eWeek: Intel transition a ‘security non-issue’ for Apple Mac

“OS vulnerabilities are a result of OS characteristics, and the CPU they run on is pretty much irrelevant,” Larry Seltzer writes for eWeek. “I guess Black Hat just gets hackers excited and optimistic for more bad news. This leads them to believe, for example, that Apple’s move to x86 for the Mac will make the platform less secure. Claims like these raise basic questions about what creates a vulnerability in an operating system and how attackers exploit them. The short answer is that rarely, if ever, are the existence of vulnerabilities related to the specifics of one processor architecture versus another.”

“The vulnerability is in the structure of the program, not strictly in the implementation generated by the compiler. You’re far more likely to be able to leverage an exploit from the PowerPC Mac OS on the x86 Mac OS than you are an x86 Windows attack on x86 Mac OS. Apple has had no shortage of vulnerabilities disclosed in the last several years. FRSirt lists 33 for the last year, and 13 of them are rated as ‘critical.’ Why were there no major exploits of these vulnerabilities? Was it because they were too hard to do? Of course not. They weren’t worth exploiting because there are a dearth of actual Mac systems out there, and they have reasonably good defenses available to them,” Seltzer writes.

“So what changes when the Mac moves to x86? If Apple’s market-share shoots up and attackers suddenly have a better shot of finding Macs to attack, then more malware will be written to the Mac. But it won’t be any easier to exploit for being on x86. Lots of real vulnerability news comes out of the average Black Hat conference, but there’s also typically a share of weird ideas out of left field, and this is one of them,” Seltzer writes. “Perhaps those black hats are on a bit too tight for the arteries in the brain.”

Full article here.

MacDailyNews Take: This is some real wrath-of-God type stuff. Fire and brimstone coming down from the skies… Rivers and seas boiling… Forty years of darkness… Earthquakes, volcanoes… The dead rising from the grave… Human sacrifice, dogs and cats living together… eWeek publishing common sense regarding Mac OS X security… Mass hysteria.

By the way: Macs aren’t secure due to obscurity. First of all, Macs aren’t obscure, they only appear so during nationally televised commercial breaks. And, secondly, Mac OS X is designed to be secure on networks. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here. There are over 20 million Mac OS X users in the world and there are still zero (0) viruses. If platforms’ install bases dictated the numbers of viruses, the fact that Mac OS X has zero (0) viruses discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable to “obscurity,” it’s attributable to superior security design. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related MacDailyNews articles:
eWeek article about potential Mac OS X security exploits is fiction, factually wrong – January 27, 2006
Security technologies that have made Mac OS X secure for PowerPC remain same for Intel-based Macs – January 27, 2006

37 Comments

  1. Jimbo, my friend. All I ask is that you peruse the MDN archives for all my posts. After you have a more definite idea of what I do we can have a livelier discussion on OS security.

  2. I don’t know why I try. To educate you Macheads is almost futile.

    I don’t HATE the Mac OS, it’s just not as versatile. Educate?!? Enlighten?!? Share another perspective??!!??

    “Blasphemy!!!!!! Macs are invulnerable!!!!!! You are a troll!!!!!!”

    Come on … get a clue. More OS installations = more Viruses and attacks. It’s simple logic. Except around here.

    Get a clue, fanwankers.

  3. Evil_MS_User,

    Please stop making Windows users look like complete asses. You’re wrong. OS X is not only safe via obscurity (a non-sequitur) but it is ALSO safe by design. Simple as that. Until Windows is as strict about requiring the use of an admin password to modify system files or install ANY program, it’s simply a fact that OS X is more secure. Not shut up about it and quit reminding people. You are no friend of Microsoft!

    Regards,

    Carnegie…er Billy

  4. “Until Windows is as strict about requiring the use of an admin password to modify system files or install ANY program, it’s simply a fact that OS X is more secure.”

    Partially true. IT departments learned this a long time ago, which is why you will be hard-pressed to find any corporation nowadays that hasn’t “locked down” their users’ desktops. I actually started using a non-admin account for everyday use back when NT 4.0 was released and have been doing it ever since.

    The big problem has always been these legacy apps that required local admin rights to run properly. I know about them very well – I can’t count the number of apps I’ve had to repackage to work around this problem. But it’s actually getting better – the other day I installed a small photo album app for a Philips digital camera and I was fully expecting to have to tweak it to get it to work without admin rights. But lo and behold – it worked right out of the bat. So the developers are finally coming around to programming to Win2K specs…

  5. The overwhelming number of IT installations require oversight and off-site (or near-site) administration from within the confines of the resident IT fortress. That’s the building (or department) where the average employee doesn’t have a prayer in hell of getting into. This mentality serves to further secure the IT department’s permanence and safety from corporate downsizing attack.

    This mentality is predominant in corporate culture. And it’s precisely why Macs will never make a dent in the corporate business infrastructure. They are simply too secure and far, far too user-manageable. With current IT loss rates at only -1% per annum nationwide, no IT manager in his right mind will recommend a switch to a more secure Linux or OS X paradigm, lest said department suddenly begin to experience greater loss and employee defection rates — probably in the neighborhood of +33% or higher.

    It’s really simple human nature.

  6. Just caught the above two posts. You should really hear me laughing now. This is hilarious! ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

    Love it. 8-P

    Keep it up…

  7. Let me blow a hole in this nonsense.

    If I were a criminal, my first inclination would be to maximize the return on my criminal endeavors. If I’m going to take a risk, I want a big payoff.

    Now, I might write a program that captures passwords and credit card information as a victim shops online. Who should I target this malware toward? Let me see:

    A) as a percentage, Mac users overwhelming use the internet more than Windblows users. This is statistically borne-out in virtually all online usage data. Mac OS/browsers are represented disproportionately high relative to the Mac’s alleged “marketshare.”

    B) Mac buyers/users tend to be better-educated and more highly paid than Windblows users. This has been borne-out in virtually all marketing research studies done on the subject since the dawn of time. (Don’t believe me? Google it for yourself.) Thus, there is a higher credit limit potential from a Mac victim.

    In light of the two factors above, my nefarious malware efforts would be better spent, with greater potential ill-gotten earnings, by targeting my malware at Mac users.

    So, Windblows apologists, why hasn’t this happened yet? Don’t spew me anymore of that “obscurity” nonsense.

  8. You young folk, lets take this further. OS 7 had an even smaller user base than OS 10. But there were over 50 viruses for OS 7.
    If the argument of Security Via Obscurity is true, then what gives for OS 7 ?

    What, can’t figure that one out?

    Idiots.

  9. STOP IT!!!!!

    STOP IT YOU MUTHAF-CKERS!!!!!!!!!!!!!!

    I SWEAR I’M GONNA DO SOMETHING REALLY, REALLY BAD!!!

    YOU BUNCHA SCUMBAGS!!!!!!

    NO ONE MOCKS ME!!! NO ONE!!!

    I’LL SHOW YOU.

    WATCH THIS, RETARDS!

    [BLAM]

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.