Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on April 10, 2007 10:47 AM.

The previous post in this blog was To report or not?.

The next post in this blog is Vista and Office woes continue.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« To report or not? | Main | Vista and Office woes continue »

MACS, Windows, Linux and Security

A friend recently sent me a blog "The Myth of Apple's Insecurities". The blog says "If an OS is built on shaky ground, everything layered on top will suffer. This is the position that Microsoft is in now. Apple was in this very position at the end of the last century. They decided to start over, providing a clear upgrade path and supporting legacy applications on the new platform. OS X was developed from BSD and NeXT, built on a foundation that dates back twenty years or more, with the OS base code freely available for download, yet there have been no significant security vulnerabilities in OS X. This isn't due to market share, this isn't due to lack of attention, this is due to proper coding and development. That isn't to say that there are no chinks in Apple's OS armor -- there definitely are -- but the foundation is solid, therefore those chinks aren't likely to destroy the whole shebang. The same is true of Linux, and most UNIX-derived operating systems."

I think that this is a fair point. But it's what wasn't said that bothered me.

The malware game is escalating. Web based attacks are rising. Therefore, even if the MAC platform is the most secure OS in the universe, the user can still be attacked by applications running on it or on the web. Recent security holes in Adobe Acrobat is just one example.

Therefore, all those Mac users should not believe that their platform is bullet proof. They too will need to be running some kind of intrusion detection and prevention system, which is constantly updated, to effectively protect themselves.

Further, while I can agree that the MAC platform is arguably more secure because Apple controls the hardware better than the PC world does, this doesn't mean it's infallible. Last week's Apple advisory on AirPort Extreme Base Station with 802.11n is but one example. Furthermore, if the MAC marketshare increases beyond it's current 5-8% of the market then expect much more attention from the criminals and more software and hardware exploits to be found.

My bottom line: No computer user should be thinking they are secure because of the operating system. As virtualization becomes more common, research like Blue Pill has shown that most OS's are prone to attack.

The debate amongst MAC and Microsoft disciples misses the point. Enterprises who need proven security don't use MAC's, PC's or even Linux. They continue to use AIX, HP-UX, Solaris and other forms of proven Unix. However, even these have security holes. Solaris's telnet security hole found in February this year is but one example.

The next two to three years are going to be tough in the computer security business as malware attacks increase in sophistication. Caveat emptor.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com


Posted by Guy Huntington on April 10, 2007 10:47 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/200

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)