After purchasing a new Windows computer, it's vital to run Windows Update to download the numerous "critcal fixes" that if unpatched "could allow an attacker to remotely compromise your Windows-based system and gain control over it". Now that's a scary quote from Microsoft. The Microsoft security bulletins clearly state that an attacker can gain control over an upatched installation of thier operating system as a result of a vulnerability! In fact, it's highly likely that an unpatched Windows system will be exploited within minutes once it's connected to the Internet.

Attacks by viruses, worms, spyware and browser hijackers can be reduced but you have to put in time and effort on an almost daily basis to secure a Windows based system. For one, you have to install anti-virus software and a better firewall than the one that ships with Windows. Installing anti-virus software isn't enough, it's critically important that a Windows user maintains the virus definitions to keep the program up-to-date. Windows users should also install a Spyware and Malware cleaner to purge the system of malicious programs that have found their their way onto hard drive.

Prior to Microsoft's Monthly Update (Microsoft's monthly patch release schedule for vulnerabilities) it wasn't uncommon to find a new patch every few days or weeks. I've been on a Mac since September 2004 and can say that the number of patches released by Apple is dwarfed by the number of patches Microsoft has released for XP. My observation is that Microsoft releases a patch after a vulnerability has been identified whereas Apple releases a patch well in advance of the public learning of the vulnerability.

I have a background in the UNIX side of Enterprise Hosting. I've seen numerous examples where sites must go down in order to apply a patch to a Windows server and often, that can cause problems to an application and/or site. Futhermore, when a problem is faced a common workaround is to reboot the Windows server which in turn, causes the site(s) running on that server to go down. This is very serious, especially when a business relies on the uptime of their site. Another observation is to delay the installation of a patch.  Many customers decide to hold off on a patch until they can test the patch in a staging or test environment. The delay in patching a production environment exposes the server, site, and customers to the vulnerability.

The point I'd like to make is that Windows based systems require that you devote a significant amount of time and effort to keep them secure and operational. With Macs and OS X, you spend your time working which in turn leads to productivity. This is the case with UNIX based systems. Less time is spent securing and protecting the Operating System and server, your time is focused on the issues that matter most work, productivity, and uptime.

On a side note, I'd like to comment about the recent story in the press that a Mac Mini running OS X 10.4.5 was hacked.  The media was quick to pounce on the story as it would have been the first evidence that OS X is inherintly flawed.  The hack claims were misleading as critical information was left out when it was reported.  The story was first reported by ZDNet Australia.  ZDNet failed to mention one minor detail, anyone who wished was given a local account on the machine. This wasn't a genuine hack but rather, local users supposedly succeeded at gaining super user privileges.  What I'd like to note is that the story doesn’t offer a single source or evidence backing up the hacker's claim.  For a more technical description, please read the following article from Ars Technica