“So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being ‘owned’ by basic actions such as visiting a malicious website, watching a video file or opening an email attachment. However, despite all these vulnerabilities, the Mac’s resilient platform, its advanced automatic software update tools and the apparent lack of attention from malware authors means Apple users are far safer from attack than users of Windows.” On a related note, Apple has released updates to iTunes and QuickTime. The QuickTime update eliminates the need to buy QuickTime Pro in order to play videos full screen.
Is statistically safer than Windows due to market share, thats what the Windows people keep telling us why other OS’s are safer anyway.
Of course it is, as it is safer to use Opera under Windows than it is to use IE…
Just a question not to be in a group big enough to get too much hacker’s attention.
After that, of course some kind of intelligent usage is required, whatever platform you’re on.
Yes, but with somewhere between 15 and 20 million users, you’d think there’d be at least a little more interest than (there appears to) has/have been thus far.
All has to be made in relations. 15-20 millions seems enormous to you and me, but imagine:
– On MacOSX, to get this 15-20-25 millions users requires an huge effort (find the hole, use the hole in an efficient way, code something that has enough sexappeal to get a percentage > 1 of these 15-20-25 millions – as people tend to be more educated about computer usage on this platform)
– On Windows (and more if + IE), to get 15-20 millions users attention requires near no effort. A mail about viagra, cheap money, or something like that, if this mail contains a “correctly” written code (read a code correctly copied from hackyourneighbour.com), then you have your victims… and they are probably more than 15 or 20 millions.
I like to use software that gets plenty of hacker attention. Linux, for example, is hacked on by hundreds of hackers. Firefox also get plenty of hacker attention, although if it wasn’t so overlycomplex it would be much eaiser to get started hacking on it.
More hacker eyes means less bugs and more secure software.
Somewhere in cyberspace:
Windows: If only I weren’t in the crosshairs of so many blackhats!
Informed Users: Butcha ARE, Blanche. Ya are!
—
So many arguments about Windows security are conducted in a sort of ivory tower, sequestered from the real world.
People shouldn’t care *why* Windows is the major target. They should simply care that it *is*.
Why shouldn’t people care? The fact that it is should be acknowledged. The reasons why should definitely be cared about.
“””
Why shouldn’t people care?
“””
Let’s say that you and I both purchased bullet-proof kevlar vests. Both have the same safety rating. You are wearing yours in a war zone with bullets flying all around. One just grazed your head. Whereas I am wearing mine in my home, watching an old episode of Star Trek. Where would you rather be?
Furthermore, the conflict at your locale is over a disagreement between two factions who disagree upon the interpretation of a certain passage of a holy religious doctrine specifying the proper day for the holding of a sacred celebration.
Do you really care about that, though?
Seems to me that the relevant bit is the fact that it is a war zone, regardless of how it got to be that way.
Edited 2007-07-12 02:50
That has to rate as one of the most misaligned analogies I’ve ever seen.
But for the record, a lot of people would prefer to figure out why the war started and what to do to stop it.
Edited 2007-07-12 02:54
“Is statistically safer than Windows due to market share, thats what the Windows people keep telling us why other OS’s are safer anyway.”
yea…. but that is just a statistical delusion! of course, it sounds accurate and credible…right? but, you see, all OSs are NOT created equal, and it does not take in to consideration that windows is SWISS FK’N CHEESE!
the world is STILL waiting for all those viruses and mal ware to start plaguing OSX (and linux for that matter) like it has windows….
and as OSX market share is steadly climbing…. we are…. still waiting…
still waiting….
still waiting….
Smart maneuver.
I wonder if they do plan on expanding QuickTime into other embedded markets.
100 vulnerabilities doesn’t mean 100 viruses or even 100 exploits.
And to be fair, opening an email attachment is quite a bit different then just viewing an email ( http://www.symantec.com/security_response/writeup.jsp?docid=2004-03… ).
Yeah, that 1 iChat virus ( http://en.wikipedia.org/wiki/Virus_statistics ) (which to me sounds like a Trojan, despite Sophos’ denial), is really destroying the Mac community.
Oh! I think he’s talking about the Macs booted into a Windows partition!
For at least the past 3 years, I’ve read these “Macs are just as insecure as Windows!” stories, and for the past 3 years they have been BS. Just like 3 years ago, Macs have about as much chance of getting infected as Linux does: not much.
The majority, if not all, of the supposed exploits I’ve read about involve some kind social engineering. Once you allow social engineering to be viewed as a vulnerability, all bets are off, any system is just as vulnerable as anything else (with the exception of systems where you do not have root access, at all).
Do these articles get a lot of page views (aka ad revenue)? Is that why they keep getting posted? Obviously they must, they suckered me into posting a comment.
“For at least the past 3 years, I’ve read these “Macs are just as insecure as Windows!” stories, and for the past 3 years they have been BS. Just like 3 years ago, Macs have about as much chance of getting infected as Linux does: not much.”
Which if you had read the article, you’d see that it backs up exactly what you just said.
Which if you had read the article, you’d see that it backs up exactly what you just said.
Sadly, this happens every time people see “Windows” and “OS X” or “Linux” in the same heading. They totally ignore the article, and start a flamewar.
As long, as Macs have less than 5% worldwide marketshare, they are obviously safer. Thus, I will only consider security from an objective point of view, regardless of actually used exploits. While there were a number of vulnerabilities, most of them were less serious than those for Windows. It’s a lot like the Month of Apple Bugs, which didn’t turn up any gaping holes. Instead they were mostly small vulnerabilities. In fact, they even resorted to finding vulnerabilities in programs not part of OS X by the end.
Of course, it is not impossible for OS X to be less secure than Windows. However, I really doubt that given the current evidence. Moreover, I think it is easier to fix. UNIX was designed for security and so, even if there are some holes you can rely on the fundamental architecture. On Windows (95, 98, ME anyway), no matter how much you try and fix it, the architecture is not well-suited to security and has poor long-term prospects. Microsoft actually admitted this. Then, they focused on NT technology, which is clearly better, but still not at the same level as a good UNIX. (definitely not to the level of OpenBSD and Solaris)
5% of the market, 0% of the viruses, good deal IMHO.
mh I can’t agree that the security is depending on the marketshare. Imagine 95% of all computer users would use OpenBSD – I think we wouldn’t have that big problems with security as we have with Windows. Okay, maybe a few, but not in that dimension.
And there is also a very important faktor: the user. When you have a damned stupid user, no system is secure anymore. (And I think Mac OS X does a good job preveting the user doing the wrong thing)
“””
I can’t agree that the security is depending on the marketshare. Imagine 95% of all computer users would use OpenBSD – I think we wouldn’t have that big problems with security as we have with Windows.
“””
Indeed. The objective of bringing up the “If Operating System Y had as many users as Windows, then…” diversion is usually to muddy the waters.
Its not a diversion; its only a diversion if they say that *ALL* of the security problems on Windows are solely related to marketshare. If only it were that simple.
Security holes must have exploits to make them an issue; MacOS X along with other Apple products have a tonne of security holes, but given there are no exploits, they’re not elevated to the same heights of, for example, IE which is loaded onto every desktop.
With that being said, Microsoft *could* have locked Windows alot more than they have – could have put a line in the sand and said “we’re going to secure the operating system; its up to you software and hardware vendors to get off your ass and make sure that your software is tested to work with our new security policies”.
Basic things like enforced user accounts rather than what we see now which is merely a spiffy dialogue rather than demanding the end user put in a password. To disallow vendors from putting their files into any system areas – why do software vendors see the need to push their crap into the Windows directory? why not just plonk them into the same directory as with the rest of the application?
Small stupid things developers do making things worse on Windows that they need to be.
“””
its only a diversion if they say that *ALL* of the security problems on Windows are solely related to marketshare.
“””
I would disagree with this. Simply thowing the “If only ‘Q’ had as many users” argument into a thread is often enough to divert the whole thread into a discussion of that, mostly irrelevant, red herring.
It’s an effective technique and it is used frequently.
Besides, attributing *ALL* of the security issues to marketshare would be overkill. Usually what is implied is that Operating System ‘Q’ would be “just as bad”.
I pretty much agree with the rest of your post though. 🙂
“why do software vendors see the need to push their crap into the Windows directory? why not just plonk them into the same directory as with the rest of the application?”
Technically that would still be incorrect if applications used the application directory; recommended practice now is to use the Isolated Storage API’s which stores user files related to the app in their My Documents directory, and is also much more secure.
That’s assuming I read your post correctly.
He is probably referring to DLLs and stuff. However, I don’t think that’s the main problem now. Since Windows2000, Microsoft changed default path so now DLLs in private (app) folder will be searched for before going to System(32). That was an attempt to mitigate DLL hell. I don’t think there are many applications overwriting system files now as installers have been accordingly changed.
The problem with Windows (before Vista) is a set of technologies have been designed before Internet boom and they proved not suitable to be secure enough in that context. It has taken time to fix bugs for such technologies and to design a better technology.
Now now….let’s not start rewriting history. Windows NT was close to a ‘from scratch’ new product in its day. Security was a very high priority from day 1 so that MS could secure large government contracts which required a specific security rating to be eligible. Successive versions (4.0, 2K, XP and to an extent Vista) attempted to plug the holes as they appeared, but the ‘backwards compatible’ requirement just kept opening the floodgates.
Personally, I think MS should have done with Vista what Apple did with OSX. A completely new OS with no regard for backward compatiblity would have solved so many issues facing MS right now…and given it was what, 6 years between XP and Vista…they might have even gotten it released within the same time frame. Maybe next time around huh?
Well, where ever it is, as long as it isn’t in the Windows directory, I would be a happy chap.
If they did that, then we wouldn’t be in the mess where critical system files are over written with third party dll’s and the likes.
Maybe it has more to do with the types of users than anything else. Many Mac users surprisingly do not mind paying for the software they use. Also perhaps most Mac users aren’t visiting malicious sites or blindly clicking away on the web looking for porn. What I think it comes down to is that just maybe Mac users are too busy using their computers for work or other clean activities as opposed to downloading so many tweaks and fixes for this and that or other idle crap that I used to find myself doing when I used windoze .. Just an opinion ..
p.s. As far as attachments go .. common sense ..
Also perhaps most Mac users aren’t visiting malicious sites or blindly clicking away on the web looking for porn.
Isn’t that what “Private Browsing” in Safari is for?
Seriously though I doubt Mac users are so different from Windows users on average. Mac users seem to have a very vocal segment who I imagine wearing berets and such, but there are a lot of schoolkids and geeks and teachers and regular people using them.
Windows would gain a measure of security if people didn’t run as root (how’s Vista doing?). With OSX you don’t. That may be one difference with Mac users: they are used to that idea (though maybe not able to explain it).
Then again, regular users can install programs locally, which I would think leaves the door open for some mischief. Still, it doesn’t happen. Like someone above said, whatever the reason the result is the same.
The Windows version only supports Windows XP or later…
I wasn’t expecting it to run on WINE, but I thought it would at least work with Win2k.
“Billions!” is what I yell every time I have an issue with an MS app such as Office or Windows. I get strange looks but when I explain my frustration with the fact that tens, if not hundreds, of billions of dollars were spent on MS software and the fact that it is not the most perfect software money can buy. It just drive me nuts!
what system u run doesnt matter. it could me a mac, linux box, windows, beos, etc… the weakest link in any OS mainstream or hobby (with the exception of pre 1.0 work) is the user. let me clarify, a “User” is your average person who jsut cant wait to open there email from a random person entitled “an amazing story of courage” or some crap like that. open the “picture” in it (.exe , .dgm) and wonder why they not have a message saying they won free air line tickets to the center of the earth.
any OS u make the API avalible to anyone and i mean anyone is goan be an os that has the capability of being “corrupted”
what should happen is more emphasis on making smarter users.
You cannot compare a proper base (aka Linux/BSD), with a less proper base as Windows/MacOS. Any “desktop-based” operating system will fail in terms of security because the ease of use is the first step to less security.
>what should happen is more emphasis on making smarter users.
Almost impossible at desktop-based operating systems. “You don’t need to keep care, because it’s easy to use”. Just buying the UNIX license (Apple MacOS) isn’t a guarantee for a proper UNIX.
Is the corollary to that then… Any secure ‘server-based’ operating system will fail in terms of ease of use becuse security is the first step to less ease of use?
Best let the Gnome/KDE/XFCE folks know they’re on a looser! 😉
“what system u run doesnt matter. it could me a mac, linux box, windows, beos, etc… the weakest link in any OS mainstream or hobby (with the exception of pre 1.0 work) is the user.”
This is correct and is confirmed day by day. And nothing new since computers are available for everyone. In computer history, using computers required a minimum education. Today, nothing than a workling right (or left) arm is needed to clickityclick.
Furthermore, the term “user” today includes tasks of system administration. On centralized UNIX or OS/370 facilities (just as examples), there was a difference between user and administrator. The user could – by no means – affect the system in any way; the worst case would be the loss of his today’s work (yesterday’s work is available from backup). Today, every user is a system administrator, too, even if he does not think so. And people wonder why more than 90% of today’s mail exchange amount is spam… 🙂
“let me clarify, a “User” is your average person who jsut cant wait to open there email from a random person entitled “an amazing story of courage” or some crap like that. open the “picture” in it (.exe , .dgm) and wonder why they not have a message saying they won free air line tickets to the center of the earth.”
As long as the OS and the application give criminals the opportunity to bother people with such stupid things, and users (as defined above) have the belief they need to do certain things (install software they don’t know, open and run attachments etc.), there will be enormous problems. Some OSes handle them well, some other don’t.
“any OS u make the API avalible to anyone and i mean anyone is goan be an os that has the capability of being “corrupted””
The APIs of some UNIX and all Linux OSes are available to everyone. Why don’t they have so much problems as the OSes that don’t have so much code available for everyone? Of course, usage share (I don’t like to talk about the oh joy oh market share here) has a big influence. It’s just a question of how compilcated the OS makes it, as an example, to fake system messages or to change system settings or components.
“what should happen is more emphasis on making smarter users.”
You must be kidding. Of course I agree, it should happen, but in fact, it won’t happen under any circumstances.
I may explain: First, the common definition of “smart” among users is: “If I find someone to fix my problems for free, I’m smart.”; among consumers: “If I buy this product, I’m smart.”; among sellers: “If you buy out product, you’re smart, because we are a smart company that sells smart products to smart customers.” The more advanced (read: containing eye candy) OSes and applications get, the smarter they are by theirselves. So the user does not need to care anyway, because the software does it for him. Remember a common setting? If the PC requests your PIN, you will enter it, because the PC will know what’s right. So why care? Why learn something? Learning is dull. Delegating is smart. Clicking is fun. 🙂
An example: In “Windows” land, most users don’t care because they cannot tell. “I have no virus!” is a usual statement while the PC upstairs is running network scanners, illegal file sharing platforms and spam spreaders. And warning messages generated by the OS or by monitoring programs are annoying and get clicked away. And then they wonder why they get problems with the authorities of law and order… just happend to someone I know (see: Abmahnung, Beschlagnahme, Strafbefehl). And: No, users won’t get smarter by punishment. They will still blaim the OS.
Users won’t get smarter anyway, sorry.
Actually, Windows seems pretty secure these days too. I think it’s been several years since there’s really been a virus that could infect a system without user interaction.
Granted, millions of PC’s are infected with viruses because people run .exe’s attached to email or because the flashing banner ad told them to, but it’s hard to blame that on any OS (or email program or web browser). There is only so much an OS can do when the user is actively telling it to run a virus.
Actually, recent Windows viruses are spread by sharing folder/files over the LAN with permission setting
Read/Modify – Everyone
Viruses look for such folder/files in the LAN and spread itself.
“There is only so much an OS can do when the user is actively telling it to run a virus.”
The solution for that problem is simple: Run Windows with a limited user account. Of course that creates other problems some of the time.
“The solution for that problem is simple: Run Windows with a limited user account.”
Malware does not need escalated privileges to work though.
The solution for that problem is simple: Run Windows with a limited user account. Of course that creates other problems some of the time.
Indeed. Even without the constant nagging of “confirm or deny” in Vista, have you ever tried looking at the calendar that pops up when you double-click the time in the taskbar on Windows? On a limited account it says “you do not have permission to change the system date and time”, or words to that effect.
Actually, you can give a limited user the rights to change such things, as well as configure network connections and other Administrative, but somewhat safe tasks. You just set some Global Policies. I haven’t ran as a normal user for close to 7 years, and the only thing that really fails anymore on XP SP2 is a lot of games, which I can log into a different account.
Fair enough, but that probably takes a lot more knowledge than (say) the average volunteer organisation has to hand. And if Linux did constitute a substantial market for commercial games, I think it’s very unlikely that, all else being equal, you would have to run games as root, rather than having them built “properly” (i.e. according to UNIX design principles, with unprivileged user accounts running non-administrative applications only).
“I think it’s very unlikely that, all else being equal, you would have to run games as root, rather than having them built “properly” (i.e. according to UNIX design principles, with unprivileged user accounts running non-administrative applications only).”
I agree, but the problem really doesn’t lie with MS at this point. NT based Windows have had proper user accounts since it was NT 3.1 was released, but the 3rd party developers are the ones that keep it from working correctly, by not following Windows design principles. With NT, you could logout and login as an admin user to manage the system, with win2k and above, you had the runas command, and with XP and above, you have Fast user switching. You don’t have to use most of my work-arounds to run as a normal user, it just makes it easier.
“The Cupertino-based company said QuickTime 7.2 includes a new version of QuickTime Player that unlocks support for viewing videos in full-screen — a feature which was previously available only through a $30 QuickTime Pro license.”
Is that supposed to be some kind of a free value update from Apple? Are we to be impressed with this? What kind of extortionist makes you pay $30 for full screen capabilities?? There are numerous other media formats & players out there and it’s shenanigans just like this that make FOSS so appealing. The Mac camp must just be thrilled…..well…..with the exception of those that already paid the $30.
Those 30 bucks will enable you to view videos fullscreen, but that’s only one tiny little function that gets unlocked, you can also edit QuickTime files, exchange, delete tracks in QuickTime do all kinds of editing and convert into any thinkable format.
By the way with a 3 line or so AppleScript you’ve been able to use QuickTime player in fullscreen mode all the time.
Actually you get advanced export and conversion functions, recording and a number of other extras for the pro version. But you wouldn’t know that because you neither use a Mac or have Quicktime Pro and would just like to rag on the fullscreen thing, which is a bit late because that was fixed just today.
‘the weakest link …. is the user.’.
This is why a user with half a brain should avoid Windows in the first place. I suppose Apple should be very happy with their 22+ million ‘intelligent’ OSX users!
6 and half years without any successful exploit. Apple must be doing something very right.. Now the statistics for MS.., make your choice.
Edited 2007-07-12 05:07
Isn’t because it has less market share, it’s because it is inharently different than windows.
In windows you are an admin by default, in windows a exe can effect system files easily, in windows an email attachment can open automaticly.
Now, in Vista you are a fake admin by default, with an annoying popup when pretty much anything is done, which has trained people to hit an “ok” box. Also, I believe now email attachments don’t open up automaticly anymore, but I may be incorrect.
In OSX, Applications very rarely effect the whole system. Nothing downloads automaticly, and to effect the system, you would have to run it as an administrator, and you would have to drag the application to a system directory.
So in OSX, to get a virus, you would have to download the virus yourself, put the virus in the systems application folder, and then run it.
OSX isn’t more secure because it’s less popular, it’s more secure because the fundamentals of the operating system are different.
Now, in Vista you are a fake admin by default, with an annoying popup when pretty much anything is done, which has trained people to hit an “ok” box.
These same users would do the same thing on a Mac, so it is somewhat of an issue of popularity and user base. Developers can just as easily write spyware and other malware for Mac OS X–as soon as a user gives a Mac program administrator privileges, AFAIK, it could do anything a Windows program could. If it would be more difficult for a program to get admin privileges or wreak havoc, I’d like specific details because I’m obviously ignorant on the topic.
UAC is not as intrusive as you make it out to be. It’s certainly not a lot more intrusive than OS X’s administrator privilage request dialog, except when you are installing software.
In OSX, Applications very rarely effect the whole system.
The same can be said about Vista; Vista is leaps and bounds more secure than previous versions, and I feel you aren’t giving credit where credit is due. While I wouldn’t believe those hogwash “statistics” that Microsoft researcher released claiming Vista was significantly more secure than everything else, it’s not like Apple doesn’t make grandiose and inaccurate claims about its own products, especially when it comes to “x times faster”.
Edited 2007-07-12 23:10
Stop waiting, it will never happen..
It is clear to me that Apple computers were safer in general than Windows in the past. When they used Power CPUs, it’s architecture almost eliminated all stack overflow errors. Now, when they use Intel situation is different, and NX bit won’t help when buffer overflow means crash of whole application, and it often does.
Everybody likes to spend their time talking about statistics so lets just do some basic calculus. The following are mostly assumptions and not facts but it gives an idea why I wouldn’t do ad/spyware for mac.
Lets assume that
1. The amount of money it takes to find a new remote vulnerability in Windows and Mac is the same.
2. The amount of income per affected use is same on both platforms.
And lets take into account the following facts
3. Mac has a market share of 5 %.
4. Windows is at 80%
So my spyware will make me 80/5 = 16 times more money on Windows than on Mac. With these assumptions I wouldn’t spend my time finding vulnerabilities on Mac.
And tell me, how will your spyware work on osx? Without activeX, 98% of all spyware is eliminated, and without autorunning of ANY applications, three goes your other 2%. You can assume that it would cost the same on both os’s to find the vulnerabilites, but the fact is, they don’t. It is far FAR easier to find flaws in windows than it is osx, mainly because of major problems in the OS itself, (windows that is.)
So your profits for developing on windows don’t go up 16x, they go up 100%. Why? Because the fundamentals of the operating system are different than windows.
Your point doesn’t work at all in real life.
Edited 2007-07-12 22:06
I can’t see your point. Windows has a lot more known bugs because it has 16 times as much users and that likely 16 times as much people trying to find bugs. (Don’t get me wrong here. I’m not suggesting that all users try to find bugs but that the amount of security researches is directly related to users.) And month of Apple bugs pretty much proved that it is very possible to find tons of exploits in OsX software quickly.
And what about spyware. When your OsX gots owned there is no limit what a cracker could do. See http://lists.immunitysec.com/pipermail/dailydave/2007-May/004360.ht… . Smells like getting root privileges remotely and that’s all you need to get spyware working as spyware has nothing to do with ActiveX. ActiveX just has had so many exploits that it has become synonyme to spyware.
Ps. That exploit has already been patched so you can now go back to your own little wonder land think you’re safe just because you use OsX. And remember, even OpenBSD has had remote exploits in their default installation which pretty much includes nothing.
Edited 2007-07-13 08:17
And by owned you mean the possibility of a carefully crafted packet that if used “could” gain control of your system?
But of course, there was NO users effected by this, and it was patched very VERY quickly.
How about on the windows side of things? How many unpatched vulnerabilities are there? How many of these vulnerabilities have actually effected users?
But there are 16x more people! So what? If it’s easy to do, people will do it, the thing is, Apple patched it right away, instead of waiting for the third Tuesday of the month.
Microsoft needs to get it’s act together, so I reiterate, the reason windows gets owned is not because of 16x more users, but because the foundation of what the operating system is built upon is garbage, and the patching system is also garbage.
When a vulnerability is found, it should be patched, and released to the public ASAP, no exceptions!
But windows has 16x more users! Yeah right.
You’d think that with all the people saying how the Mac is safer ONLY because it has less market share, there would be some smart cracker somewhere who could come up with SOMETHING that would make all those “whiny Mac users” shut up, right? Yet you just don’t see it. Why is that?
I guess we’ll have to wait until Mac has more market share to see if that party line is correct…
It is more important to consider how fast security grow in each OS than just to talk about how it is at a single point of time.
And watching Windows on one hand and Unix descendants on the other hand(OSX/Solaris/AIX/..) I can see that the second hand won!
Windows was struggling with viruses worms and the likes since 1995 and till now their strategy is to stop more and more of these attacks; while the Unix descendants are focusing on rewriting the OS segments when they have any security vulnerability or other problems they don’t like.
Let’s take linux as an example: the kernel has been rewritten many times at many segments and it has been growing and growing and more drivers support added and added while windows was dormant on that until the next version is introduced and not many changes has happened though (from w2k to wxp).
Also windows services are weaker than Unixes and they tend to crash a lot while unix services are so strong and reliable for 10 years and more. I get a printer spooler service crashes upon me on many systems windows windows XP/2003/vista and when restarting the service and back on (net start spooler) it wont start.
And don’t also forget how cheap the windows hardware is, which indirectly contribute to the bad reputation of windows at many levels including security. eg: IBM workstation with hard disk encryption, fingerprint reader, Trusted Platform module, security card reader, locks, NX CPU and ECC FBDIMM RAMs would be for sure more secure than a 500$ Dell Dimension desktop.
And there is a very important factor in security no one speaks about: The Router/Firewall Appliance.
If you buy a very good (>200$) Router with strong firewall on it you would experience a windows security very close from OSX or any other Unixes; I really felt that when I was using SonicWall firewall appliances.