On Jan 18, 2007, at 9:32 AM, Dave Schroeder wrote:

> Agreed...but there's another distinction than just managed vs
> unmanaged; there's also Mac OS X vs Mac OS X Server (or Mac OS X
> used in a server capacity or running server services).

I think I should be a little clearer here, and expand on this a bit:

* Of course Mac OS X and Mac OS X Server are essentially the same OS
(with more server services shipping with Mac OS X Server, but many of
these able to be deployed on Mac OS X as well). But Mac OS X Server
is typically used in a server environment (and thus running server
services) than Mac OS X would be on the desktop.

* One benefit of Mac OS X Server is that the server services are
updated via Apple Software Update, whereas someone installing Tomcat
themselves on Mac OS X wouldn't be. To me, this comes back to Apple
needing package management (and updating) for many common UNIX
services, but that's a benefit to an admittedly small sector of Mac
OS X users. This could be broadened to be just more granular security
updates in general (or at least the option for it), and also
responding by integrating common things they see people deploying.

* Another related issue is being able to modify services without
breaking the GUI. Apple needs to devote a lot of thought to each and
every service to provide some demarcation for areas that are safe to
change, or where modifications can be done, and also be assured that
GUI functionality is NOT broken, as much as possible.

* Apple CAN, in fact, help mitigate or stop some of these common
attacks. But it's not about deficiencies in OS X as much as it's
about deficiencies in the default configuration of things. Many
people think OS X's default SSH configuration is laughable. Why
shouldn't Apple be on the forefront of best practices for SSH, active
denial in the firewall, and a lot of these other types of things?

* On security in general: Apple does need to treat security more like
an operational issue than a marketing one. That is not to say that
product marketing can't have a place in security. I have witnessed
marked and noticeable improvement in security response from Apple.
But it's clear that there are a lot of issues - some quite pathetic -
that exist in the code, and have for quite some time. Why are these
not being discovered? Why are issues that are months old and *have*
been reported to Apple not fixed? I think that after all of the
massive changes Microsoft made, if Apple wants to maintain the
"security" perception advantage, Apple itself needs to make some
changes in how it handles Mac OS X security, from both a technical
and internal administrative perspective.

- Dave0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?,0?ô0?] 
DM0
 *?H?÷


0S10 UUS10U
Equifax Secure Inc.1&0$UEquifax Secure eBusiness CA-10
050829160720Z
150829160720Z0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0?0
 *?H?÷



0?èHQÜ%wË ktëùNßM}V?ïȶÂ#¹.³S*?¥I|R±%ö3?~?cëG:!+·Ä? ÇL$ò­©«
8)?¿.Æ01qL|?I?¿Öm²\×[¼'¯íG̪»´V ?ëùçe><|¯÷?°
æp;?Ã??

£?0?0U

ÿ
?0U?RRbG,k,
¸iñ©7,#$0U
#0?Jx2RÛY6^ßÁ6@jG|L¡0U

ÿ0

ÿ09U2000. , *?(http://cr
l.geotrust.com/crls/ebizca1.crl0
 *?H?÷


%ñDX3wç֍ת· ?7kæÞßµ±z°c_?+åLÓPpGOsÉ>ف¬ÐDÓ±Ü-++?ü}£Z??d£Áù'öTï¡*)ÿw~G²?¨ø
Oµö¬U~ºbSJh,óN¨GTaßs\ÇDØéR#êeb¨Åg0?00?? 

0
 *?H?÷


0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0
060921213052Z
070921213052Z0¾10 UUS10U Wisconsin10UMadison1(0&U
University of Wisconsin-Madison1#0!UFaculty - Staff - Students10UDavid Schroeder1 0 *?H?÷


das (at) doit.wisc (dot) edu0 [email concealed]?0
 *?H?÷



0????èöÆ?³G¡J[¨×
Qò?sJ?'Uî.øë
ÂC«ÓmÂ?5(¢?äðÛ¢1?Hµ8iä¬C°«é£ Ê¢4ÝsR|F?Sû?©¶2±ï?Æ?´zó?¬ÿPïí?ð?ÖÜ5àò?ݐ?ÕÍnæ?y
>ªÛ% ?ä¹

£p0n0U

ÿà0;U40200 . ,?*http://crl.geotrust.com/cr
ls/wisconsin.crl0U#0??RRbG,k,
¸iñ©7,#$0
 *?H?÷


¯?Ïè®`:ÍDD?¼7µ(?AÞÈæZ_?Ù
xmæÀ!ÖÓr?óÌ~X²8Ưâ"ô0%¶Â¸:Â!Í?ü?KË
CÏ?6õëÒ?5Ѭ?
:Ñat¡q"ٝöï­ÍA???±},ߪ&KÐ]9ev¬ëgxDEåð·Ë1?â0?Þ

00?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0 + ?
§0 *?H?÷

1 *?H?÷


0 *?H?÷

1
070118155211Z0# *?H?÷

1î®ðàe
Ý¡
\ûâØD»Y/?0¡ +

?71?00?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0£*?H?÷

1? 0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0
 *?H?÷



?X?J-rt"˺úãdµhn ??àî+õê\yK?ªÔÌzº;è?0¶âsÆ;%ú?ô©è^(6HÒú!WÞB 
a# kI× ö*?X|^õý
??çó+62h#©6æ)«À°Ë?òÁãkäݹ?ÞDÏAH?ªÁü

[ reply ]