Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Thread beginning with comment 478534
To read all comments associated with this story, please click here.
A few counterpints
by someone on Sat 25th Jun 2011 09:18 UTC
someone
Member since:
2006-01-12

OS X has supported ACL since Tiger, and Leopard brought in sandboxing. The pieces are there, but these facilities are under-utilized by Apple and 3rd party developers.

Edited 2011-06-25 09:25 UTC

Reply Score: 2

RE: A few counterpints
by someone on Sat 25th Jun 2011 09:24 in reply to "A few counterpints"
someone Member since:
2006-01-12

The fact that they are inviting Charlie Miller and others to review Lion suggests to me that they have at the very least addressed the security flaws that were repeatedly commented upon by those individuals. Otherwise, why bother?

Edited 2011-06-25 09:33 UTC

Reply Parent Score: 3

RE[2]: A few counterpints
by Kroc on Sat 25th Jun 2011 09:36 in reply to "RE: A few counterpints"
Kroc Member since:
2005-11-10

Because it's good PR?

Reply Parent Score: 3

RE: A few counterpints
by l0ne on Sat 25th Jun 2011 10:14 in reply to "A few counterpints"
l0ne Member since:
2006-11-25

Things will get even better in Lion in regards to sandboxing.

Reply Parent Score: 1

RE: A few counterpints
by bassbeast on Sat 25th Jun 2011 17:29 in reply to "A few counterpints"
bassbeast Member since:
2007-11-11

But according to TFA Macs are boned with regards to DEP, ASLR, and process isolation, so how can anyone call it anything but insecure? Because despite the myth that the reason Macs fall first in pwn to own is because the hackers want the pretty MBPs (Protip: The one that drops ANY machine first gets TEN GRAND so dropping the Mac because it is prettier and risking 10k in prize money would be stupid and those guys ain't dummies) time and time again it is the Macs that drop first, and thanks to DEP, low rights mode, and ASLR I've seen the infection rate of my Windows customers drop like a stone since Win 7.

Add to this the behavior of Apple management with their "Don't say malware and don't help the customer" Applecare behavior and frankly currently it doesn't look good. The weird part, the part that has me scratching my head, is how exactly the "RDF" thing works. I've had long arguments with Mac owners that swear that "Trojans don't count" as the user has to interact with the machine for the infection to spread (ignoring the fact the latest Mac Defender doesn't need interaction nor that despite all their Windows jokes the vast majority of Windows infections are Trojans which they claim don't count) and frankly I honestly don't get it.

Look if you want to spend top dollar because you like the Apple design philosophy? Cool beans I don't blame you, having ridden in one I can say Ferrari is damned nice ride though I can't see spending that kind of money, but I'd argue the "Macs don't get bugs" meme is officially dead. From the DNS changer to Mac Defender it is pretty obvious by now a lot of what kept Macs safe was security by obscurity and thanks to the iPad that simply isn't the case anymore.

There is blood in the water with regards to Macs and now the sharks are coming. From the looks of thing DNS Changer and Mac Defender are only the beginning, and the question is if Apple is gonna take a hard core stance when it comes to locking down OSX or are they gonna end up going with a walled garden app store approach where the user simply can't install non approved software without jailbreaking. Sadly i'm betting on the latter as Apple has found the app store to be a giant cash cow so switching OSX to a strict app store model not only absolves them of responsibility (I'm sorry but you installed software that was unapproved, you should have stayed with the app store) but will make Apple another giant mound o' money as well.

Reply Parent Score: 6