Are Macs REALLY Safer?

Don't worry, my $999 apple stand has no chance of getting a virus.

AWWWWW! I Have been an IT Guy for years. I have worked on MAC, Linux, and windows. They are all about as secure as the system admins supporting them.

Linux community has entered the chat....but does not want to know your location.

No joke, ad-blocker has probably saved my ass more times than I can imagine.

Fun fact my typewriter doesn't get windows or Mac viruses.

Big Macs are safe though.
Unless you want to get hypertension.

Top tip: password managers are helpful for avoiding phishing attacks. Autofill isn't going to fill if the URL is visually similar but not identical.

This reminds me of a VERY old IT joke: "the safest computer in the world is one where no firmware or operating system has been installed, all external and internal IO has been disabled, there is no display, nor keyboard nor mouse, and it's been sealed in a steel box and dropped into the Marianas Trench - super secure, but essentially worthless"

But Pro Display XDR isn't Safe Without the Stand

idk whats cheaper. getting your wallet banged by a hacker (699$)
Or an apple stand (999$)

there is tons of viruses for mac, just have to pay for them
:D:D:D

4:19 "If you do, you will have to give up pirating your favorite games"
I'm pretty sure going from Windows to Chromebook means giving up on all games period.

I think the issue goes much deeper than that. If I am not mistaken Win32 apps have a more rights than apps on Mac OS. I heard that UWP fixes most of these issues but very few people seem to be using that.
Another thing to note is that the UAC (User Account Control) on Windows seems to be less granular than the permission model Mac OS or most UNIX based OS use. An App that needs system level access on Windows is usually started in admin mode and can than do whatever it wants for the duration it's running. In the UNIX world you typically grant those rights only for a specific action.
Aside from that there is also the topic of kernel access that I know very little about and that you should have discussed.

The Chromebook image at the end is a Dell Chromebook 3189 don't know who would find this information useful but here it is

It just depends on how you use your computer

Where's my 8k option, my Chromebook can take it Linus!

There are a fuckton of advanced security features stemming from the UNIX world getting more numerous since SL. Among them are Mandatory Access Control to the kernel level, App Sandboxing, PKI, Standardised ACL and POSIX permissions, W^X, or more recently SIP. Gatekeeper even offers build in security scans of all apps since 2011, way before Windows had a build in virus scanner. Add to this the Full Disk Encryption offered by FileVault since (again) Snow Leopard, at this point even the TimeMachine (Apples fully timelined Backup Solution) offers build in Encryption (End to end and endpoint). I was a security researcher (penetration tester) for years and can whole heartedly endorse that MacOS is indeed harder to attack. For example a common tactic, using pdf embedded JS scripts, simply fails on a mac due to their tight but restrictive integration of the pdf format. It is by no means OpenBSD, but it is a joke to compare the well exploited NT lineage to macOS.
As for pure Viruses, there are about a handful for the Mac. Only 1 of which I know you could get running right now thanks to gatekeeper exploding with denial messages for the others. That is in part definitely due to value of attack market. However it still does make the Mac a profoundly safer place to be a noob. By default you cannot even install Apps from unknown developers without specifically pushing "run anyways" in the right settings submenu.

Mac user here. I use Bitdefender anti-virus on my systems, and recommend that any other Mac users find a similar option. There’s no such thing as a system with no vulnerabilities.

I was hoping you might talk about BSD sandboxing and other such differences, but alas.

You just compared Apple Mac to a small town in the middle of nowhere ...
Mac users: Triggered!

This is why I use os/2.
Come at me virus.

literally my favourite part about Linus hosting videos is "how's Linus going to bullshit his way into a advertisement segue this time?"

Fun fact: In 2013/2014 while OS X and general Apple product adoptation was storming ahead, virus and malware targeting OS X increased by over 4000%. Hilariously, in 2011 a lot of OS X installations was struck by the 'Mac Defender' malware and Apple reacted by basically telling their techs: Don't confirm or deny that an infection exists and whatever you do, don't try to remove it."

Wow, as a former Apple and former Microsoft employee, I’m shocked by this video. It goes deeper than Market Share, you should of looked into GateKeeper, and sand boxing. This clearly points out his bias and rush to judgement.

I’ve never had any malware or viruses on Apple products since 1985. It’s anecdotal, but in a circle of primarily Mac users, I’ve never met a Mac user who has ever been infected with viruses or malware. So, just another data point.
(Yes, I’ve read about and watched DEFCON and like demonstrations of Macs and Apple devices being compromised. I am aware of what is possible and the shortcomings present in every architecture.)

You know whats safer than a Mac :
Two number 9s, a number 9 large, a number 6 with extra dip, a number 7, two number 45s one with cheese and a large soda

From someone that uses and supports both OS's on a daily basis, I find that the Mac does a better job of stopping the user from installing software that would/could have malware/viruses attached to them. Apple have implemented a lot more security into their OS like the Security & Privacy blocking unrecognised Apps and the fact you have to put your password in to install basically anything. I see my fair share of infected Macs but I see WAY more PC's that are infected

Mac is like having a regular lock on your door, but you live in the middle of nowhere. Windows has a chain and deathbolt, but you live in downtown Detroit. Technically the later is safer. In practice the former is. Plus Mac OS it's more difficult to install something unintentionally then it is in Windows, just by having how the UI and OS works, which reduces getting infected via user error.

That's nor middle of nowhere! that's my village :(

Did you guys forget about SIP (System integrity protection) for OS X? This is the major difference between the operating systems. SIP protects core OS files and is likely another major reason why it gets less malware.

4:07 but what if someone hacks Google and bricks every chromebook with a rogue update?

Linus: Speaking of giving up...
Me: Same

I think people miss a very important thing: The quantity of software between one OS and the other. There exist a lot more applications for windows, wich would by logic have also more malicious ones. It would be interesting to se the ratio between these two

It’s a lot easier to get a backdoor In Windows compared to any Unix system, macOS included, with things like “rootless” leaving read-only rights to the system files unless *specifically* having the user going out of their way to disable that. The T2 chip encryption is also something that should not be ignored, and the only times I’ve ever seen someone with a virus on their Mac, they had to be tricked into typing in their admin password. On windows, you can simply hide malicious code in a file and run it through a backdoor without a password, or at best a simple “yes or no” screen. Finally, the Mac App Store has many more apps than the Windows Store does currently, including many professional apps, so you’re much more likely to get the app you need through the much safer built in store on macOS compared to Windows.

Though you’re right regarding the operating system on its own, I think not touching on hardware features that Apple is able to employ, like the T2 chip, is missing a big part of the picture.
Having hardware kill switches for the microphone, secure booting, and hardware level encryption is super powerful.

Here's an analogy: Security is often an inverse-correlation between security and functionality.
With iOS/OS X - Installed programs are usually from a single trusted source (less so on OS X), and programs are usually able to access far less on the system (especially on iOS).
Windows/Android by comparison has programs that come from everywhere, and can do pretty much anything - great for functionality but as a consequence - it radically increases the 'system surface area' that could be attacked, and therefor there are far more bugs/malware for them.
Curious if people disagree though - let me know I'm curious.

System Integrity Protection? Sand boxing? Totally ignored some of the fundamentals of macOS security.

I really enjoy this techquickie guy. I hope he starts doing unboxing videos on every tech product and reviews them and make the occasional funny content.

You can absolutely do a number on someone running OSX if you manage to figure out a way to control processes or files. For example running jenkins, spark, flink, redis, etc without authentication, which is how a lot of people learning these technologies deploy them locally. It's basically just another UNIX like OS with some additional attack surface. The core OS is relatively solid but it's all the stuff that people install after the fact that causes problems. I routinely compromise developers' macs on the regular.

I would argue that Unix is inherently more secure than Windows. The extra security does however negatively affect UX as normal users hate having to constantly supply their passwords for basic tasks.

Just because someone isn't affected by the virus, doesn't mean they're not a carrier.

Short answer: i don't think so but idk
Long answer: i d o n t t h i n k s o b u t i d k

it reminds me of a month ago when my classmate got adware on her MacBook Pro 2016 b/c she installed a "MacCleaner" program to resolve issues on upgrading to MacOSX Mojave. She couldn't move the program to the trash bin. I managed to help her out by using the terminal to delete the program and then no more adware

I love the old mac vs PC ad in your video

Sir, you are however forgetting code signing, Gatekeeper, and Secure Enclave implementations in Mac OS. Untrusted, un-notarized code is far harder to run under modern Mac OS whereas Windows has absolutely no protections like this - and third-party "security" software isn't a practical solution.

Linus: "You might have to give up pirating your favorite games"
Me: Downloads ARC and the apk to my favorite game

I sure do love a good quickie~

Computers are computers. The biggest threat is usually between the keyboard and chair. Now I'm gonna go and update my Mac's Malwarebytes......

PLEASE HELP. After an update on my Mac, I keep randomly seeing ads for the $999 apple monitor stand.

yeah, apple and Microsoft spend resources on security, the same can't be said for intel

The puns... the awkward pauses for devastating pun effect. haha.

any thoughts on the upcoming Catalina being on a read-only partition of the ssd/hdd?

“Windows malware can’t run on Macs”
*Wine has entered the chat*

I would argue that for malware, rootless mode and other security enhancements on macOS actually make it condensably more difficult to write a deploy truely useful malware onto macOS. However, windows still provides comprehensive legacy support in windows 10 which is a considerable detriment to its defensive performance overall.
It's been a while since we have seen an actually effective day0ne exploit for windows or macOS though. So the best advice is just to be cautious.

The audio in this video was fantastic!

Ive been looking for this kinda video’s THX

Whenever Linus makes such a video the fights begin.
Penguins rock!

If the title of the video is a question, the answer is always "it depends".

Really appreciate someone like Linus to tell the facts. It helps get the word out there and actually helps people be more vigilant to protect themselves. Hell there are Mac Antivirus products!

It's worth noting that back in the day it used to be true that Macs and Linux were inherently safer by design because of a few simple security layers built into the system (sudo!) up to XP/2003 included... but then ever since Vista introduced UAC it's not really the case anymore.

The real joke is having that many matches on Tinder

Just run on BSD, won't get any issues since nobody ever knows it's existence. 👌🏻

What’s the best malware/virus protection software for Mac?

Any OS can be compromised by writing something malicious for it, what matters is how you're going to get in on the machine. This video didn't really address the fact that (historically at least) there are many more attack vectors on Windows than on Mac (remember Active X?). It's abundance of opportunities, not just marketshare.

They're a lot safer, especially the newer models with the T2 chip, and Apple software doesn't track you, they do everything to give their customers maximum privacy, whereas Google and Microsoft have sold customer information to other companies...

Mac OS: I'm the safest operating system ever!
Linux: Hold my beer

Linus "JBP" Sebastian: "Well... It depends on what you mean by"

About the whole antivirus solution thing, my biggest recommendation is BitDefender. They have a 99.8% detection rate and also comes with a really good VPN. And they also have other features like ransomware remediation, advanced threat defense (exploit defense), an encrypted online payment environment, an anti tracker system, a vulnerability scanner, webcam protection, file vault, privacy defense, and a WiFi vulnerability/safety scanner.

Nothing is safe in technology

Didn't use an anti-virus program for years and I was fine even though I, as a poor student, did some piracy and shady sites. I use Avast now, but it annoys the heck out of me with all its pop-ups.

Mac had a pretty bad vulnerability a couple of years ago, you just could type "root" and press Enter twice in the authentication form to get root privileges. However, given that Mac OS is a Unix system with properly set user privileges, it's more secure overall by design

I do disagree with the part where "there's nothing that makes Macs more secure than Windows".
Unix is more secure by design because of its permissions (that NT somewhat has, but not to the same level as Unix)
Though there's always a workaround and getting the user to install malware would negate any issues it might have with permissions.

*laugh in Linux*

There hasn't been registered a single active virus there has spread from Mac to Mac without any help from the user since Mac OS X was launched. however, new Malware for Mac OS X and macOS is registered on a scale of 1-3 per year ;) so the doctrine of whether you need a malware scanner on your Mac or not, must depend on who is behind the screen.
I have never had any kind of Malware on my Mac, not even Adware in the form of a Browser extension. But the number of times my mother has been able to install MacKeeper on her Mac, has caused me to install a Malware scanner on her machine.

My MacBook has been on for 7 years. Not once have I said “ WTF!!” When a pop up, adware,maleware, etc etc. As windows would. Granted I haven’t used a Windows PC personally since Vista I do use it for work and it seems to have been improved. Back in the day though you couldn’t go a week without googling how to close the screen lock pop up from your gateway laptop

Yes ... I've been using Macs for 10years now. Never installed a single virus software. Never got an virus.
Been using PCs since I was a kid, got a shit ton of virus and malware.

"a small town in the middle of nowhere"
ouch

You should have brought up apples proprietary T2 chip

Thanks for protecting us against misleading ads made back when Steve Jobs was feelin' cool and froody!

Linus, will there be a follow up episode on "what is monthly security update for windows and Android, what exactly they update?"

Claims of one OS being this or that... sure sign that you are just a gamer playing sysadmin... I love Linux and BSD Unix, but all networked devices have vulnerabilities, thats just reality. Claiming anything otherwise would be foolish.

Windows PC with monitor: $700
Rare potential Malware on Windows PC: pay us $400 to remove the virus
Total: $600-$1100
"Secure" Mac PC: $1300
Total: $1300

ok, i use windows for like 10 years until recently i got a 2015 macbook pro. here's why:
i subscribe to adobe photography plan, I can't find any alternative to photoshop and lightroom, up until recently i started to do a lot of video project, i need a video editing software, i want to use premiere but I won't subscribe to "adobe master collection" cuz it cost lotta money, so i try my friend's imac and try final cut, its good, easy to understand and hella fast! but the problem is it's only for mac, so i started to using davinci resolve. but it's not a really good experience (personal preference). so i decided to buy a 2015 macbook pro, and i have no regrets! i love macos and their user interface. In windows, if im working on photoshop or lightroom, its feel like im "working" (ok, its weird but listen). but, when i working in macos, its feel like im "playing" like playing! (maybe because the macos GUI that i love). then i use final cut for my video projects which i like more than premiere and davinci resolve (i use cracked premiere in the past :v). thats just my opinion, what about yours?

I would like to mention, that apple’s closed hardware configurations and drivers means they have more control over vulnerabilities that concern those. When big issues are found, they can more easily fix them.

Unix based systems do have better permissions systems though which makes them less vulnerable though!

So basically, although there are far less viruses for MacOS, the operating system is about as safe as Windows if you’re not careful.
Also, tell me if you’re tired of the (dead) $999 stand meme.

This is only really half the picture.
For example, on windows services all run on the SYSTEM 'account' (the true administrator), whereas unix allows each service to run as a different user which only has the permissions it needs.
So while the two kernels may be about as easy to compromise (ie very hard), *nix systems allow for better seperation, meaning that it's less threatening if, for example, samba has a rce exploit, since that still doesn't give you full access. EternalBlue was such an exploit, and it got full system access on windows, but were it a mac samba attack, it would likely need more privesc to be of any use.

Jokes on you my sister managed to download a Trojan virus on our Chromebook

Is this why I have to buy a $999 stand

or just don't download random stuff from the internet and use an ad-blocker to prevent pop-up malware.

The only time I saw actual viruses on Macs was back in the late 1980s when programs like Disinfectant (by Chris Johnson) existed. nVIR , HyperCard 1990, and MDEF were the more notable ones though there were others.

Well. those headphones... I already got those. Where do I get the stand, @LinusTechTips ?

no root privileges over the machine, the need to enter your password to reconfigure the system, and gatekeeper sub-system that is becoming more aggressive each update.
Are you The Verge now LTT?
edit: addint T2 chip and whatever now to secure stuff. PC statistics is all good but why not make a video of how hard is to create malware that infects windows vs macos btw.

I watched the video, but have no memory of watching the video.

There is also the fact that at the time Apple ran those adds, Mac's didn't run with root permissions by default and you had to enter your password to install software. Meanwhile Windows of that era, it was both common practice and often required, to have the main user account have administrative privileges and windows did not prompt you to enter your password to install software as long as you had permissions.
This led to a situation where windows users were more frequently infected just by clicking links online and downloading trojan horses and not even realized they've installed malicious software. Regardless of the larger target that windows provided malware producers, it was simply easier to trick users into installing it in the first place.
If you've ever seen IT crowd where a browser had 10 search bars installed and flashing pop-ups all over, this was actually a rather common occurrence until Microsoft implemented user account controls that required admin prompts to install software. Sure viruses could still find ways to bypass this, but this one change helped stop a vast majority of the crap windows users were dealing with at the time.

Quickie explaining why a TV can run 1080/1440/4k and have it look perfect (like it was native) but why a pc monitor looks terrible at anything other than native res. I've wiki'd some info, but id love to hear these guys explain it!

Just use a free program like Malwarebytes. Works for both PC and Mac. Problem solved.

The only safe computer system is one that is switched off.

Always great 👍 thanks an have a fun weekend Brother ✌️

I have a mac and a windows and on my mac unless you disable a lock in the settings it wont allow you to download things off the internet from an un-identified source. Sounds good buts its pretty annoying from time to time and doesn't work well