Linked by Thom Holwerda on Wed 16th Sep 2009 14:56 UTC
While Snow Leopard includes some improvements in the area of security, noted security researcher Charlie Miller, winner of two consecutive "Pwn2own" hacker contests and co-author of The Mac Hacker's Handbook, concludes that Apple missed the boat on security in Mac OS X Snow Leopard. "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," Miller said.
Thread beginning with comment 384442
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-02-12
EVEN Charlie Miller says that these are more theory than practical exploits as far as real-world exploits are concerned "...still think you're pretty safe [on a Mac]," Miller said, "I wouldn't recommend antivirus on the Mac."
Ok then by this reasoning Linux is less secure than XP & Vista? Or just Vista. This is all fairly OR even unfairly biased because we as intellectuals or technicians or even just consumers will wish to believe that our choices are good and sound in logic and implementation. So while clearly and easily stated both Vista and OS X default security options are far better than XP or Windows 2000, but just because there is a possible better solution to a problem on the Mac OS that is not being used does not make the Mac OS insecure.
The real culprit is not the OS it is the casual 'tinkerer' who diddles in the control panel (or .conf files) thinking that they know what they are doing and then call one of us (my techie friend) asking how their system got hosed. I said it in 10.2, 10.3, 10.4, 10.5 and thought I was tired of saying it - on and on "do not stay logged in as an Admin - Do not stay logged in as the Owner" (Owner is a member of Admin and Wheel group). Yes I know my Admin password when I need it. I can enter it when I need to it is not cached anywhere. That shuts down what? >= 95% of strange vectors. If I am not logged in as Admin/Wheel group 24/7 or when browsing 'suspect' sites in the default browser with Safari set to 'open safe files' that the user downloaded... then my chances of getting Pawned are really low. AND because I was logged in as a plain user then the 'exploit' only has the same rights as a plain user.
I will start to worry about it when my users start to ask me. Until then this is not really news it is just an opinion. it could just as easily read... (when used incorrectly) "...Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7"
ALSO I have run Vista since January 2008 just about daily with no malware. And I have run many versions of OS X since 2000 with not even the hint of malware. (AND it is still a Royal Pain to keep patched) The Mac is well known for ease of use - getting out of the user's way (no popups or 'wizards' etc) so if Some version of Photoshop[k] or any other app asks me for my admin password I sort of believe that I will notice it. When I have to use XP I am always amazed that I can hit 'return/enter' when logged in as an admin and the system just assumes that I am 'me'/authorized to do whatever. That is not the case in any Unix or Unix-Like os that I have observed. The fault is GENERALLY with the user.