Hacker: Windows More Secure Than Mac OS X
Hackers just like the PC more.
Regardless of which side you're on (though as a true computing enthusiast, you shouldn't be taking sides), you've heard the arguments back and forth on the which operating system is truly safer – Mac OS X or Windows.
It is of the opinion of Charlie Miller, a well known Mac security guru, that even Snow Leopard, the latest version of Mac OS X, isn't as safe as Windows.
One key point is that Snow Leopard still doesn't have ASLR, or address space layout randomization, which randomly arranges the position of key data making it harder for hackers to target for exploits.
Miller said to TechWorld that Apple didn't change the ASLR from 10.5 to 10.6: "Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good."
Apple didn’t completely missed the chance to tighten up security in Snow Leopard though, as the new QuickTime solves a lot of the issues that Mac OS X had before.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."
One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.
Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.
"Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."
- 12-inch Asus Eee Netbook Running on Nvidia Ion
- Google Finally Acknowledges UFO Drawings
- Report: Best Buy Might Buy GameStop
- Asus Delivering Blu-ray via USB
- Talk Like Pirate Day: Monkey Island Sale
- Report: Dell, HP Working on 3D Gaming Laptops
- BioShock 2 Release Date Announced
- xpPhone: Smartphone that Runs Windows XP
- QOTD: Would You Pay For Content Online?
- Microsoft Poaches Apple Retail Staff
- AMD Confirms Six-Core 'Thuban' Consumer CPUs
- EU Airs Out Intel's Dirty Laundry
- Wolfenstein PC Recalled in Germany
- mSATA Introduced for Netbook SSDs
- Intel Shows Laptop With 4 Screens, LCD and OLED
- Intel Targeting 22nm Chips by 2011
- Google Upgrades Internet Explorer With Chrome
- Intel Responds to the EU's Publishing of Evidence
Ahhh, so true.
score 1 for windows
Keep in mind it was an apple developer saying this himself, sounds like this guy could be the anti-christ for those PC vs. Mac commercials.
So I bet this isn't going to make it amongst the bias PC vs. Mac ads
Note: this is the same guy that won at Own2Pwn last year. So Im pretty sure he knows what hes talking about.
But Mac users live in a little false reality bubble with twirling rainbows and lies about being impervious to maleware.
and this is new to the world how. i think this should already be common knowledge.
ASLR is just security through obscurity. I wouldn't trust my data with any security "guru" who suggests otherwise. I'd rather see Apple invest their time implementing actual security measures
dont worry, when apple gets more shares, they will feel the wrath of the hackers
Plus by the time Apple is done spinning this the Fanboys will be claiming that this is all a scheme devised by MS.
But Mac users live in a little false reality bubble with twirling rainbows and lies about being impervious to maleware.
Amen! lol
I'm always tired of Mac users saying "Oh, but there is less malware for Macs out there!" My response to that is "Hackers just feel sorry for Mac users and decide not to make their lives even more miserable than they already are with using a Mac."
(P.S. I am not one of those people that have never used a Mac and say that I don't like it, I have been using one extensively over the summer and have found out how much time I have saved by using a Windows computer all of my life
well looks like the score all tied up now
well if this dont prove that macs are under that just as much as windows then i dont know what will.
Its all about the market share...
"Regardless of which side you're on (though as a true computing enthusiast, you shouldn't be taking sides)"
Wrong idiot, no such thing as a apple enthusiast. I dont see people buying Imac's and upgrading or overclocking them into gaming machines. As a author you shouldnt be telling us what we should and shouldnt be doing or thinking or feeling. Yes i do take Windows side, its faster, upgradeble, cheaper, and now its safer. So why would you buy an Imac? Only if your pocketbook is bigger than your IQ.
I work for a small creative agency where I am the sole Windows user out of simple preference. I do not nor have I ever had malice or negative thoughts about Apple products. I have owned both...and yet I am constantly attacked about having an inferior device because it isn't Apple. I don't like being forced into a corner and having to defend myself and it really pisses me off. Both have strengths and weaknesses and as the author of the article pointed out, the true computer enthusiast does not care...and I really don't.
Apple needs to add the FreeBSD Jails Subsystem:
http://www.freebsd.org/doc/en/book [...] jails.html
along with OpenBSD PF:
http://www.openbsd.org/faq/pf/
DEP is old news, has been in OpenBSD for a while W^X:
http://en.wikipedia.org/wiki/W%5EX
As for ASLR, its not that big of an issue. The attacks that ASLR protects on Windows don't effect Mac OS X.
Look, the ASLR issue is simply security through obscurity. To even abuse the weakness in Apple's OS, you first need to execute the code in the first place, which requires either an un-patched weakness followed by escalation of privileges to even access the memory space used by the kernel and driver resources, find a stupid user direct them to a cracked site and then run something to crack the OS open, or get their password. If you've already gotten this far, wtf are you worried about where in RAM some file is, you ALREADY OWN THE MACHINE. ASLR is important on the windows platform where it;s easy to inject code into apps in many ways. on a UNIX based system, that gets you nothing unless you can get into the machine in the first place and run code, which can't easily happen without tricking the user on some level first. Generic virus code can not get to the memory space regardless of the randomization unless you can run as root (which is disabled!).
This is like saying the like saying windows cars have bad alarms and cheap door locks, but are difficult to hot-wire once inside. They can steal you identity, but not so easily drive off with the car, while next to it is an apple Abrams tank, fully bulletproof and locked, but they keys are inside if you can get to them, so it's somehow less secure...
It's not that difficult to understand if you really think about it. What does every computer system that has anything important on it run? Some version of Windows. You don't see the CIA's servers running Mac OS. Just using that as a broad example. Do you see your local bank running Mac OS? Police department? and so on and so on. The reason why Mac OS is so "secure" is because it doesn't run on any computer system people want to see/steal data from. If the Pentagon switched to Mac OS...how lon do you think it would take before "hackers" had penetrated it? I use "" because there are very few true hackers left out there.
There is nothing new in this article. Any smart computer user will know that there is no such thing is
Get an edit button on here, stupid toms. While your working on the edit button, get some non biased authors or some authors with a brain. Jane is the only decent author on here. Marcus has always been a biased retarded individual, serious stop writing topics, and just spell check its about all your good for.
Ummmm...take a look at that last sentence again and see if you can find anything in his article that is as poorly written...
score 1 for windows
score one MORE for Windows
I wonder why people think ASLR is unimportant? To me it seems like just one more layer of security.... I like extra layers when it comes to security and if it does not impose any significant performance loss then why not? To argue against extra security is crazy on any platform.
whatever apples marketing team will sell it as
"
"hey mac"
" hey pc"
" hey mac i heard you arent as hard to get into as i am"
" hey pc dont you know? boys like loose girls
p.s. and yeah mac have lessviruses because hackers , find tos x to easy to hack and we all know hackers like a challenge LOL
yeah youd figure working for a technology sight they would know how to use a simply technology called spell check and use a tried and true method called PROOF READING.
"Apple didn’t completely missed the chance to tighten up security in Snow Leopard though"
oh wow , every one here knows how shitty my typos, but damn , when i catch a gramatical error , you know you need better editoral skills LOL that line should read:
"Apple didn’t completely miss the chance to tighten up security in Snow Leopard though"
oops i meant to quote this.... so much for proof reading....
hehe, they say "you don't get viruses on a mac, you get lots of viruses on a PC, because they are unsecure."
Notice how it doesn't say macs are secure, it doesn't even say that macs are more secure than PCs. but that is exactly what people would would think its saying.
The only department of apple that is truly innovating and pushing boundaries is their marketing department.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."
One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.
Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.
missed should read miss
based should read base
Is grammar out the window at Tom's? The editorial staff is slacking off or something. I love Tom's I've been reading for eight years, but seriously folks.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."
One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.
Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.
missed should read miss
based should read base
Seriously where's the grammar checking with the editorial staff, I love Tom's, I have been reading for eight years every day, but seriously folks.
Sorry for the double post... the update wasn't showing up...
I'm pretty sure that the programmers at Apple, just like their Mac user cronies, think their stuff is just invincible as it is. I'm sure once the Mac user base grows big enough to be a suitable target reality will enlighten them.
(Generally speaking) we already knew this. Unfortunately, the general public does not know. And the "Get a Mac" ads don't help in informing the public of the truth (that Windows is more secure, but tastier to hackers because of the large install base and users who don't know what they are doing).
lol this was on anandtech ages ago