Apple security under attack: The view from Windows

The blogosphere is abuzz over the latest Black Hat presentation exposing the security holes of Apple's Mac OS X. The upshot is that Microsoft Windows, in comparison, does a better job of protecting its users, especially against network protocol attacks. A proof-of-concept hack shown at the Black Hat security conference involved plugging one rogue Mac computer into an enterprise network, where it was soon able to gather the authentication credentials of all the other Macs in the environment.

In my world (I'm a principal security architect for Microsoft), this is no big surprise. Macs have always been far more vulnerable to hacker assaults than Windows computers, by almost every metric that means anything. Yes, Macs do have far more software vulnerabilities than Windows computers. If you don't believe me, go to any vulnerability database (I like Secunia's advisory database) and compare any operating system or application from Apple and Microsoft, head to head, over the same time period during the last five years. Most people are absolutely shocked to see that Microsoft software in general, and Windows in particular, has suffered far fewer vulnerabilities than Apple software and Mac OS X.

But even pure vulnerability numbers don't paint the whole picture. Among the leading OS vendors, Apple has been the last to implement nearly every important security protection. Apple was last to implement anti-buffer-overflow memory protections. Apple was the last to implement address space layout randomization (ASLR). Apple was the last leading operating system vendor to offer full disk encryption (in the recently released Mac OS X Lion). Apple is also typically the last among these vendors to patch software bugs, sometimes months after they become publicly known.

And it came as no surprise when Dmitry Sumin, president of Password Inc., told me last week that Apple's Mac OS X Lion was the only popular operating system to store login passwords in plain text in memory.
<snip>

http://www.infoworld.com/t/hacking/apple-security-under-attack-the-view-windows-169586

Unless you own their stock, I suppose.

all make a killing by simultaneously exploiting their customers' fears and ignorance. Who can prove 'em wrong?

One might expect that "view form Microsoft", but here's a slightly more objective one:

"Major overhaul makes OS X Lion king of security

With Wednesday's release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.

Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.

The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn't interfere with other OS features."

http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

:evilgrin:
I'm forced to use Wind'ohs at work, but at home it's happily been all Mac & Linux for several years now. I still have notebooks full of incomprehensible feverish scribblings jotted during the lost weekends when I had to restore my old home Windows system from crashes. <shudder> Those weren't generally security related (although a virus did get me once) -- more often the result of sticking with Windows 2000 longer than I should have.

I'm sure recent versions of Windows are much more secure -- and I don't pretend OS X is immune, so I do use antivirus software and keep it up to date, just in case.

Thanks for the article. This reminds me, I need to upgrade to Lion asap!

Apps (no more Rosetta); Adobe mostly, lost use of my Photoshop (will cost $200 to upgrade). Also lost use of my USBConnect card, but bought a portable router and it works great that way, now. No other bugs that I can see. Realize that it may cause your fan to run and your computer to get hot while it indexes. People have complained about this because they didn't know what was going on.

Interesting stuff here: http://www.businessinsider.com/should-you-buy-mac-os-x-lion-2011-8
Great slide show overviews. Each article leads to another article so read them all. What's new to Lion, What Lion killed, etc.

What you're describing sounds like the "manic hard drive" chatter which PCs have always produced...ugh. Not looking forward to that.

It's supposed to optimize the functionality of Lion. We'll see how it goes.

I got in trouble doing that as a kid :D

but the most naive? This is just the latest and most desperate attempt of MS to stop the bleeding.

"who could possibly be offended by corporate propaganda.."

I imagine the ones who are duped by the 21st century cover of the 1980's cola wars would be offended too-- or at least feign cynical indifference to better validate their own buying habits. Seems both sides have their coterie of purchasers who rush out to defend even the smallest slight against their preferred manufacturer.


You appear to be a Pepsi fan... :shrug:

One example is the term "fanboi" and another would be the use of the term "woo."

It just don't get it. To me, that type of thing is right up there with using other pejoratives.

"What is it with some types of folks and their need to label and denigrate?..."


I think that by belittling the choices and beliefs of others, we better validate ourselves with the added bonus of the appearance of trendy cynicism. E.g., should I call myself awesome, I'm arrogant; yet if I call everyone not like me "fanboi" or a "woo-thinker", I've raised myself above their level, and I'm a de-facto awesome/clever/critical-thinker by proxy of their stupidity.

It's a very popular rationalization to draw a difference between six of one and half a dozen of the other... as long as it assists us to feel better ourselves at the expense of other people. :shrug:

The article doesn't get into Linux, but I bet it's simmilar.

Beyond that, the core GNU tools all Unix admins know and love exist and are standard on all Linux flavors. This holds true for BSD, which is what OS X is based on.

The sort of things he is talking about, like buffer overflow protection, are good coding practices that ought to be used everywhere, they are not new issues, or attributes of any particular operating system, they are issues about how well the OS is coded. If the coding is poor or buggy, it makes it feasible for hostile crackers to get unauthorized access, or to crash the system.

I use both.

Both have problems both have benefits.

this one side or the other stuff is frankly, really amusing.

I am replying on my IPad, because it's easier to use than my Motorola/Google Android phone, and because my Windows 7 PC is in the other room.

There are enough pairs of opposites in the universe. I choose to let these companies' technologies compliment one another rather than being at odds with one another.

Oh, yeah, Windows. And sadly, Windows security fails to hold up almost as regularly.

There's more targets to hit, but Apple has larger holes.

Windows gets hit harder, and much more often.

The folks I know running MS platforms have to always be vigilant about security, and they still get hacked. The folks with Macs haven't gotten hacked, period.

That is the real world record, not some theoretical scenario cooked up by a cybersecurity tech writer in order to gin up sales.

But more often is. Did you read the article? The writer basically said what you said. Windows has less security flaws, but is a more frequent target because there's a lot more of it out there.

BTW, I run Windows mostly. I've run it for years and have hardly had a problem. It's never been "hacked." I did have to remove a hijack that I got from a legitimate site once. Other than that it's worked smoothly.

Just because you don't know people with infected macs doesn't mean they don't exist. http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars

I have had to have hte OS completely reinstalled due to virus on a Win machine twice... yes it has virus protection and all that.

You know how many times that has happened on the Macbook? A big fat zero.

You know it has a frreeware Virus protection that I bother to run every once in a while.

the attacks. Besides, who uses Macs for anything you want to hack into? No glory for hackers in Mac attacks.

Apple gets a free ride because nobody uses their stuff to store, say, merchant accounts or NATO plans.

Nuclear reactor I worked at runs on Macs, just one example.

Though I'm sure it's impossible.

I know it's not possible, but that sure sounds interesting. I've never heard of real macs involved in running nuclear reactors. They are too feature rich. But it sounds like something I'd like to see.

Why apple users can not understand the simple logic behind the fact that if 90 percent of the computers are one OS, that OS will be the major one attacked.

I think I finally have the proper combo of anti-virus and anti-spyware that's apparently keeping my Windows OS from being compromised and trojan-horsed.

I'm not saying nothing's going to happen. But if you're diligent about running scans and keeping your machine protected and downloading updates and patches and renewing your protections every year, you're really doing yourself a favor.

That's been my experience, at least. I used to have massive problems; knock wood, all's well in my little PC land these days.

I never have gotten a virus or other unpleasant internet invasion of my computer. My PC got viruses and other interferences at least once a year and sometimes more often. I'm not saying you are wrong, but my personal experience with a Mac has been very good.

And I've been running windows for 20 years without many significant issues, especially in the last few years.

Besides the viruses and malware, every PC I owned crashed at one time or the other. One crash was so bad that even the techies couldn't retrieve the information on it.

Especially in the Windows 95/98 days. Not so much with 2000 and XP. I get almost nothing with Win 7. A crash where info isn't retreivable sounds like a hard drive problem, or a bigtime virus.

What matters is what some disgruntled Windows tech says in a magazine. Don't believe your eyes.

Another Mac user here, for eighteen years, never had a virus, never crashed, and the two Macs that were/are my main computers, they both are still running. The Power Mac I started out with still fires up, it's just too slow for the Net now. The eMac I'm currently on is still going like a champ. Meanwhile, I've watched Windows using friends buy computer after computer as their Dell's, HP's, home built's, whatever crash and burn.

Not for the security, although I've never had a problem with it, and not because I don't have down time, although I rarely do (esp. compared with the windows systems the company used to run, or rather limp along, with), but because they are so simple to use (and also when I have one of the rare tech problems I get a tech person in the USA and they stay with me until the problem is solved and NEVER give me the "it's a hardware problems call ... it's a software problem call ... " followed by days on hold.

Our medical staff will NOT use windows anymore mostly because all of them also teach and give lectures and they just like the workflow of the apple which is, for them, faster and more efficient (and for me, when I'm paying $150 an hour, minutes matter).

It has to do with work flow and tech support, and for me apple just does the job.

I should note that we do use a windows based computer for accounting (although I would switch in a minute if someone could make a suggestion to get out of quickbooks which seems to have been written by Satan) and for 2 medical diagnostic programs that run on WinXP.

I understand that others have other priorities. Oh - final comment. I think office is a pretty good program.

He even says he is a M$ fanboy. So cozy down for the FUD.

His statement that Apple has more flaws then windows is silly. Just yesterday SANS reported 8 new vulnerabilities for Microsoft, none for Apple. And then there were a few more dealing with windows versions of 3rd party software (such as Adobe) and then they reported a new flaw in Google Chrome, which I think, is universal.

But using his own words:



So I did that. I compared Windows 7 and OS X for 2011. Microsoft had 28 vulnerabilities and OS X had 5. The guy's on crack, as all M$ fan-boys are.

Windows 7 chart: http://secunia.com/advisories/product/27467/?task=statistics_2011
OS X chart: http://secunia.com/advisories/product/96/?task=statistics_2011

In the end, it is a hard nosed, practical decision.

Macs last, and last well. The Mac I'm currently on is eight years old and still running strong. No downtime, no viruses, no crashes, no blue screen of death, nothing. The Mac I regularly used before that still works as well. Seventeen years old, still functions as well as the day out of the box. The only reason it is retired is because it wasn't fast enough to keep up with the Net anymore.

Heck, I've still got my old Apple Macintosh 128 just to have a bit of nostalgic fun. It too runs fine over a quarter century later.

So sure, I can initially pay less for a PC, only to have to suffer through virus attacks, crashes, freezes, etc., which cost me time and money, only to have to replace the thing five years later. Or I can buy a Mac, paying a bit more now, and not have to deal with virus attacks, hacks, crashes, spyware, etc., and still have the thing running ten years later.

Me, I'll go with quality every time.

I'm using a G4 FW800 dual 1.42ghz processor powermac from 2003, running OSX Leopard 10.5.8 and it still runs like a bat out of hell. A friend who was finally upgrading gave it to me last year after my umpteenth windows box puked out. After using this thing for about a year I can safely say I'll never look back :fistbump:

Yeah, I wonder.

;)

My Dell PC laptop was a piece of shit, with terrible customer service (I mean REALLY terrible).

It's worth 150% more, although, I do get an education discount (and sometimes you can get really good deals on refurbished items or at MacMall). If I look cooler, that's icing on the cake. (Your words, not mine :) )

Does Apple have problems as a corporation? Yes. Do they do things that piss me off? Yes. Do other computer manufacturers? Yes. Do Macs have limitations? Do you find people complaining about the prices on some things in the Apple support comments areas? Are they just not for some people who want their computers to let them do certain things? Sure.

No one comes to my house when I need service. If a part goes bad I call the company that makes it they send me a new one. If I want to upgrade I upgrade.

And I've owned several computers in that length of time. Two rules you need to follow:

1. Don't use torrents

2. If you don't know who your e-mail is from, don't open it.

It's that simple.

... because "Macs don't GET viruses! That's why I have a Mac!"

Don't get me wrong. Macs are great for some things. I'd love to have a Mac AND a PC someday.

But I'd never buy a Mac because it "doesn't get viruses." And I'd protect it against viruses/spyware/malware as diligently as I do my PC.