“Black Hat hasn’t disappointed this year, with research revealing a flaw that undercuts OSPF routing, two separate assertions that security for Apple products in the enterprise isn’t that bad and a friendly hand being offered to hackers and crackers to join the U.S. fight against terrorists in cyberspace,” Tim Greene reports for Network World.
“Researchers took a look at Apple’s OS X operating system for desktops and laptops and its iOS operating system for mobile devices to see whether they are more or less vulnerable than competing Microsoft products,” Greene reports. “The conclusion of Alex Stamos, who led a team of researchers from iSec Partners that researched the OS X and Windows 7 operating systems, is that Apple does pretty well, but Microsoft wins. While earlier versions of Apple’s software were more vulnerable to initial exploitation than Windows 7, the latest version, known as Lion, makes up ground.”
MacDailyNews Take: Microsoft. Winning:
• The Microsoft Tax: ‘Indestructible’ botnet attacks millions of Windows PCs; Macintosh unaffected – July 1, 2011
• The Microsoft tax: Stuxnet computer worm infects Microsoft’s porous Windows OS; Mac unaffected – September 27, 2010
• The Microsoft Tax: New undetectable Windows trojan empties bank accounts worldwide; Mac unaffected – August 11, 2010
• The Microsoft Tax: Windows zero-day flaw exposes users to code execution attack; Mac unaffected – August 09, 2010
• The Microsoft Tax: Critical flaw lets hackers take remote control of Windows PCs; Mac unaffected – August 07, 2010
• The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
• The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
• The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
• The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
• The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
• The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
• The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
• The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
• The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
• The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
• The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
• The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
• The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
• The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
• The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009
Green continues, “On the mobile side, independent researcher Dino Dai Zovi says iOS does a pretty good job running applications in a sandbox that rogue applications would have to escape in order to do damage. The operating system has a dynamic signing feature for applications in which the device itself has to approve applications before running them, not just accepting the Apple certificate that says they are approved. He says BlackBerries have better data protection than iOS, but that they lack a sandbox for running applications. He says that Google’s Android mobile operating system is more vulnerable than iOS. Android is about as secure as a jailbroken iPhone that has lost many of its security features by virtue of being jailbroken, he says.”
Read more in the full article here.
[Thanks to MacDailyNews Readers “Lynn Weiler” and “Brawndo Drinker” for the heads up.]
Stay classy, iSec Partners.
What?!?! Windows is more secure than Mac OS X? I call bullshit on that one.
Some people turn off W7 security features that they feel are intrusive. I wonder how quickly W7 security degrades when users deviate from whatever “reference” W7 configuration was used for this assessment?
Windows 7 is much more secure than XP, but it is hard to determine if Windows 7 or Lion is more secure in the real world as most viruses are still written for a ten year old OS that shows up on 50% of web requests (I.e., XP). Once the viruses are aimed at the newer OSes, we’ll start to see which one survives better.
How does Microsoft win in the system security department. As shown by MDN Windows has a list a mile long of exploits , where as OSX has NONE, ZERO, ZILCH , NADA!
There research in OS security is simply flawed or they have been paid off by MS.
Apple’s Operating Systems: security researchers are growing more insecure about their day jobs.
In further news today up is down, yes is no and war is peace.
Classic MDN Headline!!!!!!
Microsoft actually WINS (that’s a genuine SHOCK BTW)…but Apple is “getting more secure”
I’m a fanboy but damn…twisting the facts around just looks juvenile…
… comparisons that show MSFT security “less vulnerable” than Apple’s. And I don’t question their facts. I just use a different measuring stick – a) how many attacks are felt by your average user and b) by how many methods. If their measure of “security” is valid, why does Apple – as a whole – suffer fewer attacks per year, and through more vectors, than your average Windows user? They are not counting some significant factor. “Obscurity” only seems logical until you consider just how frequent and varied the attacks are.
If you were a nefarious hax0r who depended on Msgr staying their security course so you could stay in business… Wouldn’t you misrepresent ;)?
Oops! Msft. I wish somebody’s hack spellcheck so it didn’t suck ass all day
Spellcheck can only help with real words, nowhaimsain’?
You don’t know what a stock ticker is? Pity.
And if you mean the word h4x0r… Well you aren’t going to comprehend the modern Internet.
And it’s painfully obvious you don’t.
Lulz!
I get phone calls that tell me my computer is full of garbage and bad software that it needs fixing. They tell me that I must go to a specific internet site and download their wonderful free software and everything will be fixed.
I tell them I have no problems but they assure me that they can see my problems from their lab on their computer. They insist I must download their software.
I tell them I just use Macs and they suddenly hang up for some reason.
WTF?
Yes, yes. Here we go again.
Mac == Beverly Hills.
Windows == North Philly
North Philly homes have deadbolts, numerous locks on the doors, and bars on all the windows. Obviously, the houses there are far more secure and, thus, safer. 😛
obviosly they are talking about security features such as sandboxing and ASLR instead of counting the number of idiota who grant permission to trojans on either OS.
Im sure every OS out there has exploits wauting to be tapped.
considering 99.9 percent of malware out there tries to trick the user instead of just installing via a critical exploit tells you that as a whole security has improved across the board
Funny how Macs do it all *without* AV software. I doubt the versions of Windows they tested can make that claim.
Why no mention of the Macbook battery exploit Charlie Miller found?