Connect with us

Hi, what are you looking for?


Endpoint Security

Windows vs. Mac OS: Who’s Better Protected Against APTs?

APTs on Macs

The specter of advanced persistent threats (APTs) hangs over a growing number of conversations these days about enterprise security, and has prompted businesses to take a closer look at how they can make their environments less vulnerable.

APTs on Macs

The specter of advanced persistent threats (APTs) hangs over a growing number of conversations these days about enterprise security, and has prompted businesses to take a closer look at how they can make their environments less vulnerable.

For some, this has reignited discussions about how the security of Apple’s Mac OS X stacks up against Microsoft Windows. Mac computers have, after all, traditionally been relatively free of malware when compared to Windows-based PCs. But a presentation today at the Black Hat security conference in Las Vegas made it clear the answer to the question is not clear cut.

Mac. Vs. Windows - Enterprise SecurityBoth platforms have their pros and cons, explained Alex Stamos, co-founder of IT security consultancy iSEC Partners, but when it comes to APT, the Mac’s defenses are weak at a key phase of these types of cyber-assaults. Once attackers are on the network, they can take advantage of weak authentication schemes used by many of Apple’s server protocols to escalate privileges and wreak havoc, he argued.

Network privilege escalation is at the heart of APT, Stamos said, particularly because any organization with thousands of people has at least one employee “dumb enough” to be duped into running malware. As recent the breach at EMC’s RSA security division showed, all it takes is a piece of malicious software and the right amount of social engineering to successfully execute an attack.

The step – where attackers on the network seek to obtain higher privileges – is the step that “you can monitor; the step you can harden,” Stamos said. “But unfortunately on Mac, it’s also the step that’s pretty much trivial for attackers.”

Apple did not respond to a request for comment about the presentation. However, Stamos and fellow iSEC presenters Paul Youn and William “B.J.” Orvis pointed out that Apple has made some efforts to bolster protections for its operating system in recent years. Among them, the introduction of data execution prevention (DEP) in 2006 as well as the improved implementation of address space layout randomization (ASLR) in Mac OS X 10.7. When it comes to these features, as well as technologies meant to prevent local privilege escalation, Mac OS X 10.7 is on par with Windows 7 in the fight against APTs, Stamos contended.

Some of the challenges facing Mac users however may be less technical and more psychological. For example, Apple users have been conditioned to think of themselves as safe, and are therefore less likely to run antivirus and more likely to run applications that are unsigned, argued Youn, senior security consultant with iSEC.

In addition, attackers in an APT scenario are “looking for a user who doesn’t have the strongest appreciation for security,” Youn said.

Advertisement. Scroll to continue reading.

The trio’s presentations comes on the heels of a new report from RSA, contending APTs are now targeting a broad range of private sector organizations to steal intellectual property and other proprietary data.

“Cyber criminals have aggressively shifted their targets and tactics,” said Art Coviello, executive chairman of RSA, in a statement announcing the release of the report earlier this week. “In the never-ending war for control of the network, the battle must be fought on many different fronts. All organizations are part of the greater ecosystem of information exchange and it is everyone’s responsibility to build and protect that exchange.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.