Security experts mock Mac security
FOR AGES Apple has been peddling its Macs as being more secure than PCs simply because hackers could not be bothered targeting them.
However according to MSNBC the recent Black Hat security conference in Las Vegas has been dicing and slicing the Mac's reputation for security with a number of exploits found in Apple's hardware and software.
Dino Dai Zovi disclosed a software flaw that hackers could use to take control of Macs and steal data that is scrambled to protect it from identity thieves.
The show has also been bad news for Iphone users, which were told that Apple's encryption is a joke and that the Jesus phone could be broken into by someone sending you an SMS.
The show was told that if Macs gain market share there will be a danger that hackers will start having a look under the bonnets of the machines. If they do, they will find it pretty easy to defeat them, presenters said.
Dai Zovi, who is the co-author of "The Mac Hacker's Handbook," said that once hackers start to put substantial resources into targeting Apple's computers, they will be at least as vulnerable as Windows machines.
He said that there is no magic fairy dust protecting Macs, despite the belief of Apple's fanboys that Steve Job's aura is the only anti-virus protection you need.
Charlie Miller, co-author of "The Mac Hacker's Handbook," said that the Mac OS will be easier to crack than Windows because it is bigger and less concisely written. This means that there is more room for vulnerabilities and bugs.
Another problem is that Apple has learned nothing from Microsoft in dealing with exploits. Microsoft has changed its attitude to start fixing exploits quickly. However Apple still goes through a phase of denying that problems exist before it looks at them.
For example, the aforementioned bug in the Iphone operating system has been known to Apple for weeks but so far it has done nothing about it.
It has however released security patches to thwart jailbreaking software and prevent Palm from using Itunes, which indicates Apple's priorities. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Someone selling a book on hacking Macs says it's a bigger problem than we though. Well that's a shock!
I don't own a Mac and have only used them a little but I'd say they were more secure than Windows, which isn't saying a lot.
As for Windows code being written more concisely, that had most of the office laughing.... So thanks for that at least.
Although the style of writing of the article may put you in a defense, the writer never suggested that Windows code is written more concisely but rather that MS tries to respond to exploit discoveries in a rapid way. Apple does not address the issues fast enough.
To this day (and to my knowledge), Apple has not provided any concrete data on why its systems are supposed to be more secure. A specific software architecture? A specific testing procedure, coding style, what is it that makes OSX more secure? Claiming that a closed source software is more secure is a little bit vague if you cannot back your claims with some reasoning. Just because OSX server installations are so few and the Mac community so small comparing to the PC market, that noone finds a meaning in dealing with is no reason to brag about security.
Uh, no ...
"... said that the Mac OS will be easier to crack than Windows because it is bigger and less concisely written..."
He's saying that Windows IS more concisely written. If Mac OS is less concisely written [than Windows] then the proper inverse is Windows is more concisely written [than Mac OS].
Matt, and his workmates, are laughing for all the right reasons.
Strictly speaking, it's only Charlie Miller the source cited by the author that claims Windows is concisely written, laughable though that most probably is...
Macs are more secure for one reason: a proper user/administrator model. With Windows, the main user typically runs in administrator mode all the time and that leaves them vulnerable. Also, code can't simply run on its own in OS X like it can in Windows. I'm sure someone crafty enough will come along and find a way, but for now, you have to actually launch the application to cause the infestation. If you're not 100% sure about it, don't launch it.
Aside from that, anything can be exploited. Macs, Linux, and Unix have security through obscurity. They're not tested. But, who cares? I'll take that over having to deal with the constant barrage of exploits anyday.
"He said that there is no magic fairy dust protecting Macs, despite the belief of Apple's fanboys that Steve Job's aura is the only anti-virus protection you need."
He really said that? Where is his quote?
Ridiculous.
While Nick bashes Apple every chance he gets it does not necessarily mean Apple should be given a free ride all of the time. Let me make a few assertions:
1) Windows Mobile, Android & Apple IPhone OS are all susceptible to same SMS exploits per the "black hat" that reported it.
2) You can't stop stupid. If you allow a user to have the capability to install software than there is nothing you can do to prevent a system from being taken over. While, on some systems, you can theoretically prevent any running or installation of malware on a locked down user Windows has shown us that there is potential to run said code anyway. Thankfully, as a convert to Macs, I have not heard of any occurrence of this happening.
3) Mac OS is based on FreeBSD just as NeXTOS was based on BSD. Linux is based on UNIX. Over the years there has been a great deal of work to normalize the *BSD & *UNIX worlds. As a result, an exploit in the core of one can potentially affect another. (Yes, I do know this is a broad generalization. It is the concept that important not so much the details.)
4) OS X being based on FreeBSD, OS X being the only *BSD system to be a certified UNIX compliant OS that I am aware of by the way, has MANY of the same vulnerabilities that any other *BSD/*UNIX system has... Most of the OS user-space is made up of software not coded by the corporate owner itself. Due to the sheer amount of 3rd party code it is possible that the actual attack vector is not the OS itself by the 3rd party user-space code running on any given system. Anything that exploits ssh on linux/*bsd/etc could very well exploit an OS X box as well.
4) As for the quality of the code between Windows & OS X... I will only say that NeXTOS/NeXTstep was widely regarded as an extremely well designed OS. The vast majority of said code & design was used to create OS X. Think of OS X as NeXTstep r7
Really weird to think that mac users are more protected cause their so called system has better security. All I can say is that give the oportunity to "hackers" and these people will find open holes...that i can promise you.
Just for your own information thats what happened to Microsoft OS anyway. The bigger they got, there the first to be picked on.
MSNBC should be renamed MSFUD
The reason Mac OS X is so secure has to do with a 40 year old technology... you may have heard of it it's called UNIX.
The very structure of UNIX based operating systems means the kind of security issues that Windows gets is not able to occur because of the user model as mentioned in a previous comment.
Yes people can hack into the Apple only code but that is largely secret make it more difficult to actually hack than the open source aspects.
Many of the hacks seem to target open formats like JPEG, GIF, MOV, AVI so aren't even really specific to the Mac or they target the open source side of things which Apple doesn't really have control over because the developers of those specific apps need to ratify any changes Apple may provide to fix issues meaning Apple needs to wait until the fixes are provided by the open source community before they can update their systems and that's only after they've checked that those updates don't break anything in Mac OS X.
Microsoft keeps all its cards to its chest therefore it is solely THEIR responsibility to fix issues in their OS. Those security issues are all their own making so this is why it seems Microsoft is being more active with regards to security than Apple.
The point is that Macs' security is largely unproven. Microsoft has had a giant target painted on it for years, and hence has attracted a lot of attention from the hacking community. As far as the brevity of the code, I would imagine that Windows is considered more concise as it is entirely scripted in-house, as opposed to the bolt-onto-open-source method that is more along the lines of how OS X works. Actual volume of code isn't the point: extra bits and potentially loose ends is. That's not to say that Windows is not full of spaghetti, just that it's not inherently full: Gate's minions came up with that all on their own.
Laughing for all the right reasons? There is no armageddon coming for Mac: It's already here. Most of the destructive script-kiddie attacks made so easy on a Windows Machine won't be duplicated on Macs - which to be honest is bad news for Apple. It doesn't mean that they will attract only the most dedicated, highly skilled hackers goverments and crime syndicates can affort - it means they already DO attract them.
You machine is probably root-kitted (the concept of which is from UNIX) and you have NO idea. The Ninja Hackers want it that way.
For every script kiddie that drops his load exloiting a PC, Microsoft is 10% safer from the hacking that matters.
Sad, but true.
PC pushers believe both Mac and Windows users have both left their homes unlocked, but Windows users keep getting burgled because they live in the city. Mac users just live in the small town where there is no crime.
The reasons don't really matter, and the claim that PCs are just as secure (or insecure) as Macs is not worth arguing about.
We don't lock our doors because neither we nor anyone else we know have ever been burgled. Let me know when it actually happens...
I am not spending a nickel on anti-virus until there is an actual verified epidemic. There have been a hundred of these scaremongers selling iron bars and Alarm systems for years. They have cried wolf too often for me to listen.
Hiram said... "We don't lock our doors because neither we nor anyone else we know have ever been burgled. Let me know when it actually happens...
I am not spending a nickel on anti-virus until there is an actual verified epidemic."
Hiram, can I have your address? And IP address too?
It's deja vous all over again!
You can have mine if you want, my mac has a firewall. And so does my Win7 box.
This is how it works:
1) Take the safest GUI based OS (Mac OS X), based on the two safest CLI OSes, (OpenBSD and FreeBSD) and motivate the developer (Apple) to make their OS even safer. How? FUD! (Fear, Uncertainty and Doubt).
2) The developer, (Apple), is shamed into exponentially increasing their attention to OS security.
3) Everybody wins!
This is exactly what is happening right now. Dr. Charlie Miller and friends are to be THANKED for spewing venomous FUD about Mac OS X and dissecting out every little security vulnerability they can find.
Perspective: If people bother to follow the security situation currently going on with Windows, yes including 7ista, aka Vista Service Pack 7, they will be horrified. The 'mocking' going on regarding Mac OS X is a mere whisper compared to the cacophonous screaming going on right now regarding the bad security continuing ever onward in Windows.
Yes, the 'mocking' is BS, not deserved, makes us all feel oh-so-sad-boo-hoo. But the results from this hyper-analysis of flaws in Mac OS X is an absolutely brilliant GOOD THING. Reap the rewards!