Heather
Gray

macOS vs Windows security: a detailed analysis

Heather Gray

Feb 9, 2022

14 min read

The best way to rile up any IT professional is to bring about the age-old debate of macOS vs Windows security. Many are ardent supporters of Apple while others tend to choose Windows over Mac. Windows is more affordable and practical for general use. You won’t find many people who stay loyal to both platforms.

Sure, macOS and Windows have their own weaknesses but when operated according to the latest recommendations and security practices, both these operating systems are good for enterprise use.

2019 shocked the Apple community when Macs faced more malware attacks than the average Windows PC. One of the most noteworthy one was a malware that allowed hackers to bypass Apple’s security defences.

Surprisingly, some of the vulnerabilities found within Macs were reported by Microsoft such as Shrootless and powerdir. Apple doesn’t usually disclose any issues they face to the public until they have patched it. Users can find a list of these in their release notes.

Similarly, 2021 was rough on Windows with the number of critical vulnerabilities being reported across the platform. Microsoft’s Security Response Center sets out a complete list of vulnerabilities, together with release notes and the date it was last updated. In spite of this, Windows continues to be the preferred OS among users holding 32% of the marketshare worldwide.

Security, in addition to affordability and productivity, is an important factor most enterprises take seriously. It’s quite difficult to point out which platform is more secure, let’s take a look at some of the major features provided by each OS and try to understand how secure they really are.

macOS vs Windows: a detailed look at its security

Bootup protection

macOS

Mac devices with Apple’s T2 Security Chip comes with a security feature known as Startup Security Utility to ensure devices starts up with the right startup disk and operating system. It also has a Secure Boot which prevents unauthorized operating systems from running on the user’s computer and secures the system from malware.

Other security features include:

Firmware password protection – this prevents users from starting from a disk other than the selected startup disk. The firmware password can be set from the Startup Security Utility.

Configure Secure Boot Settings – this ensures the Mac starts up only from a trusted operating system. The various configurations include full security, medium security and no security.

Set allowed boot media – allows users to start their Mac from an external or removable media. For security reasons, Apple always recommends disallowing it, but permission can be granted by changing the settings within the Startup Security Utility.

Windows

Some of the sources of Microsoft’s protection for pre-boot, boot and post boot can be found in open source initiatives. These initiatives are placed under Secure Boot, a security standard provided by Microsoft to ensure the device starts booting up only with a software which has been authorized and trusted by the OEM. The systems are required to have the latest Unified Extensible Firmware Interface (UEFI) and Trusted Platform Module (TPM) installed within the motherboard.

The boot process requires a cryptographic approval, and no new action can be initiated unless it has been verified. If anything tries to modify the booting process, alerts will be sent to one of the two chips, where an action to either stop the boot process will be initiated or a warning would be sent to the user.

The TPM chip consists of cryptographic features. BIOS chips have now replaced UEFI. These chips are integral in ensuring the protection of both the operating system and applications during and after the reboot.

Malware protection

“How
How protected are these systems from malware?

macOS

macOS comes with in-built security services to prevent malware from running on the system. This includes Gatekeeper, Notarisation and XProtect.

Notarisation is a malware scanning service where developers who want to publish their applications outside of the AppStore are required to submit their applications, which would then be scanned for malware. If no malware is found, Apple will issue a notarisation ticket. Developers can attach this to their app so that the Gatekeeper can verify it and launch the application.

If a notarised app is found to be malicious later, Apple would issue a revocation ticket. macOS constantly checks for revocation tickets in order to update the Gatekeeper and prevent the launch of corrupted files.

XProtect is an in-built anti-virus technology found within macOS. It keeps a check on malware infections by the means of a signature based detection. These signatures are updated automatically to ensure the Mac stays protected from newer malware infections.

Windows

Windows has its own real time anti-virus tool known as Windows Defender. It runs in the background and keeps a constant check on the system from malware infection and other malicious programs.

It was first released by Microsoft as Microsoft Security Essentials in Windows XP, Vista and 7. With the release of Windows 8, the software underwent a couple of revamps and renamed to Windows Defender.

Windows Security is a real time protection feature found in Windows 10 and 11. It scans the device for various security threats, malware and virus. Some of the features provided by Windows Security include virus and threat protection, account protection, firewall and network protection and device security.

macOS malware analysis: How can you stay safe online?

Application Security

macOS

macOS has a vigorous app screening process. Gatekeeper bars users from installing any harmful external application within the system by checking for a Developer ID certificate.

Apps published outside of the AppStore must be submitted for notarisation, this ensures that applications users use are free from malicious files.

App sandboxing is another feature that boosts the security of macOS applications. Sandboxing restricts applications from accessing data and other system resources. Although many in-built applications support sandboxing, not all applications have this feature.

Windows

The Defender Application Controls works in unison with Microsoft Edge. Edge together with its sites and applications run in an isolated virtual environment kept separate from the operating system.

Various restrictions are imposed on sessions opened within Application Guard to prevent the occurrence of any actions that could be of high risk.

The Windows Defender Application Control restrict applications which allow users to run and code in the system. It prevents users from running an application that could harbour a malicious code. Apps from the Store are automatically trusted as they are digitally signed to prove the code has not been altered in any way.

Browser Security

“Keeping
Keeping users protected from phishing attempts and other scams
 

macOS

Safari the default browser in macOS has a couple of security features to protect data privacy and ensure a safe browsing experience. These include:

Blocking other websites from accessing user data – With the help of machine learning, Safari can spot when websites unnecessarily harvest user data. When a particular website is suspected in doing so, it blocks the data from being cross overed to other sites. This limits the spreading of personally identifiable information of the user. It also restricts other third-party applications from accessing the data collected by Apple.

Accessing privacy reports to gain information on active trackers on websites – Users can use the Search Smart Field located at the top of the browser to keep tabs on the sites collecting their data. It also informs users if a particular site has been blocked from accessing information.

Privacy browsing windows – They can be used to further hide information from websites and data trackers. None of the search results will be saved and they won’t appear within your Safari’s history. It also prevents autofilled information from being saved and restrict users from sharing websites.

Password manager – Strong passwords can be generated with links to iCloud Keychain. Safari comes with the option to let users know whether their passwords have been compromised or not. Users can know if their passwords have been passed around the web. If you see a yellow triangle icon with an exclamation point, you’ll know its time to change your password.

Windows

Microsoft levelled up the security of Edge, Windows default browser to include security indicators within website and malware protection. The website security indicator is a feature that displays HTTPS on the left corner of the address within the address bar.

This shows the site has a secure connection. In terms of malware protection, if Edge suspects the user is accessing a website prone to malware, it’ll display a warning page dissuading users from further accessing that particular site. Other security features include:

Windows Defender SmartScreen – It protects users from phishing attacks by running checks on the websites users are trying to access. If the website is found to be suspicious, a warning will be displayed. SmartScreen’s integration with Windows 10 shell prevents application from connecting to the website by going around the browser route. This integration verifies all apps and websites are well screened before users access it.

Prevent data tracking – Edge allows users to configure the type of trackers they wish to block. This stops websites from gathering data across a single site and multiple sites.

Sandboxing – This prevents websites from injecting malicious codes. If a malicious code is downloaded, it goes right into the sandboxed part of the system. When the sandbox is closed, everything inside of it will be wiped, so the malicious code won’t affect the system in anyway.

Remote management

macOS

One of the important features both operating systems offer is the capability for users to locate their lost devices. Mac users can locate their lost device through the Find My app. The process is quite simple. The user has to install the Find My app and click on the device list to select the device they wish to locate.

You can set notification if the location does not appear below the device to receive a notification as soon as the device is located. Users can also mark the device as lost and initiate a remote lock to ensure data security. Directions to the lost device can be obtained via Apple Maps.

Users can even set a remote ring if the device is nearby. Notification can be sent to the user end even when the lost device is offline. Other features include disabling Apple Pay, initiating a device wipe and displaying a customized message on the screen.

Limitation:

  • Tracking the device offline will require bluetooth to be enabled

Windows

Microsoft’s Find My Device feature permits users to locate lost Windows 10 devices. They need to first login to their account and gain admin rights to it. When activated, a notification will pop up on the screen of the lost device. Find My Device too comes with the functionality of remotely locking the device.

Limitations:

  • User should login in with admin account
  • Cannot locate a device if a school or work account is linked to it

How to track your lost devices with Hexnode’s lost mode for Windows

Encryption

macOS

FileVault is a disk encryption program found in Mac devices running from version macOS X 10.3 and above. It is an in-built security feature to protect all information stored within the device. Encryption offers more security than password protection as it encrypts the sensitive information.

This information can later be deciphered only with the help of an algorithm and a key. FileVault can be enabled from System Preferences > Security & Privacy. It makes use of XTS AES 128 encryption with a 256-bit key.

Windows

BitLocker is a full volume encryption program native to Windows devices. Once encrypted, the files and other information cannot be decrypted unless the user enters the right encryption key. It makes use of a Trusted Platform Module (TPM) a hardware component used to authenticate the device.

The authentication is done by the means of various artifacts such as passwords, encryption keys and certificates. BitLocker creates a recovery key on the hard drive, every time a user logs in to their computer, they would have to enter their secret pin to use it.

Data harvesting and user privacy

“Securing
Securing data privacy
 

macOS

Since the software and hardware components of Macs are fully managed by Apple, it maintains stricter controls when it come user privacy.

Data is collected by both platforms for telemetry purposes, but Apple offers more security since the company oversees the production of its own hardware and thus can set better restrictions on app developers. Apple shares personal data only with a very limited number of third parties.

While no OS can give one complete privacy, macOS has more advantage over Windows at this point. When your Mac device sends out private data to Apple servers, measures are taken to ensure the privacy of the information being sent out. The data will always be tied with a random identifier, thus the identity of the user can never be linked with their data.

Ensuring data privacy in Macs using the Privacy Preferences Policy Control

Windows

Windows on the other hand is used across different hardware, each having its own specifications and configurations. Windows 10 has received a fair amount of backlash for the data they collect from users such as their search history in browser and location history, just to name a few.

Despite Microsoft levelling up its security measures by enabling multiple privacy settings, it continues to collect personal data from users and still has to come a long way in ensuring enough privacy of users to satisfy various regulatory bodies.

File Integrity Protection

macOS

The System Integrity Protection (SIP) protects the integrity of important files and directories even if the action is performed by a user with root level access. The protection measures include:

  • Preventing unsigned kernel extensions from running
  • Preventing injection of malicious code
  • Preventing real time code modifications lacking entitlements authorized by Apple

Windows

Windows has over the years introduced multiple features to enhance the integrity of files pertaining to the OS and user. These include:

System File Protection (SFP) – if a critical file is deleted from the system, Windows will replace it with a copy.

Mandatory Integrity Control (MIC) – every file, user and process will be assigned a MIC value, starting from low, medium to high. Objects with low MIC value are not allowed to make any changes to objects with high MIC value.

PC Reset and PC Refresh – allows the user to reset the device to a new state at the same allowing them to save the existing files, configurations and applications.

Azure Security Center and Azure Defender have now been rebranded to Microsoft Defender for Cloud. File Integrity Monitoring (FIM), an important part of Microsoft Defender for Cloud monitors and detects any changes made to systems files, applications and registries. This is used to secure your network.

The changes are identified using Azure’s Change Tracking solution. According to Microsoft, FIM notifies the user if any file and registry key is created or removed and if any of the files or registries are modified. Some of the limitations of this include:

  • Users have to get a Microsoft Azure subscription
  • Azure Defender should be enabled

macOS vs Windows security: summing it up

macOS at a glance

Pros  Cons 
Has more built-in security features in default browser   Increased cyberattacks
Stricter app approval process   Does not offer updates for older devices
Protected app store Limited number of applications
Ensures more user privacy Lacks hardware customization

Windows at a glance

Pros  Cons 
Provides customization Does not offer enough application security  
Offers hardware support   More prone to malware infections and cyberattacks
Website security indicator and malware protection Increased data harvesting and tracking
More affordable Lacks enough privacy features

Bottomline

Both platforms harbour flaws and strengths of their own. The main point is to choose an OS that works well for your business and addresses everything your organization needs to get done.

For instance, Windows are mostly used by businesses who require different hardware configurations while macOS is mostly preferred by creative professionals. But this could change in the future.

No matter what your business requirements maybe, a UEM solution offers complete management of both Windows and Mac devices in terms of data protection, device security, network security and more.

 

Share

Heather Gray

Technical Blogger @ Hexnode. Reading and writing helps me to stay sane.

Share your thoughts