In part one of my comparison of Windows Vista Beta 1 and Mac OS X 10.4 "Tiger," I looked at three key aspects of each system: Look and feel, desktop search, and data visualization and organization. For the most part, OS X came out well ahead of Windows Vista, as you'd expect, since it's a polished finished product. Vista, meanwhile, is all knees and elbows, an awkward teenager on its way to maturity. Microsoft will iron out the details, I'm sure, but the end result will likely not change much. Specifically, OS X will always be elegant, and Windows will almost certainly lag behind in the fit and finish department. The only questions are how much Vista will improve when compared to previous Windows versions, and whether it will be enough to keep customers from moving to OS X.
In this second part of the comparison, we'll look a little deeper, and examine security, networking, and power management. Whereas the features in the first part of the comparison where largely related to user interface issues, this time we're dealing more with the nitty-gritty of safety, connectivity, and productivity. Let's jump right in.
Microsoft claims that Windows XP and, by extension, Windows Vista, were architected for security, thanks to their NT roots. That claim is, however, bogus. Windows NT was designed in the pre-Internet days, and though the system's architecture is extensible, modern Windows versions are further hobbled by the inclusion of the buggy and insecure IE Web browser and other design mistakes. In short, Windows is a house of cards that seems increasingly incapable of handling today's demands.
Mac OS X, meanwhile, was truly designed for excellent security, thanks to its wonderful UNIX roots and clean architecture. And OS X, for whatever its worth, benefits from its relatively small market share, compared to Windows: Because the OS X user base is so small, few hackers ever bother to try and attack the system. Windows, meanwhile, is a minefield of constant hacks and attacks.
Therefore, OS X is, in many ways, more secure than Windows is today. But Microsoft has spent the last several years re-engineering its operating systems and applications to be more secure, and that ongoing work will ultimately result in a system that is quite secure and more easily securable than any of the competition. Put succinctly, Apple can't rest on its laurels. Though some of OS X's security prowess can be chalked up to design decisions, much of it is because it is simply based on others' work. If hackers do turn their attentions to OS X, it's unclear whether Apple can respond as quickly as can, say, Microsoft. The evidence thus far is pretty damning.
So how does the security of OS X Tiger really compare with that of Windows Vista Beta 1 and the subsequent Community Technical Previews (CTPs)? It's a tough call. The Vista beta adds some security features that OS X has had for years, and it does have a few niceties that OS X lacks. But it's hard to vote against OS X here. The Vista beta, after all, is still Windows. And though it's unlikely that pre-Beta 2 versions of Windows Vista will be targeted by a wide range of hackers, future releases most certainly will be. So in some ways, any discussion of security now is somewhat academic. We'll have to see how Windows Vista fares in the real world when it's released.
All that said, we can at least compare some of the more important security features from each release.
Windows Vista, like XP before it, offers a Welcome screen for logging on to user accounts, by default, in non-managed environments. Optionally, you can switch this to the old fashioned Logon window style of signing in, which is the standard for managed environments. This is the screen where you need to hit CTRL+ALT+DEL to enter your logon credentials.
It's hard to see where Microsoft is heading with the logon procedure in Vista. In XP, you can set up four user accounts during initial machine set up, all of which are administrative accounts without any passwords. In Vista Beta 1, however, you don't yet have the chance to create user accounts during setup, because this feature hasn't been implemented yet. So you have to logon initially with the Administrator account, for which you cannot specify a password during interactive setup. Lovely.
Tiger, meanwhile, is secure out of the box with regards to user accounts. That's because OS X supports a better native security model than does Windows. In OS X, the root account (which is the equivalent of the Administrator account on a Windows system) is disabled by default. And even those user accounts with administrator-level privileges are safer thanks to a graphical version of the UNIX "sudo" command, which provides an authentication dialog box any time you try to do something that could harm the system (Figure). You provide an admin-level user name and password (which in most cases will be identical to the account you used to logon to the system in the first place) and the authentication is granted for just that single act. For all other actions, the system reverts to your standard user-level access.
Not surprisingly, Microsoft is copying this system for use in Windows Vista. So Windows users will soon see the same kinds of authentication dialogs (Figure) in Windows as we see now in OS X. There are just a few problems with doing so this late in the Windows life cycle. First, Windows was never designed to accommodate this type of authentication process, so the entire system has to be retrofitted to work with user lowered permission levels and pop-up the dialogs when needed. Second, and perhaps most damagingly, the millions of available Windows applications out there today all assume that the user has total control of the system. So Vista will have to be kludged in an unprecedented way to accommodate backwards compatibility. The way it will do so is messy, and involves virtual folder structures that fool legacy applications into believing that they are accessing an older Windows version.
Comparing that system with the cleanly designed OS X is almost comical. If Microsoft can pull it off--and this is an uncertainty at this writing--Windows will finally pick up security functionality that the Mac has enjoyed for years. My educated guess is that Vista won't be as secure as OS X, however, because cobbled together systems are rarely as foolproof as those that were designed correctly from the start.
One area in which Apple has done a commendable job is parental controls, which let parents set up and manage user accounts for their children. In Tiger, you can turn on and configure parental controls for a variety of system components, including Mail, Finder & System, iChat, Safari, and Dictionary (Figure). For example, if you turn on parental controls for Mail, you can configure exactly which people (email addresses) your children can correspond with and optionally send you permission emails when the child attempts to contact someone else (Figure). If you configure the Finder & System parental controls, you'll see a wide variety of options including a Simple Finder, and a list of acceptable applications (Figure).
Windows XP has nothing like this, but Microsoft is jumping on board the parental controls bandwagon with Windows Vista. Now, when you create a new account, you can choose from Computer administrator and Limited user as before, but you can also choose to enforce parental controls and collect computer usage information about that user (Figure). Right now, there isn't a lot to configure, per se. Microsoft has built in a facility for controlling video game accessibility based on industry standard content ratings, but that's about it (Figure).
Because it's not yet clear how pervasive Vista's support of parental controls will be, I can't really compare it accurately to OS X yet. But give Apple credit for delivering on parental controls well ahead of Microsoft.
Both Windows Vista and OS X offer a way for users to encrypt data on the hard disk, preventing data theft in the event that a system is physically stolen, and the hard disk is removed and placed in another system. The encryption facilities in OS X are bare bones, while Windows Vista (like XP before it) offers a much more well-rounded solution.
In Windows Vista betas, you have a variety of encryption options. In the past, Windows supported the Encrypting File System (EFS), a feature of NTFS, which allows users to arbitrarily encrypt the contents of any folders on the disk. To do so, you must select a folder in Windows Explorer, right-click it, choose Properties from the pop-up menu, and then click the Advanced button in the Properties dialog that appears. Then, you click the choice labeled "Encrypt contents to secure data" (Figure). When you apply this change, Windows will ask you whether you want to apply that change to just the current folder, or to all of the subfolders and files it contains as well. Any files and folders you copy into that folder, or create within that folder, will be encrypted as well. And if you copy encrypted data out of that folder to another location on your hard drive or the network, it will be unencrypted.
EFS is a great solution, but Windows Vista goes it one better with full volume encryption, which is part of Microsoft's Secure Startup technology. Available in the Enterprise and Ultimate editions of Windows Vista (see my Windows Vista Product Editions showcase for more information), Secure Startup requires a Trusted Platform Module (TPM)-based chipset on the PC motherboard and protects the entire hard disk. As you might expect, the feature is aimed largely at enterprises whose employees work on critical corporate data.
On the OS X side, Apple offers a feature called File Vault that secures your entire home directory with encryption (Figure). The theory here is the same: If the computer gets stolen, thieves can't access your private data. However, File Vault isn't exactly granular. It's either on or off, and you can't specify which folders to protect; it just protects the entire home folder. The reason this can be a problem is that encrypted files need to be decrypted on the fly, which can be a time consuming process. Microsoft's EFS, though somewhat hidden in the Windows UI, offers more options.
Firewall and system services
While both Windows Vista and OS X Tiger include personal firewalls, only the firewall in Windows is turned on by default. This is somewhat curious, given the high profile problems Windows XP users faced before Microsoft turned on its firewall with the release of XP Service Pack 2 (SP2) in 2004. The OS X Tiger firewall is easily enabled, but you have to find it first, and it's not clear at first glance where you'll find it in System Preferences. It turns out it's hiding in Sharing, and not the more obvious Security or Network options.
In any event, Apple does a good job of disabling unnecessary or potentially dangerous system services when an OS X system starts up. All network services, for example, are disabled by default. Too, Apple uses a Keychain feature to protect different credentials in a single, encrypted location. The system Microsoft uses for storing credentials is bizarre because it's dependent in part on which edition of Windows you are using (XP Home and the other editions handle this differently) and whether you're using Active Directory. Looking forward, it's clear that users will need to store more, not fewer, passwords and other credentials. A system like Keychain would be a huge boon for Windows users, but I don't see anything like that happening (at least not yet) in the Vista betas.
Anti-malware, or stuff Windows needs that OS X does not
Part of me wants to laud Microsoft for adding anti-malware, antivirus, and antispyware features to Windows Vista. I've always argued that this sort of technology, unlike say, Windows Movie Maker, should be included in the base OS. But you have to kind of wonder why Windows users need so much help. Why is it that Windows Vista has to have all these facilities, plus Internet Explorer 7's Protected Mode, the new user security system, and all the other neat security features that Microsoft is adding? Is Microsoft really charging users for better security?
Yeah, actually, they are. But before anyone gets all excited about that fact, remember that security companies like Symantec and McAfee have been making millions of dollars off Windows users for decades. It was only a matter of time before Microsoft added this functionality to the OS. Those companies knew this day was coming.
That OS X needs none of the security refinements that Microsoft has been forced to add to Windows Vista is somewhat telling. As I noted earlier, OS X is more secure than Windows for two basic reasons: It has an excellent and proven security model, and because it's less-used than Windows, it's a much smaller attack target. But the fact remains that no one has ever written a successful virus for OS X. I wish the same could be true of Windows Vista. But it won't be, now will it?
It would be irresponsible of Microsoft to not add extensive new security features to Windows Vista. I just think it's a shame that the system needs these features in the first place.
Both Microsoft and Apple provide regular security updates via an automated or semi-automated OS-level service. Curiously, Microsoft has a much better record than Apple in this category, and has actually pioneered OS self-updating with Windows Update, Automatic Update, Software Update Services (SUS), and, most recently, with Microsoft Update. In the Windows space, Windows Update and Microsoft Update are essentially the manual software updating tools, providing users with access to critical security updates as well as less critical updates such as new versions of Windows Media Player. Automatic Updates (AU), of course, is the service that will automatically download and (optionally) install critical security updates as they become available. Windows Update and Microsoft Update are actually ActiveX-based Web sites, which is most bizarre. This type of critical service should be native to the system, and not be based on exploitable Web code, in my opinion. That said, I'm unaware of any successful Windows Update spoofing attacks.
On the OS X side, all of this work is handled through the Software Update application. While you can check Software Update for new updates manually, you can also configure it to check for updates on a regular basis (say, daily) and download important updates in the background while your working, just like AU. However, Software Update cannot be configured to automatically install security updates, which I find somewhat confusing.
Configured correctly, Software Update will alert you when new updates are ready to be installed, whether they are security updates or minor changes to iTunes.
Final security thoughts
In short, Mac OS X is more secure than Windows today, and will likely remain so even after Windows Vista is released. That said, Microsoft is making some valuable and concrete changes to Windows Vista with regards to security, and while it remains to be seen how this system will fare in the real world, I have little doubt that Vista will be far more secure than its predecessors.
Both OS X and Windows include powerful networking features that make the systems equally valuable for home and corporate networks. And both Apple and Microsoft offer competing technologies that seek to make it easier to discover and access devices that are connected to a network. For example, Microsoft has pushed an ill-fated technology called Universal Plug-n-Play (UPnP), which we won't get into, a newer device connectivity technology called Windows Media Connect, while Apple has touted a similar technology called Bonjour (previously called Rendezvous). I'm not so much concerned here about the low-level networking features that both OSes offer--I think we can all agree that both Windows and OS X support TCP/IP reasonably well, for example. No, I'm more concerned with home each system exposes networking functionality to the user.
Let's take an obvious example. I have a wireless network at home and I'd like to get both a Windows Vista-based notebook and an Apple PowerBook connected to it. Which is "easier" will depend largely on your definition of ease-of-use. Windows Vista, like it's predecessor, is notification-heavy, providing you with constant updates on the state of the wireless network, which often makes me think that it's going on and offline all the time. Meanwhile, OS X is quiet about wireless networking. If the system spies a network to which it can connect, it will do so, and quietly. The only indication you'll get that anything happened is that the wireless networking menu item will change to indicate the connection.
As with everything Windows, the wireless networking tray icon in Windows Vista is a front-end to a wide range of functionality. If you click it or double-click it, you'll get the Status dialog box for that connection (Figure). From here, you can also link to the Wireless Network Connection applet that debuted in XP SP2 (Figure). If you right-click on it, you can access various options (enable, disable, repair, status), launch the Wireless Network Connection applet, change Windows Firewall settings, or open Network Connections, through which you manage all of the wired and wireless connections on your system (Figure). Whew.
OS X, by comparison, is much simpler. If you click the wireless networking menu item, you'll get a drop-down menu to enable and disable the wireless networking adapter (called Airport), choose which wireless network to which to connect, create a new wireless network, and so on (Figure). Simple. Plus, there's one thing OS X can do easily that Windows can't at all, or at least not easily: Share a wired Internet connection via wireless. Why that's so difficult on Windows, I'll never understand.
Mac OS X can also easily access network shares on Windows PCs and servers, though I don't quite get why the system can't supply simple shortcuts to the actual shares. Instead, you can navigate Windows networks and machines directly from the Finder. But when you want to access individual shares, you do so from a weird Connect dialog. It would be handy if this were more integrated into the system, as is the handy Network special shell folder in Windows Vista (called My Network Places in XP), which lists all of your locally available shares by default.
The fact that OS X can access Windows shares at all is, of course, excellent. So I'm nitpicking here. Overall, I'd say that both Vista and OS X offer excellent networking capabilities, as you would expect of any modern OS.
In Windows Vista, Microsoft is attempting to get the best of both worlds. In addition to all of the power management features it offered in previous Windows versions, Microsoft is adding two key features to Vista that will make it particularly appealing to road warriors. First, Vista will include an instant-on function that will return Sleeping system to a usable state in about 2 seconds, or roughly on par with Mac OS X systems. Second, Microsoft is bundling a new Mobility Center control panel (Figure) in Vista that seeks to combine all of the functionality PC makers had been providing in those bizarre third-party mobility management applications. In its current form, Mobility Center is rough-edged, but we'll see how it develops over time.
Microsoft has also changed the way a mobile PC notifies users of power management functionality in Vista. The new Power Management notification icon in the system tray, confusingly, provides access to four different interfaces (seriously). If you mouse-over it, you'll see a pop-up window describing power consumption (Figure). If you single click it, a different pop-up will appear, letting you select a power plan (Figure). If you double-click it, the confusing new Power Options dialog appears (Figure). And if you right-click it, you'll get a contextual menu providing access to options confusingly named Power Options and Properties. Sigh.
Power management in OS X is much more straightforward. Mac portable systems typically display a battery status meter in the menu bar, which provides you with the amount of charge left or, when plugged in, the amount of time left until the system is fully charged (Figure). Power management options are configured in the Energy Saver preferences panel, which lets you choose between plain English modes like Better Performance and Better Energy Savings, or fine-tune power management for both battery-based and plugged-in systems (Figure).
Overall, I find Mac OS X to be easier to use with regards to power management, and I give Apple the nod for its instant-on/instant-off functionality. That said, I use Hibernation exclusively on my PC laptops and love it. If Microsoft can pull off instant-on in Windows Vista, then that system will be at least as functional as OS X, if not as good looking.
More to come
So what have we learned here? Once again, the maturity and refinement in OS X has won out over the still-in-development Windows Vista. This shouldn't surprise anyone really, and of course Vista can only improve over time. At some point, however, features will be frozen and we'll know where the two systems stand. At that point, it might be fun to update this comparison. But we're not done yet, of course: In part 3, I'll examine the different printing architectures employed by each OS, the unique features found only in Windows Vista, and the unique OS X Tiger features that Windows lacks. And then we can declare a winner, of sorts, at least until we have a more feature-complete version of Windows Vista to evaluate.