, 2004-07-21
Apple's OS X is not safer or less susceptible to vulnerabilities and viruses than other OSes, and Apple's secretive culture is bad for the security world.
Expand all |
Post comment
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (3 replies)
Anonymous (3 replies)
Mac OS X ? Unix? Secure?
2004-07-23
Anonymous (2 replies)
Anonymous (2 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (2 replies)
Anonymous (2 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (3 replies)
Anonymous (3 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Kev (1 replies)
Kev (1 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Chris (1 replies)
Chris (1 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (2 replies)
Anonymous (2 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Dan P (1 replies)
Dan P (1 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (1 replies)
Anonymous (1 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Anonymous (2 replies)
Anonymous (2 replies)
Mac OS X ? Unix? Secure?
2004-07-22
Daniel Hanson (9 replies)
Daniel Hanson (9 replies)
Mac OS X ? Unix? Secure? So do something about it!
2004-07-23
Jon Coleman (1 replies)
Jon Coleman (1 replies)
Mac OS X ? Unix? Secure- Yes
2004-07-27
John G (1 replies)
John G (1 replies)
Which pretty much sums up the article - much of the evidence is readily available, but either Mr Hanson didn't look for it or having found it, preferred to ignore it, since it didn't fit with his prejudices.
To take a few examples....
" a few months back when a number of vulnerabilities were discovered in OS X and were patched by the Panther upgrade, available for a fee." and then goes on to say "no security fix available for the earlier Jaguar release"
But that's not true. When it was first identified, Apple announced the vulnerabiliy did not occur in Panther and then a little later released the patch for older operating systems. For free (as they should!) That's quite different from what is written.
"Another concern I have is that while other operating systems and hardware platforms are moving towards controlling exploitation of buffer overflows through things like stack and heap protection, and no execute flags. There has been no indication from Apple as to what their plans are."
Well, if it's an area of concern to you, maybe you should check: the issue has been addressed at great length on the web recently - the first OSX vulnerability identified (in quicktime) was a heap overflow. A second - and more serious - was a stack-based buffer overflow in AFP. Both were patched fairly quickly. There will, of course be more. Only a newbie would assume OSX (or any OS) is bulletproof. But Apple - like any other OS vendor - is doing its best to prevent such issues and has issued multiple advisories to developers. If it isn't obvious to him what Apple is doing, I can only assume he hasn't bothered to look.
The fact that the potentially serious AFP flaw didn't give rise to much fuss actually reflects Apple's attitude to security (which causes Mr Hanson so much concern). AFP - like most Admin tools and access to base level functions - is turned off by default - an approach certain other software vendors (including one from Redmond) are now adopting.
It's hard to see this article as anything but FUD. Secunia (who identified the AFP vulnerability) and other security firms are putting OSX under the microscope, the same way they do other OS's. That's what they do for a living.
But we're supposed to be concerned because his group doesn't have a Macintosh security focus group? Poor baby. If that really concerns Mr Hanson, then he should agitate to get such a group started.
Just don't schedule very frequent meetings ;)
cheers, Mark
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/256/27572#27572