OS X has a spectacular reputation for stability and security. At this writing, there still hasn’t been a single widespread OS X virus. There’s also no Windows-esque plague of spyware (downloaded programs that do something sneaky behind your back).
The usual rap is, “Well, that’s because Windows is a much bigger target. What virus writer is going to waste his time on a computer with 8 percent market share?”
That may be part of the reason OS X is virus-free. But OS X was also built more intelligently from the ground up. Listed below are a few of the many drafty corners of a typical operating system that Apple has solidly plugged:
OS X has always come from the factory with all of its ports shut and locked.
Ports are channels that remote computers use to connect to services on your computer: one for instant messaging, one for Windows’ remote-control feature, and so on. It’s fine to have them open if you’re expecting visitors. But if you’ve got an open port that exposes the soft underbelly of your computer without your knowledge, you’re in for a world of hurt. Open ports are precisely what permitted viruses like Blaster in 2003 to infiltrate millions of PCs.
In OS X, no program (like a virus) can install itself without your awareness. You’re notified at every juncture when anything is trying to install itself on your Mac. In fact, every time you try to download something, either in Safari or Mail, that contains executable code (a program, in other words), a dialog box warns you that it could conceivably harbor a virus—even if your download is compressed as a .zip file.
Unlike certain other operating systems, OS X doesn’t even let an administrator touch the files that drive the operating system itself without pestering you to provide your password and grant it permission to do so. An OS X virus could theoretically wipe out all your files, but it wouldn’t be able to access anyone else’s stuff—and it couldn’t touch the operating system itself.
You probably already know about the Finder’s Secure Empty Trash option (Locked Files: The Next Generation). But an option on the Erase tab of the Disk Utility program can do the same super-erasing of all free space on your hard drive. We’re talking not just erasing, but recording gibberish over the spots where your files once were—once, seven times, or 35 times—utterly shattering any hope a hard-disk recovery firm (or spy) might have had of recovering passwords or files from your hard drive.
Safari’s Private Browsing mode means you can freely visit Web sites without leaving any digital tracks—no history, no nothing.
Those are only a few tiny examples. Here are a few of OS X’s big-ticket defenses.