Apple Criticised for Poor Security
Here's the link
I think far too many mac users are complacent about this and I wouldn't be surprised at all if Apple's market share grows they do need to make a big push on security. Given how Apple deals with many companies I wouldn't surprised to discover they don't handle security researchers well either. Actually one of Apple's biggest flaws is their relations with resellers and people who support Apple, but that's another topic.
One thing I will say about Microsoft is as much flak as they get for their vulnerabilities they have improved massively and they have made good security a target within the company.
I think far too many mac users are complacent about this and I wouldn't be surprised at all if Apple's market share grows they do need to make a big push on security. Given how Apple deals with many companies I wouldn't surprised to discover they don't handle security researchers well either. Actually one of Apple's biggest flaws is their relations with resellers and people who support Apple, but that's another topic.
One thing I will say about Microsoft is as much flak as they get for their vulnerabilities they have improved massively and they have made good security a target within the company.
Comments
Originally posted by Telomar
Here's the link
I think far too many mac users are complacent about this and I wouldn't be surprised at all if Apple's market share grows they do need to make a big push on security. Given how Apple deals with many companies I wouldn't surprised to discover they don't handle security researchers well either. Actually one of Apple's biggest flaws is their relations with resellers and people who support Apple, but that's another topic.
One thing I will say about Microsoft is as much flak as they get for their vulnerabilities they have improved massively and they have made good security a target within the company.
It's hard to be sure this isn't a sensationalist piece without concrete examples. I don't doubt OS X isn't as secure as we all think it is, but I doubt it's a slice of swiss cheese when it comes to security holes.
Apple probably doesn't handle security researchers well because they don't need to. I'm sure Apple will wisen up once market share increases and OS X security will be breached.
Like I said before...I'll believe it when I see it...I've been running OS X since day -120 (public beta days) and have never needed a firewall or virus protection.
Security through obscurity is still nice to have.
Originally posted by Telomar
Here's the link
I think far too many mac users are complacent about this and I wouldn't be surprised at all if Apple's market share grows they do need to make a big push on security. Given how Apple deals with many companies I wouldn't surprised to discover they don't handle security researchers well either. Actually one of Apple's biggest flaws is their relations with resellers and people who support Apple, but that's another topic.
One thing I will say about Microsoft is as much flak as they get for their vulnerabilities they have improved massively and they have made good security a target within the company.
Another "security expert" claims that MacOS X security is due to its low marketshare. Yes, MacOS X has all these vulnerabilities that can be exploited oh so easily and Apple just flat-out refuses to fix them. Yeah, right.
It is truly amazing that a professional security expert has found numerous holes in MacOS X, but no crook has managed to exploit a single one of them. But the Mac's marketshare is too for a crook to bother with. OK. Wait a minute?the Mac's marketshare is high enough for a security expert to spend his employer's money on the Mac, but it is too low to merit a crook's time?
Will someone please explain these economics?
Most of these guys who says these things just want to sell their virus scanners to the 35 million Mac users.
Originally posted by Telomar
One thing I will say about Microsoft is as much flak as they get for their vulnerabilities they have improved massively and they have made good security a target within the company.
Bollocks to that. The Windows MetaFile vulnerablity is an adequate reminder if one were needed that Windows is still a pile of sh*t.
OSX and Windows are way different. I got better things to do.
Originally posted by Triestino
Bollocks to that. The Windows MetaFile vulnerablity is an adequate reminder if one were needed that Windows is still a pile of sh*t.
That is generalising. It's a bug, a serious one yes, but what you're saying is:
"this piece of brick seems broken....the whole house sucks!"
Originally posted by dacloo
That is generalising. It's a bug, a serious one yes, but what you're saying is:
"this piece of brick seems broken....the whole house sucks!"
That and the 67000+ other broken bricks.
Originally posted by Mr. Me
It is truly amazing that a professional security expert has found numerous holes in MacOS X, but no crook has managed to exploit a single one of them. But the Mac's marketshare is too for a crook to bother with. OK. Wait a minute?the Mac's marketshare is high enough for a security expert to spend his employer's money on the Mac, but it is too low to merit a crook's time?
Will someone please explain these economics?
I think this is pretty easy, but this has two or more factors.
On the attacker side, there is the path of path of most reward for the effort. If you were in "business" and you could spend ten hours developing an attack to make malware for money, then you will develop for the platform that will net you the most money. Even if it takes 5x as much work to develop an attack for Windows, it would still be a lot more lucrative. The only reason to chose Mac OS as a target is to get the Mac-heads to stop bragging, but that is ideological, there isn't as much return on investment.
Still, another factor is that there are people that spread FUD to make money on security services. I don't know how hard it would be to challenge these people, because of the obscurity standards, the snakes can just claim they are withholding the information for everyone's own good. It might be a protection or fraud racket, I won't tell you unless you pay, once the twit gets paid then he disappears and he may have sold a lie.
1) OS X is mostly architected to be secure, from the removal of the root account, to the concept of folders as applications (which can't be attached to emails outside a zip/tar file).
2) OS X has never been put to the test in terms of the integrity with which it has implemented its secure architecture. Just because you designed a building well doesn't mean there aren't any loose bricks, loose pipes, etc.
One benefit that Windows has it that its security has been thoroughly tested "in the wild", whereas OS X has not. One the one hand, you can use the analogy of Windows as a house without a front door, and OS X as a house with a locked front door (the lock can still be picked, the door smashed, etc). On the other hand, you can use an analogy of Windows as a person living in the third world with a natural tolerence to malaria, etc, and OS X as an athletic first world tourist in the third world that hasn't been properly vaccinated before travelling.
The whole OS X security issue needs to be put into its proper perspective. I for one think OS X is a very good OS, but it's far from immaculate.
Originally posted by Hiro
Yes windows has been battle tested in the wild for almost a decade now security wise. And failed pretty miserably the whole time. How does that model seem to make software any better?
Uh, it was poorly architected, whereas OS X was not?
Originally posted by JavaCowboy
Uh, it was poorly architected, whereas OS X was not?
I'm not making any definitive security judgements on OS X. Only time will tell that.
But the newly popular argument now is Windows handles security better because it has been attacked longer, so MS is better equipped to deal with security. If that was the case wouldn't the stupidly obvious vulnerabilities be wrung out of Windows by now? Both by repeated patching and using that experience to avoid them in the first place? [Which happens to be what the whole viewpoint hinges on]
It is a widely acknowledged matter of record that MS hasn't actually eliminated the kind of Windows coding patterns that cause security problems. The same coding pattern errors still show up in vulnerability databases, just in different components, even in the newer ones. Your locals which were supposed to have a natural tolerance against local diseases are still getting them, very frequently. That quite effectively repudiates that form of argument.
Originally posted by krisneph
Hasn't Unix been "Battle Tested" for over 20 years?
How it relates to OS X is a somewhat different story. The UNIX core has been around, but there are caveats. For one, despite this "testing", security vulnerabilities do still show up. Another is that what Apple puts on top of the UNIX core hasn't been public for anywhere nearly that long. A third is that this self-proclaimed security person in the article is claiming that there are older vulnerabilities that haven't been patched.
Yet another is that while UNIX has been around a long time, not only are there different variations, factions and competing code bases. New and improved services are introduced and sometimes they introduce new flaws.