Are Operating System Vendors Really Selling Security?


In an IT Pro Portal article whose title says it all – Windows vs Apple OS X security: market share more important than product – Will Dalton gives Team Cymru's Steve Santorelli the chance to make the  point that operating system vendors aren't really in the business of selling security. I may be putting words in his mouth (or interpreting Dalton's interpretation), but I think his point is this: it's one thing to make the claimed security of your OS a selling point, but if you're comparing the security on these two platforms, what you're probably really doing is trying to assess where they come on the continuum between very secure and very convenient.
Modern operating systems are capable of a high degree of security, but default settings tend to be a compromise. When most people boot their new systems, maximum security is not often their number one priority: in fact they have a cognitive bias towards assuming that the system is already as secure as it needs to be.
Unfortunately, the same applies to security software: vendors usually assume that customers will accept a degree of compromise with regard to a product’s level of security if that compromise means improved speed and convenience. And, in fact, that’s probably generally true, unless a customer is unfortunate enough to suffer a security breach that appears to be due to that compromise. Fortunately for OS vendors, their customers are generally more forgiving than those of the anti-virus industry. Perhaps because it’s easier and cheaper – for a home user, at any rate – to switch AV than to switch OS or even platform.


What’s Hot on Infosecurity Magazine?