I recently came across an example that puts money behind the assertion that Windows is more secure than macOS.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. Contestants are challenged to exploit widely used software. Cash prizes are awarded to those contestants that successfully demonstrate the vulnerability of various software. The value of the prizes are set by the level of difficulty expected in each software.
Here is the announcement of prizes for local escalation of privilege:
Local Escalation of Privilege
Although we’ve had some Escalation of Privilege (EoP) bugs as add-ons in past Pwn2Owns, this is the first year it has a category of its own. This is also the first time we included Linux as a target. In this category, the entry must leverage a kernel vulnerability to escalate privileges. If they do, contestants will earn $30,000 for Microsoft Windows 10, $20,000 for macOS, and $15,000 for Ubuntu Desktop. They will also get 4 Master of Pwn points for Windows and 3 for the other OSes. Considering the various types of malware that use local EoPs, this could prove to be an impactful category. As always, the latest, fully-patched version of each OS will be used — even if we have to stay up late to install the patches.
$30,000 for Microsoft Windows 10 and $20,000 for macOS.
So when Pwn2Own put their money on the security of operating systems, they bet on Windows.
Good job Microsoft.
Originally published at blog.benmoore.info on February 6, 2017.