this post was submitted on 03 Nov 2023
1170 points (97.5% liked)
Programmer Humor
32595 readers
1789 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think you can just lockdown the bios with a super strong password to get the similar security as macbook, no? Since I think the only one major security feature avaliable on mac, but not on PC, is a locked down bois, so attacker cannot install a malicious OS.
Assuming your bios is reasonably secure and you are using a reasonable OS with reasonable security feature enabled (like linux with LUKS and TPM auto-unlock, or windows with bitlocker), PC should be reasonably secure compare to a mac.
I would love to know what other security features mac provides that is not avaliable on a PC.
I guess MacBooks are easier to deploy
Could be, I imagine there would be less work if everyone has the same OS.
I dont work in IT, but I remember there are excellent tools by Microsoft to do mass IT management (but who want to use windows anyway /jk)
would be interesting to see a comparison of IT tools avaliable macOS, Windows, and Linux distros. And how much advantage does immutable OSes like silverblue, macOS, and chrome OS provides against mutable OSes.
I was talking specifically about MacOS X vs. everything else because, for example, you don't have to setup the bios. Just hand out a macbook for everyone and (mostly) deployment compñete, i guess
Unix based systems tend to be able to be hardened to a higher level than windows devices. Apple provides a lot of apis for preventing unsigned code from running, which can go a long way beyond a locked down bootloader.
It's less that they're intrinsically more secure, it's just that it's a bit easier for a determined admin to lock it way further down while also not irritating the user.
I seem to recall Chromebooks are even better, but you sacrifice a lot more.