OSNews

It's the difference between theory and practice. In theory, Windows should be more secure because it has all those fancy features and Mac OS X does not. However, out in the real world, Mac OS X obviously has a much better track record.

No, I don't think that's it at all. I think the Security of the operating system is better in OSX, so because of that they have a false sense of security which is why there aren't as many preventative measures. Windows just flat out sucks and every one including the programmers sort of know that, so they beef up the primary line of defense with all of these preventative measures.

In the extreme it would be like complaining that Chicago is less hurricane ready than New Orleans, because Chicago doesn't have any hurricane related building codes,or any levee's.

In reality the situation isn't quite that disparate. Osx really should add those prevention measures.

Only because no-one care.

On what grounds is BSD the most secure OS, and more to the point Apple???

Unbelievable. Here is an interview with a guy who is most definitely a better programmer than pretty much anyone on OSNews, who has been doing this longer than any of us. In this interview he says "OSX is unsecure, there are almost no hurdles to jump through to take control of a system" and you say that Apple has the most secure desktop. Are you really that delusional?

At least the Windows folks can admit that it's got security issues. Apple fanboys are a rare breed, and for them to make claims like the one above is just flat out ignorance.

The BSD's, and OpenBSD in particular, have had very few remotely exploitable bugs in a default install. IIRC, OpenBSD has only had two in over ten years now.

OpenBSD had those security features first, but OS X has relatively few of them; Unix does not have the same level of security for all it's variants, and in fact, other than the fact that you don't run as root most of the time, Unix is not all that secure an operating system unless the flavor adds additional security features and run secure programs. (Note how many remote root security bugs there were in sendmail(1) for example, running on the typical non-OpenBSD *BSD.) Oh well, at least Safari isn't in the kernel and used throughout the OS by programs via DLLs like Internet Explorer, if it was, OS X would *really* be in trouble.

Not true. There's a lot of difference if operating systems provide some kind of protective measure or not.

In facts, Miller didn't say Safari is weaker than IE. If you took time to read the article, he said that EVERY BROWSER has holes and bugs.

However, while Windows (to name one) has developed some kind of protective measures to mitigate bugs and security flaws, OS X didn't. And of course that matters. He also joked about the fact that if you want fast cash, you can just concentrate on Safari on OS X.

If I was a OS X user, I would take his words in a serious way, demanding Apple to introduce all those protections other OSes enjoy. He has a good example: Firefox on Windows is very hard to break while the same software on OS X was very easy to break.

For the records, he also stated that he considers Chrome architecture a very good starting point. The fact that Safari (which he considers the weakest) and Chrome (which he considers the strongest) share the same rendering engine is a good proof of what many people say: being open-source doesn't automagically mean secure.

Kudos to Google guys, whose first browser is already a very strong implementation (and you guys know that I'm a IE user...)

I didn't realize Safari was open source. If Chrome is very good and shares the same back end rendering engine as Safari and FOSS does not "automagically" mean it is more secure; is your point that Safari is open source or that the closed source wrapped around what is apparently a solid secure rendering engine is broken?

Granted, no source is going to magically be of high quality. Peer review helps quite a bit though and I don't think that's something Safari gets and definitely not something osX gets.

Someone mentioned OpenBSD in a previous comment though...

Umm, I don't know what version of Mac OS X you are using but according to Apple's own documentation they implement sandbox, ASLR technology, encrypted swap file and I'm sure many others people can mention. I am sure your post was due to a lack of information rather than a malicious attempt to create a flame war based on spreading false information.

You talk about features but applications written to run on top of that operating system have to take advantage of those features. The operating system can provide all the most wonderful features in the world but if the application vendors don't use them then it is an exercise in futility trying to point the finger at the operating system vendor when it is the application vendors fault.

Back to the Safari issue; Apple make the operating system and the browser; there is no excuse as to why Apple has not used ASLR and Sandbox technology with their own products. Unless Apple takes the lead in the implementation and use of technologies in their own software then its going to be difficult for them to convince vendors to do the same.

Oh, and the reason why Apple doesn't force the said technologies onto all software is because it will break compatibility - something people on OS News for ever whine about when it comes to their operating system upgrades and expecting their ancient and decrepit software to continue running without fault.

[quote]Umm, I don't know what version of Mac OS X you are using but according to Apple's own documentation they implement sandbox, ASLR technology...[/quote]

hmm.., no
Apple introduced in Leopard incomplete ASLR by refusing to randomize the location of the code, stack, and 32-bit executables don't have heap-execute protection
only thing they did in Leopard is limited to library randomization

And most OS X apps are still 32-bit