Snow Leopard vs Windows 7: Which is more secure?

With Microsoft trumpeting the security features of Windows 7, expect a return of the debate over which is more secure - Mac or PC?

In its Get a Mac campaign, Apple has long had fun portraying Windows Vista (Microsoft's previous operating system) as a malware and virus-infested quagmire with unusable security controls. It claimed that Macs are more secure.

Asked for evidence, Mac fans often point to threat-advisory statistics. This year, for example, security experts Secunia issued 29 vulnerability advisories for Microsoft's Windows XP compared to only nine on Apple's OS X.

But are such comparisons fair? Objectively, the answer is no. Firstly, Windows has much more third-party software with which to contend and hackers have a Windows bias.

This bias is due to Apple's market share - 9.4 percent, according to the latest figures.

If you're a hacker, this means that the audience for your exploit is about 10 times less on OS X than Windows. Without the automated malware creation tools that exist for Windows, you'll also have to bring your own Apple developer skills.

Put simply, targeting Apple's platforms costs more and reaches fewer people. If you follow the basic economic rule of opportunity cost (the cost of foregoing alternatives) why would you do it?

What Secunia's statistics reveal is that, with most vulnerabilities closed quite quickly and with only one on each platform remaining unpatched, both companies take security seriously.

Perhaps stung by Vista's reception, Microsoft is certainly showing a renewed security focus in Windows 7.

The first of the new security features is the Windows Biometric Framework - native support for fingerprint scanners and other biometric devices to log on to local machines and corporate domains.

There is a new and improved version of BitLocker (Microsoft's tool for natively encrypting your hard disk) that encrypts USB keys, external hard drives and other portable storage devices.

Finally, there are changes to Vista's derided user account control that promise to make it far less annoying and more intelligent.

Microsoft has put Windows 7's security at the front of its promotional campaign (pictured) and there's no doubt that it will be more secure than Vista. But will it be more secure than OS X?

We could debate the security merits of both all day but until we're booting highly secure EAL6-certified installations of 'Secure OS X' and 'Windows 7 Ultimate Security' (unlikely any time soon), it's up to us to secure ourselves.

What can your average Mac or PC user do to improve their security? Firstly, I'd recommend file and disk encryption. Recent criminal cases have illustrated how impermeable PC-grade encryption has become. There are no excuses for sensitive personal or customer information being exposed on lost or stolen laptops.

Secondly, always back up your data (Windows 7 is much improved over Vista backup). Not only is equipment failure inevitable, but if your computer is ever severely compromised you might want your data on-hand so you can perform a clean install.

Thirdly, if you're a Mac user, don't consider yourself immune. While you are a smaller target, attacks and exploits are still out there. Symantec recently spotted the first Mac botnet in the wild (an army of zombie computers used to send spam or execute denial of service attacks) - proof positive that you should be running anti-virus software as Apple recommends.

Finally, research shows that the easiest way to attack our computers is through social engineering (tricks that fool us into compromising our own systems), rather than through software exploits. Be sure to think security whenever you're online and never give your details to a site unless you're certain of its identity. Anti-virus scanners and operating system features will go so far, but the best security is a security conscious user.

Steven Willoughby is a security specialist and one of Australia's foremost key management experts. He is the technical director of ICT Networks.

Are Apple's security credentials over-hyped, lulling users into a false sense of security that risks their data and privacy? Is Windows 7 the future secure operating system or will it always be attractive to hackers because it's from the maker of the most popular operating systems? Sound off in the comments below and on the forums.