Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Thread beginning with comment 478649
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Just another article
by Alfman on Sun 26th Jun 2011 09:38 UTC in reply to "RE[7]: Just another article"
Member since:


"When you have thousands of legacy applications lying around which were never designed for a sandboxed environment in the first place, patching that huge mass of code until it works, like Linux distros which use SElinux or AppArmor try to do, is quite a challenge."

Well this is a given. And it's made all that much more confusing due to the fact that between posix user/group/other bitmasks, ACLs, SeLinux/AppArmor, and NFS shares, the access rights can be totally contradictory. There's just no practical way to determine access rights under linux without actually testing them. The gnome file browser (along with nearly 100% of tools) doesn't even display ACL. I don't think *nix will ever recover from it's POSIX roots.

When I was a windows admin, I never had this problem even with complex DFS file systems across servers.

I'm curious about what MacOS does.

Reply Parent Score: 2

RE[9]: Just another article
by Neolander on Sun 26th Jun 2011 09:43 in reply to "RE[8]: Just another article"
Neolander Member since:

I think I've read somewhere that MacOS X only offers sandboxing as an optional extension for developers to use. People choose to put themselves in the sandbox, so to speak. If you don't use the sandbox, OS X behaves like a normal *NIX

So fully switching to a sandboxed model on OSX would be about as painful as it is on Linux, though with the difference that a large part of the libraries used by OSX developers are under Apple's control. It might help a bit.

Edited 2011-06-26 09:55 UTC

Reply Parent Score: 1