Linked by Thom Holwerda on Wed 16th Sep 2009 14:56 UTC
While Snow Leopard includes some improvements in the area of security, noted security researcher Charlie Miller, winner of two consecutive "Pwn2own" hacker contests and co-author of The Mac Hacker's Handbook, concludes that Apple missed the boat on security in Mac OS X Snow Leopard. "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," Miller said.
Thread beginning with comment 384443
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Comment by MonkeyMagic
by Teknoenie on Wed 16th Sep 2009 20:38
in reply to "Comment by MonkeyMagic"
Member since:2007-06-07
This has nothing to do with the number of attacks on Windows or the lack thereof on OS X, it's Apple apparently failing to take security as seriously as they should. Since Leopard had a half-assed implementation I thought SL was bound to do it properly.
As was stated in a previous comment, Apple has taken security seriously. They've made strides to protect their binaries and libraries the stack and heap, etc. Even with all of the security mechanisms in place the system is able to be compromised. Adding further ASLR while beneficial of course, is not a magic bullet, nor does it mean that Apple does not take security seriously. They could have done it. I'm sure there are also valid technical reasons why they chose not to. Keep in mind that with much tighter security mechanisms available in Windows for years Windows systems have still been subject to compromise. Besides, the user is a far weaker link in the security chain and also a much larger and more likely target than the OS.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2009-09-16
I think SL is a great upgrade and I'm looking forward to developers taking advantage of GCD & OpenCL but I was deeply disappointed that Apple didn't fully implement ASLR. I found it hard to find information about this since SL was released so I'm glad Charlie Miller has chimed in.
This has nothing to do with the number of attacks on Windows or the lack thereof on OS X, it's Apple apparently failing to take security as seriously as they should. Since Leopard had a half-assed implementation I thought SL was bound to do it properly.
Why do so many Mac users when confronted with a perfectly valid criticism of OS X go into denial and start attacking Windows. WTF does a flaw in the underlying security model of OS X have to do with Windows? Just because hackers are seemingly uninterested in talking advantage of it at the moment, it doesn't mean that they won't in future. It's a real problem that Apple needs to address. I live in hope they'll do it in a point release for SL.