Security: Mac OS X vs. Windows XP

Written by: Adam Lowe
Date: July 10th, 2009
Rating: N/A

Macintosh enthusiasts will oft declare the superior security of Mac OS X to Windows and claim a worry free environment where they’re impervious to viruses. The nay-sayers will argue that were Macintosh as popular as Windows, it would be just as overridden with malware. Knowledgeable computer users know that the architecture of the operating system leaves it less susceptible to attacks, regardless of popularity. But to many geeks that aren’t consistent Mac users, the awareness of Macintosh security ends there. Mac OS X actually has a wealth of privacy oriented security features beyond the hardened kernel. If you are the truly paranoid, you’ll find Mac OS X is for you.

Probably the most well known security feature of the Macintosh is FileVault. FileVault is a simple feature of Mac OS X that encrypts your entire home directory with AES-128. It slows down your Mac a bit, as it is encrypting and decrypting on the fly as you access files in your home directory. Though, your home directory will be inaccessible without your password. You may be saying to yourself, “Doesn’t Windows XP support encryption with EFS?” And yes, you are right. EFS (Encrypting File System) will allow you to create a folder encrypted with 3DES or AES. Of course, there are two major security holes with this, but let’s keep talking about Mac.

Mac OS X takes encryption a step further. You see, when you need to access an encrypted file, your computer has to decrypt it, and then load the decrypted file into RAM to be used. And as we all know, when a computer is turned off, the contents of your RAM are all lost. But what about virtual memory? That’s on the hard drive. Even if you turn your computer off, the encrypted file you had accessed may exist decrypted in your virtual memory. Luckily for us Mac users, we have a security option to not only encrypt the files on our computer, but also the virtual memory, by merely clicking a check box that says “Use secure virtual memory.” How ’bout that? In Windows, deleted files are easily recovered. So even when you’ve sent that encrypted file to the Recycle Bin and emptied it, it’s easily retrievable. As you may know, when a file is “deleted,” it isn’t actually removed from the hard drive. The space the file occupied on the hard drive is merely marked as “available” to be overwritten by another file. The file will actually continue to exist there until another piece of data is written to that spot on your hard drive. In Mac OS X, if we want a file to be gone, we can make sure it’s gone for good. When a file is sent to the trash, not only are we posed with the option to “Empty Trash…” but we also can select “Secure Empty Trash.” With this option, the file is completely overwritten with random ones and zeros, preventing retrieval of the file.

But there’s another cool option. Just in case we’ve mistakenly emptied the trash insecurely or if you’re simply worried about other deleted files that may still exist on the hard drive, there is an option to go through all the hard drive’s free space and securely delete all the files that may exist there. It’s as simple as going into the Disk Utility, clicking your hard drive, going to the “Erase” tab, and clicking the “Erase Free Space…” button.

Continue to Next Page >>

| Page 1 | Page 2 |