Get APLawrence.com by RSSOS X Security
Apple Mac is a growing security risk. That theme has been popular recently. Mac's probably are a growing security risk (as opposed to Microsoft, which has a mature, fully grown security risk), but I doubt this baby is ever going to match Microsoft's size.
First of all, Apple doesn't have the mess of code Microsoft has. OS X threw away backward compatibility in the interests of a new OS, and that's something Microsoft has never had the luxury of doing. Old features have to be accommodated in Windows, and that makes the OS bigger and more confusing. OS X is far from lean and mean, but it doesn't have to carry the baggage Windows OSes have.
Secondly, OS X has a Unix security model. A lot of Windows security problems would be completely avoidable if people weren't running wth Administrator rights. This isn't an OS issue; it's just what common practise is and common practise on Windows creates a more dangerous environment.
Finally, I think Microsoft is more universally disliked than anyone else. That they have been extraordinarily greedy and unprincipled is something even their staunchest supporters won't deny. I have no illusions that Apple wouldn't play just as dirty if they could, but they really haven't had the opportunity to be a nasty bully very often, and therefore haven't attracted nearly as much dislike and disgust. I therefor suggest that more people are looking for Microsoft exploits and may be less likely to be helpful by sharing them with the white hats.
On the other hand, it's all but certain that Microsoft has employees actively searching for OS X exploits in order to help cast mud at the perception of better security. However, that strategy isn't so great: the exploits don't do much good as mud unless you make them public (through other channels, of course), but that helps Apple debug its code, making the OS better.
Overall, I just don't see OS X or Linux attaining the heights of Microsoft insecurity. That's not saying there will not be more problems, and some could be serious. I just don't see it getting as bad as Microsoft.
Technorati tags: Mac+OS+X Security
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 12 | 43 | 478 | 2,991 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $48.00 yearly!
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
http://bcstechnology.net Full service Linux & UNIX systems integrator; Windows to UNIX/Linux Client-Server Specialist; Secure E-Mail & Website Hosting; Thoroughbred Software Developer; Custom Industrial Automation; Hardware & Electronics Experts; In Business Since 1985.
- Nov 20 15:45
Ayup, logged out of Gmail, came back in and "Themes" was in "Settings.. I like the "default" but "Minimalist" tempts me also. - Nov 20 15:42
My google account doesn't have a "Themes" option yet but it did *change* its theme suddenly.
Related Posts
Tue Apr 25 23:53:42 2006: Subject: drag
I think that as a corporate culture Apple may be more evil then Microsoft. Although their brands of evil probably differ. Microsoft certainly has more capability for evil then Apple, they are just very good at it and very good at getting away at it. Apple isn't so smart.
So I figure Apple is a sort of 'Indian Burn' or 'Atomic Wedgy' sort of evil. Microsoft is a more of a 'doctor evil' sort of comic book 'super genius' sort of evil.
:-P
Apple expresses it's evil in the way that they have designed itunes and DRM restrictions into the hardware and software and purposely change their formats to lock out compatable, but not licensed, software and hardware. If you buy itunes you have to use Apple's approved hardware and Apple's approved software to get the most out of it. Also how Apple is perfectly happy suing their own fanboy's for posting leaked items on the internet.
What is especially amusing is that their lawyers are using the same tatics against to argue against the first amendment of the U.S. constitution that anti-gun people's used to weaken the 2nd amendment.
That basicly, people posting to news sites don't have the same legal rights and protections that people writing articles in newspapers do. That 'bloggers' on news websites can't be 'journalists', that 'freedom of the press' only applies to those that own presses. Or something like that.
(Thanks Apple; we needed this like we need another hole in the head. (of course this would of happenned eventually anyways from some other company))
As far as OS X vs Windows security goes a normal computer person, like me, will probably still find it impossible for me to fully compare the relative security of the operating systems.
You know why?
Because apparently it's Microsoft's company policy not disclose flaws found in it's software that it discovers internally. That Microsoft will release patches to software without telling people what exactly these patches do. That as a administrator or software vendor will never be able to accurately tell if this or that patch is nessiciary for security. So if you can't apply a patch because it breaks a part of your software, you can never be sure that your not leaving a security hole open on your OS.
Of course hackers have no problem. They reverse engineer every patch that comes out of Microsoft to figure out what it does. So they'll know exactly what sort of security-related items MS fixed lately.
Microsoft admits to hiding details on patches..
http://www.microsoft-watch.com/article2/0,1995,1949442,00.asp?kc=MWRSS02129TX1K0000535
http://www.eweek.com/article2/0,1895,1951186,00.asp
Microsoft is much slower at fixing problems it discovers internally versus stuff disclosed by third parties.
http://www.washingtonpost.com/wp-dyn/content/article/2006/01/14/AR2006011400218.html
In 2005 a average of 46 days to external items versus 134 days for internally discovered problems.
Back in 2001 Scott Culp argued against full discolsure (as in posting sample exploit code) in issueing security patches and bullitens. That it's nessicary to hide the facts to prevent malicious people from taking advantage of the information in order to attack clueless users.
( Of course we all know that since a patch is closed source it is impossible for people to reverse engineer it. noooobody is that smart! :-/ )
http://news.com.com/2008-1082-275588.html
http://attrition.org/security/rant/z/ms-disclose.html <-- good stuff
Of course I can't find a trace of his essay anywere on Microsoft's website. The links to it are broken and I can't find it in google or the Microsoft website search.
All I can find is interesting quotes:
"It's high time the security community stopped providing the blueprints for building these weapons. And it's high time that computer users insisted that the security community live up to its obligation to protect them."
-- Scott Culp, manager for Microsoft's security response center. 2001
Nice one there.
Wed Apr 26 10:08:00 2006: Subject: TonyLawrence
Thanks, Drag: As is so often the case, your comments are more interesting than the original post.
I'm not sure I'd fault Microsoft (or anyone) for putting more effort into patching externally discovered problems. After all, those are "known", so have more potential for being exploited and used - it probably makes sense to work on those sooner rather than later.
I'm not sure how I feel about releasing/not releasing security exploits. It's definitely not black and white, and I find myself leaning one way sometimes and the other way the next time. I have similar ambivelance concerning Apple's blogger suit: : I don't like suing bloggers but I understand their desire to protect their ip.
Add your comments