Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Permalink for comment 478638
To read all comments associated with this story, please click here.
RE[6]: Just another article
by Alfman on Sun 26th Jun 2011 07:49 UTC in reply to "RE[5]: Just another article"
Alfman
Member since:
2011-01-28

Neolander,

Those things would be practically free (given the ability to sandbox an app in the first place). So it makes so little sense that we're not doing those things today. They're obvious improvements to typical security models in use today.

Operating systems also need to do a better job of managing fine grained access.

On one system after an upgrade, I was troubleshooting a mysql issue. It would fail for no apparent reason - it indicated a file didn't exist, but it did and was owned by mysql. I ran strace against mysql, and to my surprise linux was reporting that the file didn't exist. I was extremely frustrated and straced mysql as root, which worked fine. Long story short, unbeknown to me, ubuntu's "apparmor" package made the file inaccessible to mysql. I admit inexperience with apparmor, however the level of grief caused by it was totally unacceptable. A normal user might have given up and run mysql as root.

I know there's a delicate balance to be reached somewhere, but the simple rules described by Neolander would go a long way to improving usability and security.

Reply Parent Score: 3