Quoted:


Nothing to do with Security...everything to do with Spin.

Quoted:
Nothing to do with Security...everything to do with Spin.

Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”

Quoted:



 

Quoted:



 

Hackers just like the PC more.

Regardless of which side you're on (though as a true computing enthusiast, you shouldn't be taking sides), you've heard the arguments back and forth on the which operating system is truly safer – Mac OS X or Windows.

It is of the opinion of Charlie Miller, a well known Mac security guru, that even Snow Leopard, the latest version of Mac OS X, isn't as safe as Windows.

One key point is that Snow Leopard still doesn't have ASLR, or address space layout randomization, which randomly arranges the position of key data making it harder for hackers to target for exploits.

Miller said to TechWorld that Apple didn't change the ASLR from 10.5 to 10.6: "Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good."

Apple didn’t completely missed the chance to tighten up security in Snow Leopard though, as the new QuickTime solves a lot of the issues that Mac OS X had before.

"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."

One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.

Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.

"Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."

A security expert that build his career on identifying vulnerabilities in Microsoft software now says that the company has come a long way. Marc Maiffret, a former hacker turned legitimate security researcher, and now chief security architect at FireEye, told InSecurity Complex that Apple’s software was inferior to Microsoft’s in terms of security and the capacity of protecting end users, despite claims to the contrary by the Cupertino-based hardware company. In fact, Maiffret put Apple on the spot for marketing its software as more secure than Microsoft products, noting that it was just marketing and nothing more.

Still, the former hacker indicated that he had witnessed Apple starting to change its ways, and care more about security. “It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is,” he stated.

According to Maiffret, before Apple only recently, in the past six months, started caring more about securing its products, it was at the same level as Microsoft before the January 2002 Trustworthy Computing memo from Bill Gates. But while he slapped Apple over the wrist, Maiffret praised Microsoft not only for the progress it had done over the better part of the past decade, but also because of the Security Development Lifecycle.

“Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say,” he underlined. “[…] From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things.”

The Security Development Lifecycle is a model deployed by Microsoft internally, designed to secure software as much as possible by doing extensive testing to filter out vulnerabilities, and also ensure that when flaws do exist, mitigations are in place to make exploits extremely difficult, if not impossible. Windows Vista, the first Windows client to be produced in accordance with the best practices of the SDL, was also the company’s most secure operating system in history. Windows 7 was built on Vista’s legacy, and is bound to be just as, if not even more, secure compared with its predecessor.

In the first week of April 2010, Microsoft published the Security Development Lifecycle (SDL) Version 5 for all third-party software developers to leverage in their products.

Quoted:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.

Quoted:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.

Quoted:


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.

Quoted:
That is great!  Now Mac and Linux OS's will be more vulnerable to security exploits because the motive will exist to take them down.

Quoted:


OSX ain't perfect, but it's a damn sight better than Windows. Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.

Quoted:


Yes it does, and yes it is.

Quoted:


OSX ain't perfect, but it's a damn sight better than Windows.  Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.

Quoted:












Your username is extraordinarily appropriate.

Quoted:
That is great!  Now Mac and Linux OS's will be more vulnerable to security exploits because the motive will exist to take them down.

Quoted:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.

I need Windows at work, because core business processes rely on Microsoft products. Our entire company is essentially run on SQL Server. We use features of Microsoft Office applications that aren't easily duplicated in products like Open Office. Our entire development team uses .NET languages. Our massive intranet is run on Sharepoint. The software that our contact center agents use to communicate with the ACD is a Window-only application. The software that I use to write IVR and ACD scripts for said contact center, despite being nothing more than a huge collection of Java Beans, only runs on Windows, and trying to accomplish the same thing on another OS is an exercise in futility.

Google is able to do this, because from day 1, they built their company in such a way as to not depend on any given client operating system. If my company started from square one, and had a team of brilliant people in IT (something most young non-tech companies can't afford), we'd be the same way.

Quoted:
Are the other OS's safer because they are buttoned up tight by design or is it because hackers just don't bother to target those OS's?

Quoted:


Safer in that there are so few people using it that hackers are not targeting it?

If anything eventually replaces Windows on the desktop it will be targeted just as Windows is targeted.

Quoted:


Really?

http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html



I think he knows more about it then you do.

And another one...

http://news.softpedia.com/news/Apple-Software-Security-Inferior-to-Microsoft-s-Says-Iconic-Hacker-139942.shtml



I'm not going to get in a big argument about the matter, because to most it's like arguing religion...in other words, like talking to a wall.  However, each OS is only as secure as the end-user, or administrator of the system, and each OS can be secured well enough not to have any major issues, barring the stupidity of the end-user.  I have no real preference, but I make my money off of Windows, not by fixing them though, I consult and train on their server products.

Quoted:


OSX ain't perfect, but it's a damn sight better than Windows.  Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.

Quoted:


Security by obscurity.

Quoted:
Ha-ha!

Suck on that Microsoft!

Quoted:


Maybe. IMO, the fact their products are browser- and server-based is the real reason they can use different OSs. On the server they are big on C++ and Python and, of course, HTML is mostly portable to every browser and OS.

If they developed rich clients like MS Office, it would be a different story.

Quoted:



 

Quoted:


When I was interviewing there one of the questions that was in the back of my mind is do I really want to work in a environment that is like programming mainframes?

Quoted:


Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".

Quoted:
Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".

Quoted:







And racking the slide on a shotgun will chase the burglars away.

Quoted:



You realize it's kinda like the LifeLock guy posting his Social Security number all over the place, right?



 

Quoted:


Security by obscurity.

Quoted:



Right?  

Quoted:











What is, putting a Mac on the internet?  I've been doing it for years now with no problem.  No anti-virus software, no anti-malware, and no problems.  I have one mac connected to the net for a few years now with a public IP.  But really it's no risk at all, because market share is what creates or negates security problems.  If tomorrow the market share of Macs magically became 98%, security holes would appear in the code that weren't there before.





Right?  

June 01, 2010 11:20 AM

Security Firm Discovers Spyware in Mac Software

No anti-virus software, no anti-malware, and no problems.

Quoted:


Sure dude.

Remember this thread.
 

OSX/OpinionSpy performs the following actions:


• This application, which has no interface, runs as root (it requests an
administrator's password on installation) with full rights to access
and change any file on the infected user's computer.


• If for any reason the application stops running, it is re-launched via
launchd, the system-wide application and service launching facility.


• It opens an HTTP backdoor using port 8254.


•  It scans all accessible volumes, analyzing files, and using a great
deal of CPU time. It is not clear what data it copies and sends to its
servers, but it scans files on both local and network volumes,
potentially opening up large numbers of confidential files on a network
to intrusion.


• It analyzes packets entering and leaving the infected Mac over a local
network, analyzing data coming from and being sent to other computers.
One infected Mac can therefore collect a great deal of data from
different computers on a local network, such as in a business or school.


• It injects code, without user intervention, into Safari, Firefox and
iChat, and copies personal data from these applications. Code injection
is a form of behavior similar to that of a virus, and this malware
"infects" applications when they are running to be able to carry out its
operations. (It infects the applications' code in the Mac's memory, and
does not infect the actual applications' files on the user's hard
disk.)


• It regularly sends data, in encrypted form, to a number of servers
using ports 80 and 443. It sends data to these servers about files it
has scanned locally, and also sends e-mail addresses, iChat message
headers and URLs, as well as other data. This data may include personal
data, such as user names, passwords, credit card numbers, web browser
bookmarks, history and much more.


• Given the type of data that it collects, the company behind this
spyware can store detailed records of users, their habits, their
contacts, their location and much more.


• The application can be upgraded automatically, with new features
added, with no user intervention, and without the user being aware of
this. It occasionally asks users for information, via the display of
dialogs, such as their name, or asks them to fill out surveys.


• In some cases, computers with this spyware installed no longer work
correctly after a certain period of time; it is necessary to
force-reboot such Macs.


• If a user deletes the original application or screen saver that
installed this spyware, the spyware itself will remain installed and
continue to operate.





As can be seen above, this application that purports to collect
information for marketing reasons does much more, going as far as
scanning all the files on an infected Mac. Users have no way of knowing
exactly what data is collected and sent to remote servers; such data may
include user names, passwords, credit card numbers and more. The risk
of this data being collected and used without users' permission makes
this spyware particularly dangerous to users' privacy.

Quoted:



I know I'm kind of wacky believing that unix is more secure than Windows.