet. If something looks suspicious, don't use it. Common aspects to look out for are odd or misspelt URLs, inaccurate page layout, improper English, or a missing/invalid security certificate (if applicable). You can obtain software to help detect phishing sites, but these are not foolproof, so don't rely on them as your sole line of defence. Modern browsers may have inbuilt tools which will warn you if they detect a known phishing site.

The bottom line is, you can't choose an OS based on the assumption that one is infallible. In a day and age where the Internet is a larger platform than all the major OSs combined, it only makes sense for nasties to shift their focus online instead of a smaller section of the market. Each OS has their share of nasties, it's up to the user to implement the appropriate safeguards to avoid them. This includes installing software from trusted sources, avoiding illegal software, and steering clear of suspect sites. In addition, an OS can only block what you let it, so the next time you're asked "do you want to allow xyz to have access to your system", think about what's being installed, and whether you initiated it. That's not to say that each OS is equally vulnerable. Some OSs are better at dealing with malware than others. That being said, the reality is that they all have a consistent exploit - the end user.