Marc Maiffret, despite having a name that sounds uncomfortably French in origin, is one of the founding members of a special and elite club: he’s a turncoat hacker. Once an infamous black hat, he’s now the chief security architect for leading malware protection system developer FireEye. His list of notable accomplishments is many, but they will all be shadowed by his latest statement: Microsoft software is more secure than Apple’s.
In a frank and interesting interview over on CNET, Maiffret spends a lot of time discussing how Microsoft has really shaped up in terms of producing secure software. Maiffret says that Apple is only now looking at improving its code review and auditing procedures — something Microsoft has done well for a long time now.
Maiffret also notes that desktop apps are now the biggest threat to our security — apps like Adobe’s Creative Suite. There isn’t a tried-and-test patching process for desktop apps: if a security hole is found in Flash or Photoshop it can be a long time until it’s patched.
Meanwhile, it seems Apple’s primary defense is still security through obscurity: “We’ve only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them.” Ironically, Apple continues to claim that its OS X is more secure than Windows — a very dangerous act, according to Maiffret: “… They try to market themselves as more secure than the PC, that you don’t have to worry about viruses. Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not.”
So, good news, Windows users — you might not be aware that you’re using the more secure operating system… but you very much are!