“OS vulnerabilities are a result of OS characteristics, and the CPU they run on is pretty much irrelevant,” Larry Seltzer writes for eWeek. “I guess Black Hat just gets hackers excited and optimistic for more bad news. This leads them to believe, for example, that Apple’s move to x86 for the Mac will make the platform less secure. Claims like these raise basic questions about what creates a vulnerability in an operating system and how attackers exploit them. The short answer is that rarely, if ever, are the existence of vulnerabilities related to the specifics of one processor architecture versus another.”
“The vulnerability is in the structure of the program, not strictly in the implementation generated by the compiler. You’re far more likely to be able to leverage an exploit from the PowerPC Mac OS on the x86 Mac OS than you are an x86 Windows attack on x86 Mac OS. Apple has had no shortage of vulnerabilities disclosed in the last several years. FRSirt lists 33 for the last year, and 13 of them are rated as ‘critical.’ Why were there no major exploits of these vulnerabilities? Was it because they were too hard to do? Of course not. They weren’t worth exploiting because there are a dearth of actual Mac systems out there, and they have reasonably good defenses available to them,” Seltzer writes.
“So what changes when the Mac moves to x86? If Apple’s market-share shoots up and attackers suddenly have a better shot of finding Macs to attack, then more malware will be written to the Mac. But it won’t be any easier to exploit for being on x86. Lots of real vulnerability news comes out of the average Black Hat conference, but there’s also typically a share of weird ideas out of left field, and this is one of them,” Seltzer writes. “Perhaps those black hats are on a bit too tight for the arteries in the brain.”
Full article here.
MacDailyNews Take: This is some real wrath-of-God type stuff. Fire and brimstone coming down from the skies… Rivers and seas boiling… Forty years of darkness… Earthquakes, volcanoes… The dead rising from the grave… Human sacrifice, dogs and cats living together… eWeek publishing common sense regarding Mac OS X security… Mass hysteria.
By the way: Macs aren’t secure due to obscurity. First of all, Macs aren’t obscure, they only appear so during nationally televised commercial breaks. And, secondly, Mac OS X is designed to be secure on networks. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here. There are over 20 million Mac OS X users in the world and there are still zero (0) viruses. If platforms’ install bases dictated the numbers of viruses, the fact that Mac OS X has zero (0) viruses discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable to “obscurity,” it’s attributable to superior security design. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
eWeek article about potential Mac OS X security exploits is fiction, factually wrong – January 27, 2006
Security technologies that have made Mac OS X secure for PowerPC remain same for Intel-based Macs – January 27, 2006