Linked by Eugenia Loli on Tue 1st May 2007 00:35 UTC
Privacy, Security, Encryption Dino Dai Zovi, the New York-based security researcher who took home USD b10000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week's worth of controversy about the security of Apple's operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system - Windows Vista or Mac OS X - is the sturdiest when it comes to security.
Thread beginning with comment 235923
To read all comments associated with this story, please click here.
True
by siti on Tue 1st May 2007 01:05 UTC
siti
Member since:
2005-07-06

Vista has active security. E.g. ALSR, NX to prevent buffer overflows being exploited.

Mac OSX has well... no active security. On top of that they take weeks to come out with security fixes. An example is when zlib had a flaw in less than 24 hours all the major linux distros had a fix. I remember a few weeks later I saw a security update for OSX that contained a fix for zlib.

The issue is that apple and their minions are so arrogant.

Reply Score: 5

RE: True
by Xaero_Vincent on Tue 1st May 2007 03:34 in reply to "True"
Xaero_Vincent Member since:
2006-08-18

Vista has active security. E.g. ALSR, NX to prevent buffer overflows being exploited.

Mac OSX has well... no active security. On top of that they take weeks to come out with security fixes. An example is when zlib had a flaw in less than 24 hours all the major linux distros had a fix. I remember a few weeks later I saw a security update for OSX that contained a fix for zlib.

The issue is that apple and their minions are so arrogant.


Wow. Your right on the money there. Microsoft cut alot of features out of Vista but security was not one of them.

The sad part of it all is 90-95% of the available Linux distributions are in the same boat as OS X: lack of active security due to arrogance of distro devs/complexity of implimenting them.

Reply Parent Score: 1

RE[2]: True
by evad on Tue 1st May 2007 09:37 in reply to "RE: True"
evad Member since:
2005-09-10

The sad part of it all is 90-95% of the available Linux distributions are in the same boat as OS X: lack of active security due to arrogance of distro devs/complexity of implimenting them.


This is a rather rude, inflammatory personal attack on developers of OS X and Linux distributions. You are, of course, allowed to say such things but I think you should at least defend your claims.

Nobody is perfect at security - and nobody can be. It is not fair to argue that "90-95%" of linux distributions have arrogant developers who produce operating systems that have worse security than Vista. You present no evidence to back up this claim.

I will, on the other hand, present evidence:

http://www.debian.org/security/
http://www.ubuntu.com/usn
http://fedoraproject.org/wiki/Security
http://www.novell.com/linux/security/securitysupport.html
http://www.apple.com/macosx/features/security/

You didn't state this, but, how on earth can anybody claim Mac OS X has no "active security"? They rely on the security built right into the Unix core (yes I know, this is an old claim) - but that didn't stop them having (1) Auto Update - just like Windows and Linux distributions. (2) A firewall - just like Windows (and, uh, Linux, depends on the distribution!).

The original post mentions "active security", and you say OS X and Linux does not have "Active Security". I'd like you to first tell me what Active Security is. It seems you are throwing two acronyms around - ALSR and NX.

Well guess what. Linux and Mac OS X support the NX bit and have done so for a while. Mac OS has supported NX bit ever since Apple released an Intel Mac OS X. Support was added to the Linux kernel in 2004. Many other operating systems support it.

Amusingly, there has been something called PaX available for the Linux Kernel which does exactly what ASLR does. PaX however has been in existence since 2000. PaX also does a heck of a lot more than the Windows kernel does. Sadly, and I don't really know why, most distributions don't compile it into their Kernel - I might be missing a key reason why they don't.

I'm now going to throw around some acronyms and names regarding Linux security: you can look these up yourself before claiming Vista is far better. Linux Security Modules, grsecurity, SELinux, ExecSheild, AppArmour, Linux Intrusion Detection Systems (LIDS).

Windows doesn't have them, the developers must be arrogant!

In reality, Microsoft, Apple and lots of open source companies and groups care deeply about security and they all work hard to make their operating systems as secure as possible. The last thing this debate needs is slander and personal attacks - it needs real evidence and constructive criticism.

Edited 2007-05-01 09:39

Reply Parent Score: 5

RE[2]: True
by dylansmrjones on Tue 1st May 2007 10:43 in reply to "RE: True"
dylansmrjones Member since:
2005-10-02

The sad part of it all is 90-95% of the available Linux distributions are in the same boat as OS X: lack of active security due to arrogance of distro devs/complexity of implimenting them.


Care to mention which distributions you are thinking about? Not to mention some evidence for your claim?

Security is a major issue for all mainstream distributions like (k)Ubuntu, Fedora, CentOS, Debian, Gentoo, Mandriva, OpenSuse, Linspire (that's true), Xandros, Ark Linux, Arch Linux and so on. Even smalller linux distributions (or meta-distributions) like LlinuxFromScratch, Sourcemage and the likes are security oriented.

Reply Parent Score: 2

RE: True
by Umbra on Tue 1st May 2007 05:26 in reply to "True"
Umbra Member since:
2006-03-06

The issue is that apple and their minions are so arrogant.

It is the role of technology companies to be arrogant. Tech companies should always know better than their customers. If they dont, we end up with with operating systems like Microsoft Windows (all versions) which all have been a major security disasters for more than 12 years. The main reason is Microsoft's pathetic fear for braking compatibility for customers apps & solutions and knowing better than their customers. As soon as tech companies stop being arrogant they are dead as tech companies. Tech companies role is to always know better than their customers - know better and know far ahead. This is what IBM once knew. But today they have started to listen to customers, and the customer knows nothing and is usually only aware of that fact too late - just like Microsoft.

All Mac OS operating systems have been extremely safe. Classic is still 100% safe to use and Mac OS X is still probably the safest desktop operating system on this planet.

Read my lips, Microsoft Windows Vista will continue from where Microsoft NT.95.98.W2K.XP ended their lifes as a stranded security mess, all unmaintainable. I am note mentioning Microsoft Windows Millennium, am I ?

Reply Parent Score: 3

RE[2]: True
by WyldStylist on Tue 1st May 2007 05:30 in reply to "RE: True"
WyldStylist Member since:
2006-12-30

The only maintence for vista/xp i noticed are Vlite and Nlite where the user has to cut out insecure things and basiclly alter the system/change its purpuse. Mighthaps even use windows embedded Minlogon.exe for Velocity

Reply Parent Score: 1

RE: True
by Duffman on Tue 1st May 2007 09:46 in reply to "True"
Duffman Member since:
2005-11-23

The issue is that apple and their minions are so arrogant.

No the real issue is that you are comparing the brand new Microsoft OS with the old Apple's one. Wait Leopard with all the new security stuff, then we will see.


Anyway I don't give Vista a year to get a *lots of security hole*.

Reply Parent Score: 2