So how on earth can I defend my opinion that Linux edges out OS X here? Simple. In my experience observing the two communities, Ive (quite subjectively again) viewed Debian as being more responsive to rapidly resolving security vulnerabilities.
Is the Mac Really More Secure than Windows?
Web 2.0 Security: Application Scanners
Spam Bust: The Lessons of Yesmail
Pirated Vista, Office 2007 Already on The 'Net
Thats not to say that Apple hasnt been responsive, and quite possibly someone with more quantitative data will come along and cast aside my gut feel here. That said, while running my Linux desktop, I was always impressed when I watched the latency from disclosure to patch time.
That said, I still hate the patch management practice, but it remains the worse possible solution except for all the others.
Qualitative score: OS X gets a B- while Linux gets an A-.
Desktop target Im always cognizant of the lessons I learned in childhood watching educational shows like Mutual of Omahas Wild Kingdom. Its the slow gazelle that always ends up as cheetah food. Computer attackers seem to be quite content (and fat) going after Windows users as the metaphorical slow gazelles. Indeed, to extend this bad metaphor even further, Internet Explorer and Outlook must look like slow, fat, pre-barbecued and sauced, gazelles in the eyes of the cheetahs.
Im quite happy not attracting the attention of the cheetahs, on the other hand. As such, Ive long favored less-than-mainstream desktop apps like Konqueror and Kmail or Safari and Mail.app.
As Apple gains market share, however, Safari and Mail.app are without a doubt going to increase in their appeal to the cheetahs. For that reason, I give a slight edge here to Linux. Ironically, Apples own popularity can be seen as a liability of sorts, at least in this one security aspect.
Qualitative score: OS X gets an A- while Linux gets an A.
With so many of these factors seeming to favor Linux, you may reasonably be asking why I still prefer using a Mac. Well, the answer lies in the classic trade-off that security practitioners face every day: security vs. functionality.
OS X gives me the functionality that I need as a (frequent) traveling professional, all in one place. These things include a really easy to use Wi-Fi capability, MS-Office running natively on the system, a calendar, contacts database, and a slew of other desktop software applications that just run beautifully. Yes, Im being highly subjective here, but its been my experience that the desktop apps on the Mac vastly exceed, in usability terms, anything I ever found on my (now semi-retired) Debian Linux desktop.
In short, the things I need just work.
So OS X won the functionality vs. security battle for me. Its true that I have to work a little harder to secure myself to a level that Im comfortable with. But, Im willing to do that for the level of functionality I get in return.
I believe thats a really important thing for security professionals to keep firmly in mind. Quite often, the best solution is not the most secure one. I wrote this column on my Mac; Im sticking with my Mac; and I now think of PC users as those who have never tried Macs.
Let the inbox beatings begin