Privacy and security in top operating systems

John C. | January 7, 2021

Operating systems serve as foundations for all your activities. They guide each process and maintain a balanced machine. However, they are not equally capable in terms of setup. OSs follow distinct philosophies, determining their security barriers, and overall usability. Since operating systems assist us daily, we want to have confidence that they will respect our privacy. Find out just how popular OSs contribute to a secure and private digital life.

Windows

Introduced in 1985, Microsoft Windows continues to dominate the operating system market. It occupies 77% of the market share in terms of desktop OSs. When it comes to overall statistics, it concedes only to Android.

Users choose Windows for their longevity, availability, and broad scope of compatible software. However, there is no such thing as safety in numbers. By smashing other competitors, Windows is in a perfect position to become hackers’ target.

Cracked and pirated software versions

  • Running an illegal version of Windows OS (or any other program) brings new issues to the table. The cracked operating system might not receive all essential security updates. Hence, this gives hackers opportunities to exploit unpatched flaws.
  • Attempting to save money on licenses can also mean that you download software or OS preloaded with malware. Cracked versions of Windows OS are popular baits when it comes to convincing people to download files. A fake torrent listing will offer a product you want, but it might install a malicious program.

Critical vulnerabilities roam the Windows OS

Patches are critical for maintaining a robust Windows operating system. Unpatched bugs mean that hackers can undermine crucial protections and take control of vulnerable devices.

  • In October of 2020, Google rang the alarm bell revealing a bug relevant to Windows 7 and Windows 10. Perpetrators actively exploited the flaw alongside a bug in Chrome. Essentially, attacks would bypass Chrome’s sandbox to infect operating systems with malware. Luckily, companies have patched both of these chained vulnerabilities.
  • In January of 2020, Microsoft released a patch for Windows 10 and Server 2016. The flaw, reported by the National Security Agency (NSA), disrupted a critical validation process. It affected the way OS would authenticate legitimate software. The vulnerability also greatly interfered with cryptographic procedures. As a result, attackers had the power to implement man-in-the-middle attacks, exposing encrypted communications.
  • The Microsoft October 2020 Patch Tuesday resolved a bundle of 87 vulnerabilities. One of the bugs, labeled as highly severe, gave attackers a chance to hijack OSs and take full control. Another notable flaw permitted hackers to spread a malicious version of Outlook software. If we take a look at the full list of patched vulnerabilities, it might seem endless. However, not all flaws are under active attack. Microsoft performs the exploitability assessment, deeming whether vulnerabilities could partake in real attacks. For instance, the company found no evidence of Outlook bugs being exploited.

Reading on this vulnerability rollercoaster suggests that the Windows OS might not have the best security setup. However, Microsoft, in conjunction with other companies, actively runs through potential threats. For Windows users, it means one thing: do not skip a patch. It is critical to ensuring safety on your device.

Windows 10 privacy concerns

Since its release in 2015, Windows 10 has been under rigorous scrutiny for its default privacy settings. One of the most actively disputed features was the intrusive ad personalization. Ads embedded in the OS appeared during even trivial activities, such as playing Solitaire.

Furthermore, users were uncomfortable with the way their data reached Cortana. The digital assistant would retrieve information about installed apps, device location, calendar details, contacts, etc. In addition to ambiguous terms of service, the default setup of Windows 10 became notorious for its privacy backlash. Of course, you can revoke some of the permissions. Here are the main changes Windows 10 users should consider to protect their privacy.

  • Disable ad personalization. Windows 10 gives you a unique advertising ID linked to your email account. After that, your device and online actions will influence the ads you see via your OS. You can disable it through the Settings panel. However, bear in mind that you will still see ads, but Microsoft won’t tailor them specifically for you.
  • Prevent Activity History logging. Windows OS tracks all your actions, allegedly for quick access to previous documents or websites. If you are uncomfortable with such logs, disable Activity History via the Privacy panel. You will lose the Timeline feature, but it might be worth it to stop Microsoft from accumulating such data.
  • Control microphone and camera access. You can block access to these features at the OS level. This change will calm your anxiety about unknown sources spying on you.
  • Manage diagnostic data. In your Windows setting, you should see a Diagnostics & feedback tab. It refers to the information Microsoft receives and considers when improving or personalizing your experience. You can find out which details it already has and delete them. However, there is no magic button to disable this feature. Fortunately, you can switch from the Full to the Basic setting. Then, Microsoft harvests minimal details, mostly related to devices and their configurations.

Final notes on Windows

Windows operating systems have a clear disadvantage to others. Its user base is massive, and frequent bug disclosures do not help its security and privacy position. However, as long as you use legitimate software, install updates, and tweak default settings, you can stay reasonably safe.

macOS

macOS has maintained a loyal user base since its initial release in 2001. A general assumption is that macOS is more capable of fending off attackers. One of the central arguments supporting this perception is Apple’s control over its OS. Take Windows as an example. It runs on hardware from dozens of manufacturers. macOS, on the other hand, is specifically for Apple products. By building a closed system, Apple dodges many hardware-based bugs that could lead to hacks. However, treating Apple as superior and invincible has severe downsides.

macOS threat landscape

The assumption that macOS battles fewer threats is no longer accurate. The 2020 State of Malware Report names macOS as the leader in terms of threats detected per endpoint. According to calculations, that is a 400% increase from 2018 statistics. Experts predict that the spike in macOS users might be the factor motivating cybercriminals. If these growth tendencies continue, Mac users won’t benefit from its minority market share. Currently, the threat landscape suggests several dominant routes cybercriminals choose.

  • Adware. Programs flooding victims with unwanted ads are the main threats to macOS users. One of these parasites, dubbed as Shlayer, has compromised one in ten systems. However, such adware attacks seem to rely on human error, not any technical vulnerability. If we take Shlayer, the adware-spreading Trojan, its primary distribution channels are websites. Dozens of domains redirect people to fake pages, responsible for planting infections into users’ systems. Research also shows the most vulnerable people: those looking for pirated software or content.
  • Potentially unwanted programs (PUPs). Increased numbers of PUPs mean that more people might download unnecessary or even dangerous applications. According to Malwarebytes, most of such tools pretend to be legitimate security-oriented apps. However, their purpose is to trick people into paying for unnecessary fixes.

Unusual vulnerability in macOS

macOS does encounter and resolve its fair share of vulnerabilities. From flawed Gatekeeper to macro-based attacks via malicious Microsoft Word documents, macOS has battled a lot. However, the most dangerous and potentially unexpected vulnerability continues to be macOS users. Blindly relying on Apple to fortify its OSs from all threats is a recipe for disaster.

Users’ privacy

Experts have criticized Apple for intrusive user data collection. Their reports included doubts about whether Apple needed to receive app usage details alongside IP addresses. Logs also traveled to Apple unencrypted, meaning outsiders could have easily retrieved them. After these allegations, Apple swiftly announced to halt the IP address transmission. Additionally, the company plans to encrypt app usage details flowing to its servers.

Overall, privacy works as a leading force in Apple’s marketing strategy, and it gives it a competitive edge. Overall, the company retains privacy as a core value and has evidence to back its dominant position. In the WWDC 2020 video, Apple explained its trust-building model, approach to privacy, and four privacy pillars. The latter includes:

  • On-device processing, meaning that data does not travel to servers but remains in your device.
  • Data minimization, a practice set out to drastically reduce volumes of collected user data.
  • Security protections relating to all practices set out to safeguard data.
  • Transparency and control, meaning that users have a voice in terms of their data collection and usage.

One of the highlighted examples was QuickType and Siri voice recognition. When users dictate on their phones, voice data gets processed locally.

Final notes on macOS

macOS is a viable option if you have the necessary budget. In addition to treating privacy as a priority, it faces less severe malware infections. However, the central factor in becoming a macOS user is to avoid common misconceptions. While it is a less vulnerable ecosystem, it is not foolproof. Your active participation is a requirement.

Android

You might have doubts about Android or, more specifically, its owner. Google is not the company that we naturally associate with privacy. Nevertheless, it is not without its set of advantages. Android operating systems are everywhere, and it dominates the mobile OS market. It surpassed Microsoft Windows in November of 2020.

Fake apps and vulnerabilities

Google issues regular patches to fix bugs in Android operating systems. Vulnerabilities vary, from malicious apps stealing data from legitimate ones to counterfeit apps imitating legitimate software. Anyone tracking Android’s journey knows its struggles and fights with cybercriminals that exploit its official app store.

We have seen vulnerabilities in Android camera apps, fake contact-tracing, photography, gaming, and even dangerous apps marketed to children. The ongoing battle with malicious submissions to Google Play Store has been overwhelming on all ends. In 2019, Google even crafted an alliance with three security companies to detect fake applications faster. However, it might take a while to get satisfactory results.

Privacy and settings

Google has been making waves with its latest privacy-focused features for Android. For one, it adopted a new update practice, allowing swift and efficient delivery that no longer requires a reboot. The newer OS versions also focus on giving users more control over their data. They operate with quite extensive Privacy settings, allowing users to manipulate access privileges for each app. For instance, you can easily remove geo-information from photos before uploading them. Simply visit your Photo app to find this setting.

But what about the data Google gathers? Such concerns are valid, knowing the far-reaching capabilities of this tech giant. However, there are ways to evade its all-seeing eye. You can turn off Google’s ad personalization and scale down or disable practices used to share browsing data with Google. While you are at it, shut down the Android’s location history feature. You can do this via the Manage Your Google Account section in Google’s part of your system settings. So, after revoking permissions you feel uncomfortable with, you might trust your Android a little more.

Final notes on Android

Android has had its ups and downs in terms of privacy and security. However, by installing regular patches and changing default settings to your liking, you can confidently use your smartphone.

iOS

iOS has always attempted to graciously uphold its position as the most secure mobile operating system. In many ways, it succeeded in fortifying its walls and maintaining a stable reputation. However, it hasn’t been smooth sailing throughout its journey.

Vulnerability overview

Apple is no stranger to patching a variety of vulnerabilities in iOS. A recently disclosed threat emerged from spyware sold by Israel’s NSO Group. Specialists reported that software is capable of exploiting a vulnerability in iMessage. This scenario would ultimately lead to a takeover of targeted iPhones.

Apple faces such nerve-wracking situations more frequently, especially after more security firms turned to test mobile devices. Hence, while elevated security is a priority for Apple, maintaining a foolproof ecosystem is close to impossible. As a result, it deals with zero-day vulnerabilities, fixes issues with default apps, and prepares for the next fights.

Privacy as the core value

Apple takes pride in its private ecosystem for smartphone users. As mentioned above, storing data locally and minimizing its collection are clear priorities, reflected in iOS. However, iOS does not stop there.

Its app store is more resistant to fake apps, which has a lot to do with extensive app review processes. Hence, iOS users are less likely to install counterfeit applications. Furthermore, Apple recently disclosed its new requirements for app developers. Submissions to the App store will need to feature short summaries of apps’ privacy practices. These brief labels will indicate data used to track you and data linked or not linked to you. Since users rarely read official privacy policies, experts hope that short summaries will cover the essential points.

However, Apples has also introduced a more controversial change, compared to a seismic shift. It essentially means that users would get pop-ups in each app they have. Such warnings would explain the apps’ data tracking practices and offer options to disable them. Understandably, many app owners criticized this plan, suggesting that their business models would suffer tremendously. From the consumers’ perspective, these pop-ups could be a victory in transparency and privacy. Apple schedules the enforcement of the changes sometime in 2021.

Until then, users can take advantage of other privacy controls in iOS 14. Packed with enhancements front and center, it brings multiple benefits to privacy-savvy users. You can easily find out which apps use your camera or microphone. Also, iOS 14 offers advanced controls over location tracking and access to photos. A data breach monitoring system can inform you when your credentials are in danger of exploitation.

Final notes on iOS

iOS is a strong contender for the title of the most secure and private OS. Apple continues to safeguard its ecosystem, and despite losing some competitive advantage, it is a reliable option.

John C.

John C.

Ex full-time gamer and content writer at Atlas VPN. He's eager to help his readers make their online lives safer and easier than ever before.

Tags:

windowsmacosandroidios