30 September 2003


The recent explosion in malicious code attacks on Windows has raised the question of whether it is in the interests of an organisation to rely for its computing requirements on a single operating system.

The US Department of Homeland Security is reported to be saying that reliance on a single system for US organisations is a threat to US national security, and advises organisations to adopt IT policies that lead to the computing equivalent of biodiversity.

While our own Division did suffer as a result of the recent attacks, Macintosh users were only inconvenienced to the extent that the email server was overwhelmed with the sheer number of emails generated by infected Windows machines, and the network itself was saturated with traffic from virus emails and worm activity: the Macintosh is immune to the virus and worm code propagated during these recent attacks.

While it is common to hear that the only reason the Macintosh and unix machines don't get targeted with malicious code attacks is because they form an insignificant proportion of computers in use, this isn't so. Unix has been around for 30 years as operating system used for many tasks, including the support of servers containing sensitive information. Any vulnerabilities in the operating system that are identified can be quickly closed by the world wide unix community, and have been over the last 30 years. Many flavours of unix are open source, which means the code is available for the developer community to work on and contribute their solutions back to the operating system source code. Windows is a much younger, proprietary system that only Microsoft can change.

The vulnerabilities exploited by malicious code like the recent SoBig and Blaster attacks are not available for exploitation on the Macintosh: the Macintosh desktop operating system ships with the ports exploited by the malicious code closed, whereas Windows must have them open to operate; installing applications on the Macintosh of the type common with Windows exploitations is not permitted on the Macintosh without the computer's administrator approving the installation and entering their administrator's password (the malicious code doesn't run on the Macintosh or unix machines, but if there were such exploitations on the Macintosh, the administrator would have to approve the installation before the code could be executed - not good practice).

While it is certainly possible to conceive of vulnerabilities in unix being exploited, the likelihood is far less than with Windows: a prudent strategy is to encourage a diversified computing environment that reduces the risk of the organisation being unable to operate when its standard desktop is compromised.