AppleInsider › Forums › General › General Discussion › Apple recruits former Microsoft, Mozilla security chief
New Posts  All Forums:Forum Nav:

Apple recruits former Microsoft, Mozilla security chief

post #1 of 39
3/2/10 at 5:21am
Thread Starter 
The former security chief for the Mozilla Corporation and security lead for Microsoft's Windows XP Service Pack 2 has moved on to Apple, where she will serve as the senior security product manager, according to a new report.

Window Snyder's first day at Apple was Monday, according to PC World. While it noted that Apple was the "third browser-maker in the past five years that has employed Snyder," it did not indicate whether she would work on the Safari browser or some other technology for the Cupertino, Calif., company.

The Internet Explorer browser was not the main focus in her tenure at Microsoft, where Snyder was credited with pioneering the Blue Hat program, initiating communications between developers at the Redmond, Wash., software giant and outside security researchers. A profile in USA Today in 2008 noted this was done at a time wen "Microsoft was loath to share technical information with those outside" the company's headquarters.

At Mozilla, Snyder carried a tongue-in-cheek title of "chief security something-or-other," and she oversaw security for the company's popular Firefox Web browser. While most Mozilla programmers work on the open source software for free, Snyder earned a salary through the Mozilla Corporation.

Snyder left Mozilla in 2008 to work on something she said she has "always been passionate about." She has worked as a consultant for the past year.

Apple has regularly looked to improve security in its products. In 2009, the company posted a job listing as it was looking to hire a security manager for the iPhone OS. The Cupertino, Calif., based position would have someone oversee its team which secures booting and installation of the iPhone OS, and works to protect and harden it against outside threats.

Last May, Apple hired Ivan Krstic, developer of the security architecture for the One Laptop Per Child's XO system. Krstic is a prodigy security guru with anti-malware credentials.

When it launched last summer, Mac OS X 10.6 Snow Leopard included basic malware protection that provides users with a warning when disk images are opened containing known malware installers.
Reply
Reply
post #2 of 39
3/2/10 at 5:40am
Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.
Reply
Reply
post #3 of 39
3/2/10 at 5:43am
Quote:
Originally Posted by ascii View Post

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.


you would be surprised. after XP shipped they made security a priority. a lot of people say they are better than Apple because they are more open about it rather than keep everything a secret. Apple is going to have to do the same thing if they want to grow market share past 10%.

with Windows 2008 R2/Windows 7 the old WIndows NT/2000/2003/XP code is gone except for backwards compatibility. Windows is now more modular like UNIX and will be even more modular going forward. Windows 7 has been out for a year if you count the beta and there hasn't been any exploits except the SMB BSOD issue which was fixed and didn't result in any security issues
Reply
Reply
post #4 of 39
3/2/10 at 5:46am
Quote:
Originally Posted by ascii View Post

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.

I suspect Apple know what they are doing and that she isn't responsible for any M$ issues.
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
post #5 of 39
3/2/10 at 6:01am
Quote:
Originally Posted by al_bundy View Post

you would be surprised. after XP shipped they made security a priority. a lot of people say they are better than Apple because they are more open about it rather than keep everything a secret. Apple is going to have to do the same thing if they want to grow market share past 10%.

with Windows 2008 R2/Windows 7 the old WIndows NT/2000/2003/XP code is gone except for backwards compatibility. Windows is now more modular like UNIX and will be even more modular going forward. Windows 7 has been out for a year if you count the beta and there hasn't been any exploits except the SMB BSOD issue which was fixed and didn't result in any security issues

All XP does is alert you that "your computer might be at risk", and that if you click this or download that, your computer might get infected. God forbid you should purchase Windows with the virtually un-installable Mcafee or NAV.

Snyder is not to be trusted, and I think Apple will eventually "fall to the communists".

Ron Paul

Reply

Ron Paul

Reply
post #6 of 39
3/2/10 at 6:02am
Quote:
Originally Posted by digitalclips View Post

I suspect Apple know what they are doing and that she isn't responsible for any M$ issues.

Yep....I agree! Sounds like a very smart person!
Reply
Reply
post #7 of 39
3/2/10 at 6:11am
Is her name really Window Snyder? What's her middle name, Wysiwyg?
Reply
Reply
post #8 of 39
3/2/10 at 6:13am
Her first name is Windows!!
Reply
Reply
post #9 of 39
3/2/10 at 6:17am
Quote:
Originally Posted by ascii;

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.

Windows 7 is considered to have great security and, yes, better than the Mac. The Mac has security through obscurity. Of course it always better to have a house in Beverly Hills with minimum security than living in the ghetto with maximum security.

As it stands now, Safari is generally considered to be the least secure browser even though it's my browser of choice. I'd never use it on Windows though. It is has continually been the first one to go down in the Pwn2Own contests.
Reply
Reply
post #10 of 39
3/2/10 at 6:19am
Please tell me her name is not Window...
Reply
Reply
post #11 of 39
3/2/10 at 6:20am
Quote:
Originally Posted by ascii View Post

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.

Um, because she's not a security expert, but rather the manager you hire to lead the team of security experts?

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply
post #12 of 39
3/2/10 at 6:22am
Quote:
Originally Posted by al_bundy View Post

with Windows 2008 R2/Windows 7 the old WIndows NT/2000/2003/XP code is gone except for backwards compatibility. Windows is now more modular like UNIX and will be even more modular going forward.

They still have a lot of old code that is infecting Windows 7 and Windows Server 2008:
http://news.bbc.co.uk/2/hi/technology/8499859.stm

I'll agree that Windows has gotten better, but it's far from being flawless. One of the best security models out there is diversity. Any company that relies upon a single operating system is just asking for eventual problems. With so many people using one OS, these issues are bound to happen. If there was an even split between multiple operating systems, the computing realm would be a much better place. Security would be better since each OS would have different models and the effort to break in would be less for each one. More importantly, if one was compromised, you'd still have other functioning ones. If sensitive data was set up intelligently (which is a big IF in some cases), then you'd have to bypass both OSes to get to the data, which is much more unlikely.
Reply
Reply
post #13 of 39
3/2/10 at 6:23am
Quote:
Originally Posted by Blastdoor View Post

Is her name really Window Snyder? What's her middle name, Wysiwyg?

I guess this means that giving a kid an "original" name doesn't *always* mean they will turn out to be a selfish loser (just most of the time).

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply
post #14 of 39
3/2/10 at 6:26am
Quote:
Originally Posted by al_bundy View Post

Windows is now more modular like UNIX and will be even more modular going forward.

Yes, I think this is important to security. Having small programs that do one thing only, and then join them together with a shell script. But despite this approach in the underlying BSD-style OS, Apple still insists on writing monolithic user-facing "apps" on top of it, so there will always be security holes. MS does the same.

If a box simply must be secure then I guess the safest bet is to run pure Darwin or OpenBSD or some such, and runs "apps" on a separate airgapped box with no Internet connection.
Reply
Reply
post #15 of 39
3/2/10 at 6:29am
Quote:
Originally Posted by al_bundy View Post

you would be surprised. after XP shipped they made security a priority. a lot of people say they are better than Apple because they are more open about it rather than keep everything a secret. Apple is going to have to do the same thing if they want to grow market share past 10%.

And a lot of other people say that you risk and lose security by being too open.

How anyone can assert that XP or any version of Windows is more secure than OSX is beyond me. Reality doesn't indicate this.
Reply
Reply
post #16 of 39
3/2/10 at 6:34am
Quote:
Originally Posted by Quevar View Post

They still have a lot of old code that is infecting Windows 7 and Windows Server 2008:
http://news.bbc.co.uk/2/hi/technology/8499859.stm

I'll agree that Windows has gotten better, but it's far from being flawless. One of the best security models out there is diversity. Any company that relies upon a single operating system is just asking for eventual problems. With so many people using one OS, these issues are bound to happen. If there was an even split between multiple operating systems, the computing realm would be a much better place. Security would be better since each OS would have different models and the effort to break in would be less for each one. More importantly, if one was compromised, you'd still have other functioning ones. If sensitive data was set up intelligently (which is a big IF in some cases), then you'd have to bypass both OSes to get to the data, which is much more unlikely.

The latter half of your post is an interesting argument even though I think that is not the way Apple is headed. I think for the most part that Apple is happy with the Mac living slightly above average security because they probably won't ever have a high marketshare.

With the iDevices Apple has taken a different tact. Many people believe that the iPhone OS is the future of the Mac OS. It could be their way of trying to beat the Windows OS monopoly. In this case, Apple has completely locked down the OS and relegated the browser to just a page viewer. It would also partly explain their distaste for Flash since that has been the source of the most recent exploits.

The only problem is that with increased security comes less openness.
Reply
Reply
post #17 of 39
3/2/10 at 6:36am
Quote:
Originally Posted by ascii View Post

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.

Believe it or not, MS's security is pretty good, it's just that so many viruses and malware programs target Windows and IE things seem terrible. IE8 is a lot more secure than most people think and it's no more vulnerable than Safari or firefox if the user installs Flash.

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #18 of 39
3/2/10 at 6:53am
Quote:
Originally Posted by Blastdoor View Post

Is her name really Window Snyder? What's her middle name, Wysiwyg?

As much I am hating the focus on this women's name, that was funny.


Quote:
Originally Posted by Zoolook View Post

Believe it or not, MS's security is pretty good, it's just that so many viruses and malware programs target Windows and IE things seem terrible. IE8 is a lot more secure than most people think and it's no more vulnerable than Safari or firefox if the user installs Flash.

I agree. if you hire a team to fix a damn after it's leaking you can't miracles no matter how talented they are.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #19 of 39
3/2/10 at 7:26am
Quote:
Originally Posted by christopher126 View Post

Yep....I agree! Sounds like a very smart person!

Pretty too, for what it's worth.

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply

banned: patpatpatTEKSTUDRot'nAppleJerrySwitched26iSheldonDaHarderFlaneurPendergastthataveragejoe 

Reply
post #20 of 39
3/2/10 at 7:37am
Problem is, Windows is only more secure than OS X because it has User Account Control, which asks you for every little program that needs elevated permissions. That gets annoying after a while and soon the user just ignores reading it and clicks yes every time. So really what we need is something better, something that protects the user from himself/herself
Reply
Reply
post #21 of 39
3/2/10 at 7:38am
I'm no expert, but from everything I have read on the subject no OS is safe. Mac user get to skip most of the security issues that plague Windows users because we have a small market share. As a result no one cares enough to bother.

The best thing that can happen to the Mac community is for the iPad to become a niche product and for Apple to remain small.

Of course if your a stock holder you don't want to hear that. But if you've never used Windows before, trust me you don't want to have to reinstall your OS every six months when you get hit by the bad guys.
Reply
Reply
post #22 of 39
3/2/10 at 7:42am
Quote:
Originally Posted by pmz View Post

And a lot of other people say that you risk and lose security by being too open.

How anyone can assert that XP or any version of Windows is more secure than OSX is beyond me. Reality doesn't indicate this.

windows 7 supports the randomization of system data in RAM. 10.6 doesn't.

at the last black hat conference one of the researchers even said that Windows 7 is more secure than 10.5 and 10.6
Reply
Reply
post #23 of 39
3/2/10 at 7:44am
Quote:
Originally Posted by bartfat View Post

Problem is, Windows is only more secure than OS X because it has User Account Control, which asks you for every little program that needs elevated permissions. That gets annoying after a while and soon the user just ignores reading it and clicks yes every time. So really what we need is something better, something that protects the user from himself/herself


when i first started using Mac's i was shocked that it asked me for my password to install applications. i thought UAC was a bad Windows dream
Reply
Reply
post #24 of 39
3/2/10 at 7:44am
Quote:
Originally Posted by solipsism View Post

As much I am hating the focus on this women's name, that was funny.

Thanks :-)
Reply
Reply
post #25 of 39
3/2/10 at 7:46am
Quote:
Originally Posted by Gazoobee View Post

Pretty too, for what it's worth.

Not only pretty, but pretty in a sweet, friendly kind of way. When I hear "security" I think more of a Boris and Natasha look.
Reply
Reply
post #26 of 39
3/2/10 at 7:46am
Quote:
Originally Posted by christopher126 View Post

Yep....I agree! Sounds like a very smart person!

I know someone thar was lucky enough to show me around Apple retail. I was also told when Leopard came out the computers where employees time clocked in that they stayed with Tiger for almost 6 months plus this system had macafee or some other protection running in the background. Was it due to virus? I don't know but if all my employees clocked in on thus one machine, I would want to make sure you could not hack into it.

Just my thoughts. Maybe this is why they had it.
Reply
Reply
post #27 of 39
3/2/10 at 8:00am
Quote:
Originally Posted by ascii View Post

Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.

Considering that SP2 is considered the release that essentially "fixed" Windows XP, I don't see why anyone would question this.
Reply
Reply
post #28 of 39
3/2/10 at 8:59am
Quote:
Originally Posted by Gazoobee View Post

Um, because she's not a security expert, but rather the manager you hire to lead the team of security experts?

And given the M$ track record with management of security, she's still a bad choice. Apple has a FAR better track record on security than M$ ever had, and XP SP2, which seems to be what she managed, wasn't exactly even remotely secure.

The response to her application to Apple should have been something like: "Oh, you worked on security at M$? HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA!" (wads up application and puts it in trash)
Reply
Reply
post #29 of 39
3/2/10 at 9:00am
Quote:
Originally Posted by Blastdoor View Post

Thanks :-)

Good luck to us all!

I'm sure she probably got to use a friends mac and then asked herself,

"Are you sure you want to stay working for a company that makes all these bogus dialogue boxes asking you if you are sure that you are sure that you are sure?"

(not to mention that Apple offers only one version of their operation system!)
Reply
Reply
post #30 of 39
3/2/10 at 9:30am
Quote:
Originally Posted by Gazoobee View Post

Pretty too, for what it's worth.

She don't have a forehead, she gots a fivehead.
Reply
Reply
post #31 of 39
3/2/10 at 9:57am
At least she'll have a TON of experience coming from MeToo$oft..
Reply
Reply
post #32 of 39
3/2/10 at 11:23am
[QUOTE=DarkVader;1582473]XP SP2, which seems to be what she managed, wasn't exactly even remotely secure./QUOTE]
Service Pack 2 was the one that went a long way to fixing Windows XP. Although revisionists like to write down XP as a great OS and Vista as pants, the fact is Vista was not only far better looking but also far less likely to be compromised. The released version of XP was a security nightmare. In my opinion this is a great thing to have on ones CV (a lot better than, say, WebTV and MobileMe).

I'm pleased to read reports of Apple is hiring (and not losing people) for a change.

I'm pleased it is in the area of Security, because Apple needs to tighten up here. There is no excuse for being so late in shipping patches for open source components of the OS.

She sounds like she has a sense of humor as well chief security something-or-other!

Good news all round.
Reply
Reply
post #33 of 39
3/2/10 at 11:57am
This chick ain't bad looking, I'd hit it
Reply
Reply
post #34 of 39
3/2/10 at 1:58pm
Now about security. First Apple isn't a closed system in the way that MS is. Many of OS/Xs software packages are open sourced. I'm just rejecting the idea that Apple is not as open as MS. It is just that issues are often solved outside of Apple.

However Apple does have one big issue, that is slow response times. Often packages distributed by Apple are relatively old. The one improvement Apple needs to make is better distribution of app fixes or upgrades. Waiting for each 10.6.x upgrade to come out isn't always wise. I kinda wish that Apple would take an app store approach for Mac software, just so there would be a quick and clean way yo keep ones system updated with security fixes. I say kinda because I'd really like to see something that merges the functionality of a Linux repository with an app store like setup.



Dave
Reply
Reply
post #35 of 39
3/2/10 at 7:35pm
Quote:
Originally Posted by benice View Post

Her first name is Windows!!

Her first name is Widows and they still hired her?
Reply
Reply
post #36 of 39
3/2/10 at 7:41pm
Quote:
Originally Posted by quinney View Post

She don't have a forehead, she gots a fivehead.

A little too RuPaul Charles is you ask me.
Reply
Reply
post #37 of 39
3/2/10 at 10:29pm
Quote:
Originally Posted by wizard69 View Post

Now about security. First Apple isn't a closed system in the way that MS is. Many of OS/Xs software packages are open sourced. I'm just rejecting the idea that Apple is not as open as MS. It is just that issues are often solved outside of Apple.

This isn't what's meant when people say that Apple is too closed about security. They are referring to Apple's practice of shipping security updates without disclosing the actual vulnerability, often making it impossible to know what, if anything the security update addresses. This is called security through obscurity, and it is proven to not work. Apple will also stay tight lipped about released security vulnerabilities, often times not even admitting there's a problem, and then not saying when a fix will be available. The QuickTime MySpace worm, which infected millions of people, was a prime example of Apple remaining inexplicable closed lipped and closedeven after the worm had spread to over a million infected machines using a vulnerability in QuickTime, Apple hadn't made any public statement to admit a problem, nor would they say when a fix would be available. If Microsoft exhibited such behavior, they'd be instantly ostracized in the computing community.

Quote:
However Apple does have one big issue, that is slow response times. Often packages distributed by Apple are relatively old. The one improvement Apple needs to make is better distribution of app fixes or upgrades. Waiting for each 10.6.x upgrade to come out isn't always wise. I kinda wish that Apple would take an app store approach for Mac software, just so there would be a quick and clean way yo keep ones system updated with security fixes. I say kinda because I'd really like to see something that merges the functionality of a Linux repository with an app store like setup.

This is one big reason enterprises hate Apple's software distribution. Security vulnerabilities are a big deal when your software is deployed on thousands of machines at a security-conscious workplace like NASA or the NSA. Many times such enterprises will use [Symantec] Altiris or another enterprise console to make sure each endpoint on the network is not running any software that contains security vulnerabilities. This is impossible on a Mac, since Apple will often include security patches as part of feature upgrades, like Mac OS X 10.6.3. This precludes enterprises from being able to pick up the security fixes without picking up the entire 10.6.3 package, which means all the custom applications written by JPL, the NSA, etc. have to be re-tested on 10.6.3 just so they can get a security fix. This would not fly in any large enterprise environment.
Reply
Reply
post #38 of 39
3/3/10 at 7:14am
Quote:
Originally Posted by al_bundy View Post

you would be surprised. after XP shipped they made security a priority. a lot of people say they are better than Apple because they are more open about it rather than keep everything a secret. Apple is going to have to do the same thing if they want to grow market share past 10%.

with Windows 2008 R2/Windows 7 the old WIndows NT/2000/2003/XP code is gone except for backwards compatibility. Windows is now more modular like UNIX and will be even more modular going forward. Windows 7 has been out for a year if you count the beta and there hasn't been any exploits except the SMB BSOD issue which was fixed and didn't result in any security issues

"Trust me... this time it's gonna be different"
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
post #39 of 39
3/3/10 at 7:40am
Quote:
Originally Posted by skittlebrau79 View Post

This isn't what's meant when people say that Apple is too closed about security. They are referring to Apple's practice of shipping security updates without disclosing the actual vulnerability, often making it impossible to know what, if anything the security update addresses. This is called security through obscurity, and it is proven to not work. Apple will also stay tight lipped about released security vulnerabilities, often times not even admitting there's a problem, and then not saying when a fix will be available. The QuickTime MySpace worm, which infected millions of people, was a prime example of Apple remaining inexplicable closed lipped and closedeven after the worm had spread to over a million infected machines using a vulnerability in QuickTime, Apple hadn't made any public statement to admit a problem, nor would they say when a fix would be available. If Microsoft exhibited such behavior, they'd be instantly ostracized in the computing community.


This is one big reason enterprises hate Apple's software distribution. Security vulnerabilities are a big deal when your software is deployed on thousands of machines at a security-conscious workplace like NASA or the NSA. Many times such enterprises will use [Symantec] Altiris or another enterprise console to make sure each endpoint on the network is not running any software that contains security vulnerabilities. This is impossible on a Mac, since Apple will often include security patches as part of feature upgrades, like Mac OS X 10.6.3. This precludes enterprises from being able to pick up the security fixes without picking up the entire 10.6.3 package, which means all the custom applications written by JPL, the NSA, etc. have to be re-tested on 10.6.3 just so they can get a security fix. This would not fly in any large enterprise environment.

I would have thought that places like NASA, FBI, CIA, etc, use unix-based custom OSs whose vulnerabilities (if any) no-one knows about, and NOT every other guys Windows... may be I watched too much 24?
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple recruits former Microsoft, Mozilla security chief