Get APLawrence.com by RSS(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Home > Mac OS X Articles > OS X Security
Printer Friendly Version
Apple ® section
OS X Security
Apple Mac is a growing security risk. That theme has been popular recently. Mac's probably are a growing security risk (as opposed to Microsoft, which has a mature, fully grown security risk), but I doubt this baby is ever going to match Microsoft's size.
First of all, Apple doesn't have the mess of code Microsoft has. OS X threw away backward compatibility in the interests of a new OS, and that's something Microsoft has never had the luxury of doing. Old features have to be accommodated in Windows, and that makes the OS bigger and more confusing. OS X is far from lean and mean, but it doesn't have to carry the baggage Windows OSes have.
Secondly, OS X has a Unix security model. A lot of Windows security problems would be completely avoidable if people weren't running wth Administrator rights. This isn't an OS issue; it's just what common practise is and common practise on Windows creates a more dangerous environment.
Finally, I think Microsoft is more universally disliked than anyone else. That they have been extraordinarily greedy and unprincipled is something even their staunchest supporters won't deny. I have no illusions that Apple wouldn't play just as dirty if they could, but they really haven't had the opportunity to be a nasty bully very often, and therefore haven't attracted nearly as much dislike and disgust. I therefore suggest that more people are looking for Microsoft exploits and may be less likely to be helpful by sharing them with the white hats.
Inexpensive and informative Apple related e-books:
the Mac Command Line with Terminal
Buying a Digital Camera
Apple Mail in Tiger (Leopard version also available)
Troubleshooting Your Mac
Users & Accounts in Panther (Leopard version also available)
On the other hand, it's all but certain that Microsoft has employees actively searching for OS X exploits in order to help cast mud at the perception of better security. However, that strategy isn't so great: the exploits don't do much good as mud unless you make them public (through other channels, of course), but that helps Apple debug its code, making the OS better.
Overall, I just don't see OS X or Linux attaining the heights of Microsoft insecurity. That's not saying there will not be more problems, and some could be serious. I just don't see it getting as bad as Microsoft.
Technorati tags: Mac+OS+X Security
If this page was useful to you, please click to help others find it: Your +1's can help friends, contacts, and others on the web find the best stuff when they search.
More Articles by Anthony Lawrence - Find me on Google+
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Buy Kerio from a dealer who knows tech: I sell and support
Kerio Connect Mail server, Control, Workspace and Operator licenses and subscription renewals
Click here to add your comments
Tue Apr 25 23:53:42 2006: drag
I think that as a corporate culture Apple may be more evil then Microsoft. Although their brands of evil probably differ. Microsoft certainly has more capability for evil then Apple, they are just very good at it and very good at getting away at it. Apple isn't so smart.
So I figure Apple is a sort of 'Indian Burn' or 'Atomic Wedgy' sort of evil. Microsoft is a more of a 'doctor evil' sort of comic book 'super genius' sort of evil.
:-P
Apple expresses it's evil in the way that they have designed itunes and DRM restrictions into the hardware and software and purposely change their formats to lock out compatable, but not licensed, software and hardware. If you buy itunes you have to use Apple's approved hardware and Apple's approved software to get the most out of it. Also how Apple is perfectly happy suing their own fanboy's for posting leaked items on the internet.
What is especially amusing is that their lawyers are using the same tatics against to argue against the first amendment of the U.S. constitution that anti-gun people's used to weaken the 2nd amendment.
That basicly, people posting to news sites don't have the same legal rights and protections that people writing articles in newspapers do. That 'bloggers' on news websites can't be 'journalists', that 'freedom of the press' only applies to those that own presses. Or something like that.
(Thanks Apple; we needed this like we need another hole in the head. (of course this would of happenned eventually anyways from some other company))
As far as OS X vs Windows security goes a normal computer person, like me, will probably still find it impossible for me to fully compare the relative security of the operating systems.
You know why?
Because apparently it's Microsoft's company policy not disclose flaws found in it's software that it discovers internally. That Microsoft will release patches to software without telling people what exactly these patches do. That as a administrator or software vendor will never be able to accurately tell if this or that patch is nessiciary for security. So if you can't apply a patch because it breaks a part of your software, you can never be sure that your not leaving a security hole open on your OS.
Of course hackers have no problem. They reverse engineer every patch that comes out of Microsoft to figure out what it does. So they'll know exactly what sort of security-related items MS fixed lately.
Microsoft admits to hiding details on patches..
http://www.microsoft-watch.com/article2/0,1995,1949442,00.asp?kc=MWRSS02129TX1K0000535
http://www.eweek.com/article2/0,1895,1951186,00.asp
Microsoft is much slower at fixing problems it discovers internally versus stuff disclosed by third parties.
http://www.washingtonpost.com/wp-dyn/content/article/2006/01/14/AR2006011400218.html
In 2005 a average of 46 days to external items versus 134 days for internally discovered problems.
Back in 2001 Scott Culp argued against full discolsure (as in posting sample exploit code) in issueing security patches and bullitens. That it's nessicary to hide the facts to prevent malicious people from taking advantage of the information in order to attack clueless users.
( Of course we all know that since a patch is closed source it is impossible for people to reverse engineer it. noooobody is that smart! :-/ )
http://news.com.com/2008-1082-275588.html
http://attrition.org/security/rant/z/ms-disclose.html <-- good stuff
Of course I can't find a trace of his essay anywere on Microsoft's website. The links to it are broken and I can't find it in google or the Microsoft website search.
All I can find is interesting quotes:
"It's high time the security community stopped providing the blueprints for building these weapons. And it's high time that computer users insisted that the security community live up to its obligation to protect them."
-- Scott Culp, manager for Microsoft's security response center. 2001
Nice one there.
Wed Apr 26 10:08:00 2006: TonyLawrence
Thanks, Drag: As is so often the case, your comments are more interesting than the original post.
I'm not sure I'd fault Microsoft (or anyone) for putting more effort into patching externally discovered problems. After all, those are "known", so have more potential for being exploited and used - it probably makes sense to work on those sooner rather than later.
I'm not sure how I feel about releasing/not releasing security exploits. It's definitely not black and white, and I find myself leaning one way sometimes and the other way the next time. I have similar ambivelance concerning Apple's blogger suit: : I don't like suing bloggers but I understand their desire to protect their ip.
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar