MacOS versus Microsoft Windows: A Study on the Cybersecurity and Privacy User Perception of Two Popular Operating Systems - NDSS Symposium

Cem Topcuoglu (Northeastern University), Andrea Martinez (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International University), Engin Kirda (Northeastern University)

Operating Systems (OSs) play a crucial role in shaping user perceptions of security and privacy. Yet, the distinct perception of different OS users received limited attention from security researchers. The two most dominant operating systems today are MacOS and Microsoft Windows. Although both operating systems contain advanced cybersecurity features that have made it more difficult for attackers to launch their attacks and compromise users, the folk wisdom suggests that users regard MacOS as being the more secure operating system among the two. However, this common belief regarding the comparison of these two operating systems, as well as the mental models behind it, have not been studied yet.

In this paper, by conducting detailed surveys with a large number of MacOS and Windows users (n = 208) on Amazon Mechanical Turk, we aim to understand the differences in perception among MacOS and Windows users concerning the cybersecurity and privacy of these operating systems. Our results confirm the folk wisdom and show that many Windows and MacOS users indeed perceive MacOS as a more secure and private operating system compared to Windows, basing their belief on reputation rather than technical decisions. Additionally, we found that MacOS users often take fewer security measures, influenced by a strong confidence in their system’s malware protection capabilities. Moreover, our analysis highlights the impact of the operating system’s reputation and the primary OS used on users’ perceptions of security and privacy. Finally, our qualitative analysis revealed many misconceptions such as being MacOS malware-proof. Overall, our findings suggest the need for more focused security training and OS improvements and show the shreds of evidence that the mental model of users in this regard is a vital process to predict new attack surfaces and propose usable solutions.

View More Papers

Security When it is Welcome: Exploring Device Purchase as...

Simon Parkin (University College London); Elissa M. Redmiles (University of Maryland); Lynne Coventry (Northumbria University); M. Angela Sasse (Ruhr University Bochum and University College London)

Read More

Power to the Data Defenders: Human-Centered Disclosure Risk Calibration...

Kaustav Bhattacharjee, Aritra Dasgupta (New Jersey Institute of Technology)

Read More

File Hijacking Vulnerability: The Elephant in the Room

Chendong Yu (Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences), Yang Xiao (Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences), Jie Lu (Institute of Computing Technology of the Chinese Academy of Sciences), Yuekang…

Read More

Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering

Rui Zhu (Indiana University Bloominton), Di Tang (Indiana University Bloomington), Siyuan Tang (Indiana University Bloomington), Zihao Wang (Indiana University Bloomington), Guanhong Tao (Purdue University), Shiqing Ma (University of Massachusetts Amherst), XiaoFeng Wang (Indiana University Bloomington), Haixu Tang (Indiana University, Bloomington)

Read More