Mac users 'still lax on security'
[image: MacBook] Apple OSX has proved far more robust than Windows
*Apple Mac users are still too lax when it comes to security matters, an
independent researcher has said.*
Kevin Finisterre caused ripples in the Mac community when he started a
website in January revealing a different bug in Apple systems each day of
the month.
While some observers dismissed the survey, Apple recently issued a patch to
plug holes outlined by Finsterre.
Apple owners' attitude to security was "one of the main reasons we started
the campaign," he said.
Apple makes great play of the fact that its OSX operating has yet to be
attacked by a virus while Windows XP machines are plagued with problems.
Its recent global campaign of adverts pitching Macs versus PCs has focused
on security issues.
XP machines are represented by a flu-ridden, sneezing individual while the
Mac remains untouched by illness.
*Security holes*
Many of the problems highlighted by Finisterre are security holes in
applications, which are not related to viruses.
Apple recently plugged holes in Mac software such as iChat and Finder and a
flaw in the user notification process that could potentially grant system
privileges to malicious users.
All three problems were highlighted by Finisterre, and a fellow researcher
known only as LMH.
Finisterre said: "Try calling any Apple store and ask any sales rep what you
would do with regard to security, ask if there is anything you should have
to worry about?
"They will happily reinforce the feeling of 'Security on a Mac? What? Me
worry?'."
He said the Month of Apple Bugs (MOAB) project had succeeded in its original
aim of raising the level of awareness around Mac security.
"I would really hope that people got the point that there are most
definitely some things under the OSX hood that need a closer look," he said.
But Mac experts have pointed out that none of the exploits have ever
successfully been used to hijack an Apple computer.
By contrast hundreds of thousands of Windows machines have been taken over
as part of so-called bot nets, which use the hijacked machines to deliver
millions of spam e-mails around the world.
*'Extra efforts'*
He said Apple had opened up dialogue about security issues.
"They have certainly given some extra efforts on the backend to open up
lines of communication, at least with me.
"That sort of progress is what I am after rather than a particular set of
bugs."
He said that Apple had in the past not been open to dialogue about security
matters, but things were changing for the better.
"I chat quite regularly with some of the security engineers," he said.
At the moment there are no plans for the MOAB website to continue.
"Real life comes in to play; the cost of living, the fact that we did it all
for free.
"If someone wanted to invest some of their own resources I would be more
than willing to continue."
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Jolug" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Jolug?hl=en-GB
-~----------~----~----~----~------~----~------~--~---
