Apple recruits former Microsoft, Mozilla security chief

2»

Comments

  • Reply 21 of 38
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by pmz View Post


    And a lot of other people say that you risk and lose security by being too open.



    How anyone can assert that XP or any version of Windows is more secure than OSX is beyond me. Reality doesn't indicate this.



    windows 7 supports the randomization of system data in RAM. 10.6 doesn't.



    at the last black hat conference one of the researchers even said that Windows 7 is more secure than 10.5 and 10.6
  • Reply 22 of 38
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by bartfat View Post


    Problem is, Windows is only more secure than OS X because it has User Account Control, which asks you for every little program that needs elevated permissions. That gets annoying after a while and soon the user just ignores reading it and clicks yes every time. So really what we need is something better, something that protects the user from himself/herself





    when i first started using Mac's i was shocked that it asked me for my password to install applications. i thought UAC was a bad Windows dream
  • Reply 23 of 38
    blastdoorblastdoor Posts: 3,579member
    Quote:
    Originally Posted by solipsism View Post


    As much I am hating the focus on this women's name, that was funny.



    Thanks :-)
  • Reply 24 of 38
    blastdoorblastdoor Posts: 3,579member
    Quote:
    Originally Posted by Gazoobee View Post


    Pretty too, for what it's worth.





    Not only pretty, but pretty in a sweet, friendly kind of way. When I hear "security" I think more of a Boris and Natasha look.
  • Reply 25 of 38
    avidfcpavidfcp Posts: 381member
    Quote:
    Originally Posted by christopher126 View Post


    Yep....I agree! Sounds like a very smart person!



    I know someone thar was lucky enough to show me around Apple retail. I was also told when Leopard came out the computers where employees time clocked in that they stayed with Tiger for almost 6 months plus this system had macafee or some other protection running in the background. Was it due to virus? I don't know but if all my employees clocked in on thus one machine, I would want to make sure you could not hack into it.



    Just my thoughts. Maybe this is why they had it.
  • Reply 26 of 38
    azazel-azazel- Posts: 68member
    Quote:
    Originally Posted by ascii View Post


    Microsoft doesn't exactly have a reputation for good security. Why not hire someone from NSA or something like that.



    Considering that SP2 is considered the release that essentially "fixed" Windows XP, I don't see why anyone would question this.
  • Reply 27 of 38
    darkvaderdarkvader Posts: 1,146member
    Quote:
    Originally Posted by Gazoobee View Post


    Um, because she's not a security expert, but rather the manager you hire to lead the team of security experts?



    And given the M$ track record with management of security, she's still a bad choice. Apple has a FAR better track record on security than M$ ever had, and XP SP2, which seems to be what she managed, wasn't exactly even remotely secure.



    The response to her application to Apple should have been something like: "Oh, you worked on security at M$? HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA!" (wads up application and puts it in trash)
  • Reply 28 of 38
    rnp1rnp1 Posts: 175member
    Quote:
    Originally Posted by Blastdoor View Post


    Thanks :-)



    Good luck to us all!



    I'm sure she probably got to use a friends mac and then asked herself,



    "Are you sure you want to stay working for a company that makes all these bogus dialogue boxes asking you if you are sure that you are sure that you are sure?"



    (not to mention that Apple offers only one version of their operation system!)
  • Reply 29 of 38
    quinneyquinney Posts: 2,528member
    Quote:
    Originally Posted by Gazoobee View Post


    Pretty too, for what it's worth.





    She don't have a forehead, she gots a fivehead.
  • Reply 30 of 38
    cubertcubert Posts: 728member
    At least she'll have a TON of experience coming from MeToo$oft..
  • Reply 31 of 38
    columbuscolumbus Posts: 282member
    [QUOTE=DarkVader;1582473]XP SP2, which seems to be what she managed, wasn't exactly even remotely secure./QUOTE]

    Service Pack 2 was the one that went a long way to fixing Windows XP. Although revisionists like to write down XP as a great OS and Vista as pants, the fact is Vista was not only far better looking but also far less likely to be compromised. The released version of XP was a security nightmare. In my opinion this is a great thing to have on ones CV (a lot better than, say, WebTV and MobileMe).



    I'm pleased to read reports of Apple is hiring (and not losing people) for a change.



    I'm pleased it is in the area of Security, because Apple needs to tighten up here. There is no excuse for being so late in shipping patches for open source components of the OS.



    She sounds like she has a sense of humor as well ?chief security something-or-other?!



    Good news all round.
  • Reply 32 of 38
    terun78terun78 Posts: 36member
    This chick ain't bad looking, I'd hit it
  • Reply 33 of 38
    wizard69wizard69 Posts: 13,377member
    Now about security. First Apple isn't a closed system in the way that MS is. Many of OS/Xs software packages are open sourced. I'm just rejecting the idea that Apple is not as open as MS. It is just that issues are often solved outside of Apple.



    However Apple does have one big issue, that is slow response times. Often packages distributed by Apple are relatively old. The one improvement Apple needs to make is better distribution of app fixes or upgrades. Waiting for each 10.6.x upgrade to come out isn't always wise. I kinda wish that Apple would take an app store approach for Mac software, just so there would be a quick and clean way yo keep ones system updated with security fixes. I say kinda because I'd really like to see something that merges the functionality of a Linux repository with an app store like setup.







    Dave
  • Reply 34 of 38
    yesicanyesican Posts: 46member
    Quote:
    Originally Posted by benice View Post


    Her first name is Windows!!



    Her first name is Widows and they still hired her?
  • Reply 35 of 38
    yesicanyesican Posts: 46member
    Quote:
    Originally Posted by quinney View Post


    She don't have a forehead, she gots a fivehead.



    A little too RuPaul Charles is you ask me.
  • Reply 36 of 38
    Quote:
    Originally Posted by wizard69 View Post


    Now about security. First Apple isn't a closed system in the way that MS is. Many of OS/Xs software packages are open sourced. I'm just rejecting the idea that Apple is not as open as MS. It is just that issues are often solved outside of Apple.



    This isn't what's meant when people say that Apple is too closed about security. They are referring to Apple's practice of shipping security updates without disclosing the actual vulnerability, often making it impossible to know what, if anything the security update addresses. This is called security through obscurity, and it is proven to not work. Apple will also stay tight lipped about released security vulnerabilities, often times not even admitting there's a problem, and then not saying when a fix will be available. The QuickTime MySpace worm, which infected millions of people, was a prime example of Apple remaining inexplicable closed lipped and closed?even after the worm had spread to over a million infected machines using a vulnerability in QuickTime, Apple hadn't made any public statement to admit a problem, nor would they say when a fix would be available. If Microsoft exhibited such behavior, they'd be instantly ostracized in the computing community.



    Quote:

    However Apple does have one big issue, that is slow response times. Often packages distributed by Apple are relatively old. The one improvement Apple needs to make is better distribution of app fixes or upgrades. Waiting for each 10.6.x upgrade to come out isn't always wise. I kinda wish that Apple would take an app store approach for Mac software, just so there would be a quick and clean way yo keep ones system updated with security fixes. I say kinda because I'd really like to see something that merges the functionality of a Linux repository with an app store like setup.



    This is one big reason enterprises hate Apple's software distribution. Security vulnerabilities are a big deal when your software is deployed on thousands of machines at a security-conscious workplace like NASA or the NSA. Many times such enterprises will use [Symantec] Altiris or another enterprise console to make sure each endpoint on the network is not running any software that contains security vulnerabilities. This is impossible on a Mac, since Apple will often include security patches as part of feature upgrades, like Mac OS X 10.6.3. This precludes enterprises from being able to pick up the security fixes without picking up the entire 10.6.3 package, which means all the custom applications written by JPL, the NSA, etc. have to be re-tested on 10.6.3 just so they can get a security fix. This would not fly in any large enterprise environment.
  • Reply 37 of 38
    Quote:
    Originally Posted by al_bundy View Post


    you would be surprised. after XP shipped they made security a priority. a lot of people say they are better than Apple because they are more open about it rather than keep everything a secret. Apple is going to have to do the same thing if they want to grow market share past 10%.



    with Windows 2008 R2/Windows 7 the old WIndows NT/2000/2003/XP code is gone except for backwards compatibility. Windows is now more modular like UNIX and will be even more modular going forward. Windows 7 has been out for a year if you count the beta and there hasn't been any exploits except the SMB BSOD issue which was fixed and didn't result in any security issues



    "Trust me... this time it's gonna be different"
  • Reply 38 of 38
    Quote:
    Originally Posted by skittlebrau79 View Post


    This isn't what's meant when people say that Apple is too closed about security. They are referring to Apple's practice of shipping security updates without disclosing the actual vulnerability, often making it impossible to know what, if anything the security update addresses. This is called security through obscurity, and it is proven to not work. Apple will also stay tight lipped about released security vulnerabilities, often times not even admitting there's a problem, and then not saying when a fix will be available. The QuickTime MySpace worm, which infected millions of people, was a prime example of Apple remaining inexplicable closed lipped and closed?even after the worm had spread to over a million infected machines using a vulnerability in QuickTime, Apple hadn't made any public statement to admit a problem, nor would they say when a fix would be available. If Microsoft exhibited such behavior, they'd be instantly ostracized in the computing community.





    This is one big reason enterprises hate Apple's software distribution. Security vulnerabilities are a big deal when your software is deployed on thousands of machines at a security-conscious workplace like NASA or the NSA. Many times such enterprises will use [Symantec] Altiris or another enterprise console to make sure each endpoint on the network is not running any software that contains security vulnerabilities. This is impossible on a Mac, since Apple will often include security patches as part of feature upgrades, like Mac OS X 10.6.3. This precludes enterprises from being able to pick up the security fixes without picking up the entire 10.6.3 package, which means all the custom applications written by JPL, the NSA, etc. have to be re-tested on 10.6.3 just so they can get a security fix. This would not fly in any large enterprise environment.



    I would have thought that places like NASA, FBI, CIA, etc, use unix-based custom OSs whose vulnerabilities (if any) no-one knows about, and NOT every other guys Windows... may be I watched too much 24?
Sign In or Register to comment.