The Case of Insecure Software
I used to avoid this discussion since the question of which operating system is most secure is a very slippery subject. Honestly, I am a Windows user since the OS is most common among alternatives, familiar and productive. I admire the complexity and raw power of Linux and all its flavors while although I am piqued by the simplicity of MacOS and iOS, both are expensive and claustrophobic for me. I have however two thoughts to put forward: one, the question of insecurity, and; two, the need to protect consumers.
The Question of Insecurity
It is quite common to hear in the tech world that Windows is an insecure OS. The question of software security, however, is a very complex one. Tech commentators now speak of ecosystems with Apple and Google and how the former has a strangle hold in theirs. Security, I believe, is a paradigm between a balance of control and freedom. Growing up with Windows, I saw how modular design has allowed great freedom in the creation and support of third party software in the Windows ecosystem at the cost of greater vulnerabilities. Apple fanboys say that Apple OS is secure but that is because the company has tightly controlled its own OS’es that it is not too friendly to third party programmers.
When a discussion breaks between Windows and Apple fans, the topic of viruses is sure to come out. Windows, they say, has more viruses and malware compared to other OS’es. That is true but it misses the whole picture. While malware is made and is a product of several factors, the main driving force for it is it’s objective of maximum effect. Malware is always directed against the most used product. The tirade against Windows is also an acknowledgement that it is the most used operating system.
The rise of Android in the mobile space is a testament to this. Being the mobile OS with the greater market share, it has become what Windows is in the desktop sphere. I would say that if it were Apple products, then most hackers and black hats would direct their attacks against MacOS and iOS and tide would reverse on Apple fanboys.
It would be good to note too that the internet is now the universal attack vector. Any operating system connected to the internet can be hacked, so none of these could actually brag of impregnability. Software vendors have to deal with three major fronts: insecure software design, user abuse, and vulnerable inter-operability.
The question of secure software design then rests in how much effort software engineers harden their code and their ecosystems, how much leeway they provide for users and third parties, and the balance that comes between. Software security is always an arms race between software engineers and malware authors, thus, another side to security is how much updating and patching a software is given. All in all, the question of security isn’t easy and simple.
The Need for Consumer Protection
Google has the Project Zero Program that seeks to find vulnerabilities that affect Google software and others. In recent months, Googlers have contributed to hardening Microsoft software, one of their rivals. This intelligence sharing benefits consumers because the more security researchers from different vendors collaborate, the more secure the software we use becomes. This leads me to my second thought: consumer protection has become a collective responsibility between software companies and states.
Besides vulnerability scanning of software from other companies, like peer review within the scientific community, the use of software standards also calls for this collaborative and collective effort at security. A few years ago, a major flaw was discovered in the TCP/IP stack and in the DNS system, a software infrastructure that holds together the internet and the web. It forced rival companies to work together in solving the problem. They saved the day and everyone was happy.
Security nowadays has to be crowdsourced. The internet and all its dimensions: technical, political, moral, etc, is still in a state of flux as humanity is still in the process of making sense out of the greatest invention it has created that transcended boundaries and categories. While we still lack a universal approach to dealing with the internet and it being a work in progress, security is everyone’s job, including the user.