If you boot up and surf the Web using a Windows PC without installing or configuring any security tools, it will likely pick up some piece of spyware, some adware, or a virus on it pretty quickly. By contrast, you can surf the Web using a Mac without changing any of the default install settings for months without problems. This is what most people point to as proof that Mac OS X must be more secure.
What really makes this example seem like evidence of Mac OS X as a perfectly secure operating system is that there are very few viruses or other forms of malware that have been created to exploit flaws in Mac OS X. There are multiple reasons for this; chief among them the fact that there are far fewer Macs in the world than there are Windows PCs. As a result, most malicious code writers choose to target Windows so that they can have a much wider impact.
Another factor is that until recently Mac OS X was designed to run only on Power PC processors, which use different instruction sets and assembly language than Intel or AMD processors. Although not an impossibly large hurdle to malicious users, this meant that malware needed to be coded with a payload specific to Power PC hardware rather than simply converting an existing payload to work with exploitable flaws in Mac OS X. Combined with the smaller user base, it historically resulted in far less interest in targeting Mac users.
Security by obscurity, however, is not proof of a secure operating environment. It might not even be a comforting thought because it can lead to a general lackadaisical attitude toward security and widespread infection should a rapidly propagating virus or other malware be developed. The truth is that although there have been few instances of malware or widespread attacks targeting Mac OS X, the platform is not perfectly secure. In fact, it does have a variety of vulnerabilities.
One of the weaknesses in Mac OS X is its combination of BSD Unix with the Mach kernel. The BSD nature of Mac OS X offers several security advantages: securelevels, a multiuser access control model, and the ability to limit the access that applications have to the kernel and other core operating components. All this offers improved security compared with most Windows releases.
However, the fact that the BSD architecture sits on top of the Mach kernel presents a weakness because it’s possible to use Mach-specific kernel services to circumvent BSD security features by passing system calls and instructions into the kernel itself. This could allow a malicious user with knowledge of the Mach kernel to carry out a number of normally restricted activities.
There are also a number of known vulnerabilities to the Mach kernel. As with most kernel vulnerabilities, they are primarily related to system calls. Some of them have been used in the past to develop rootkits capable of patching the kernel and allowing a malicious user to infiltrate a system without detection. Apple has prevented known rootkits from being used to compromise the current release of Mac OS X. However, there continue to be ways in which malicious users or code can infiltrate the kernel and, by extension, compromise the entire operating system.