This work is licensed under a Creative Commons License.
OS X offers inherently better security for several reasons. The most important is that it was designed with relatively little concern for compatibility with earlier versions, while Windows is full of compromises so that it works with older and less secure operating systems.
This is actually quite wrong, Apple have provided emulator technology that spans right back to their 68000 days (before PowerPC). They have always been concerned with backward compatibility. The important difference is that Apple's mechanism for compatibility has been to use virtual machine technology rather than Microsoft's approach which is to leave all the old API's open. I'll also point out that even Microsoft had to go partway towards the virtual machine design and that in Windows XP there are several "modes" that a program can operate in which expose different types of API -- Microsoft just never quite got it right.
Aside from this, by far the most important reason that OSX provides better security is that the normal user does not run with full system privileges and cannot (for example) install new programs. Apple users will no doubt notice that when changing critical system settings, or when installing new device drivers, the system will ask for a password. No password, no install. Thus, if a trojan horse comes in the door and a user is asked to click on this form and fill in in, then the trojan attempts system level tweaks in the background... the trojan is going to need to convince the user to enter their system password. This is a big heads-up for any user who is going to know that something dodgy is happening.
But many problems remain and will persist at least until Vista, the next version of Windows, is introduced late next year.
And there is the quintessential hallmark of the Microsoft apologist: the next version is going to fix this up. Don't go and buy anything else because we have this under control real soon now. While I'm willing to agree that Microsoft have made incremental improvements in thier OS and Win-XP is much nicer than Win-3.1, I'm not willing to give them credit for vaporware that might or might not turn up at some random date. Look at the solid reality that exists on the ground right now or don't bother looking at all.
I think the most important cause of Windows sclerosis is the odd assortment of system specifications, program preferences, and assorted other instructions called the Windows Registry. With time, the Registry tends to accumulate the computer equivalent of crumbs, dust bunnies, and assorted junk.
Badly written software is badly written no matter where it stores it's data. The Windows Registry is not much different to any filesystem in as much as it uses a plain tree, and has a path to each data element. The same data could be stored in SQL or in an ordinary directory tree for all the difference it makes.
If a program doesn't clean up properly as it goes about its day-to-day operation then that program is broken. If the junk builds up to such a point where it slows the entire system, then this is a problem with both the program and the system design. By the way, I'm notoriously messy with my files and folders, my personal system has junk everywhere, not because the programs don't clean up but because the user doesn't. What I found was that switching all my working filesystems (e.g. /home and /usr/src) over to reiserfs means that the system is never slow no matter how many files it is wading through. A good B-Tree based filesystem can compensate for extremely bad file and directory structuring. Is Microsoft's "Registry" based on a B-Tree design? I wouldn't know, but it sure as hell should be, and if it isn't then right there is an obvious bug that needs fixing.
Getting back to messy users and programs that don't clean up. With RedHat Linux, there is a very simple method of checking any file on the system to ask why the file is there and what it does. You can ask the package manager about any file and it will tell you which package that file belongs to and will give you a description of that package so you can understand what it does. With tens of thousands of files on a typical system, this sort of tool makes it so much easier to audit suspicious files. The package manager will also scan the entire system and check whch package files have been modified.
Something that completely pisses me off about Microsoft is their lack of any audit trails or any way for the user to request information on what a given file is doing. Of course, lately we have had the Sony rootkit fiasco, but aside from that even with regular system files there is no way of telling if they are really part of the system or not. If you even try to look at the system directory, it will try to stop you and prevent the user even peeking at what's there.
The user cannot check where files have come from and what they are doing, why they belong on the system at all. The user is encouraged to just trust what happens and don't ask any questions. This environment is forever going to be bad for security. Microsoft's systems cannot be secure while they continue to take such a disdainful attitude to their users.
This work is licensed under a Creative Commons License.