> Typically, a Mac user has no elevated rights. SO, most malware would run as a "least rights" user and go nowhere. (This too is a unix security feature.)
I suggest this is a security posture commonly implemented on UNIX systems by their admins. It is now significantly more common in Windows environments as well. -sc From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, September 07, 2010 3:25 PM To: NT System Admin Issues Subject: RE: Mac and Windows mix Two Mac issues: 1. Currently, it is a smaller "target" for hackers. 2. Typically, a Mac user has no elevated rights. SO, most malware would run as a "least rights" user and go nowhere. (This too is a unix security feature.) OTOH, I believe Macs read PDF files. These are insecure all by themselves. Throw in the breaks found in Safari, iTunes, QuickTime, etc, and one can suspect time bombs can be planted which can go off when someone needs to elevate "themselves" to run configuration tasks, install software, etc. "John Aldrich" <jaldr...@blueridgecarpet.com> wrote on 09/07/2010 02:15:16 PM: > Not to start a flame war or anything, but I was under the impression > that Mac OS/X was significantly *more* secure than a comparable > Windows machine, due to the *nix security model? Asking for > information here, trying to learn, not trying to start a Mac Vs. > Windows thread (there are enough of those, that I don't need to > start one! <G>) > > [image removed] [image removed] > > From: Holstrom, Don [mailto:dholst...@nbm.org] > Sent: Tuesday, September 07, 2010 2:57 PM > To: NT System Admin Issues > Subject: RE: Mac and Windows mix > > We have about a dozen Macs here at the Museum. I give them each dual > monitor set-ups, with Parallels and Windows with Microsoft Office so > they can Outlook to their e-mail. So far, Mac doesn't really have a > good Rendezvous/Outlook set-up, although OWA is very good and > getting better. As I stroll by, I see that each Mac user keeps > Office up on one monitor, so that Outlook is always open. Each of > the Macs can already connect to our PC servers where they keep all > their files. I give Remote Desktop access to those who either PC or > Mac from the outside. > > Way too many security openings for Macs, this would not be good with > a very secure network... > > From: Jeff Steward [mailto:jstew...@gmail.com] > Sent: Tuesday, September 07, 2010 2:34 PM > To: NT System Admin Issues > Subject: Re: Mac and Windows mix > > Don't knock yourself out here Matt, I'm just curious how one manages > these issues in a mixed environment. I have one Mac user who works > part time so we set him up with a Remote Desktop client and he works > in a Terminal Server session. > > Regards, > > Jeff Steward > On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross <mr...@ephrataschools.org <mailto:mr...@ephrataschools.org%0b> > > wrote: > Apple Remote Desktop is more akin to the Windows Management MMC, MS > Remote Desktop and the SysInternals Power Tools rolled into one > package. Open Directory is more akin to Group Policy. > > I will see what I can find out about those regulations. > > --Matt Ross > Ephrata School District > > On Sep 7, 2010, at 11:21 AM, "Jeff Steward" <jstew...@gmail.com> wrote: > HIPAA > SOX > MA 201 CMR 17.00 > > To varying degrees they all boil down to: > > We define a security policy that meets the regulatory requirements > and base configurations to meet that policy and then report > regularly on performance to standards. I see from one of your > follow-up posts that Apple Remote Desktop is akin to Group Policy. > > -Jeff Steward > On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross <mr...@ephrataschools.org <mailto:mr...@ephrataschools.org%0b> > > wrote: > Can you be more specific? What standards are you needing to be > compliant to? An example regulation would help me answer your question. > > --Matt Ross > Ephrata School District > > On Sep 7, 2010, at 10:26 AM, "Jeff Steward" <jstew...@gmail.com> wrote: > A school environment is not the same as a public company > environment. Compliance to <insert your favorite standard here> and > reporting on said compliance or non-trivial issues for public > companies or private companies subject to other regulations. There > are a wealth of tools for managing these issues in a Windows > environment, can the same be said of the Mac environment? > > -Jeff Steward > On Tue, Sep 7, 2010 at 12:53 PM, Matthew W. Ross <mr...@ephrataschools.org <mailto:mr...@ephrataschools.org%0b> > > wrote: > Macs are not the burden you make them sound to be. > > Integrating a Mac into a windows network is never going to be > painless; the two systems are inherently different. If what you want > is a Windows experience from your Mac, install Windows. > > Now not everybody likes MacOS X, but the same can be said for > Windows. Insert the problem of subjective preference here. > > Personally, I love working on my iMac, and managing the other Macs > in our district is very easy if you use the provided Apple tools: > Mac OS X server, Open Directory, and Apple Remote Desktop. > > Then again, I hate how a Mac _can_ cost 2x as much as a comparable > PC. I do like that software upgrades are cheaper for Mac, but I > don't like how apple drops support for anything that is not the > current generation or the previous one. If you're 2 generations > back, you're out of luck. > > What can a Mac do that a PC Can't? Nothing. But I would argue that > competition is one of the pillars of innovation. Without Mac OS X > competing against Windows, what would Windows look like today? > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: James Hill > [mailto:james.h...@superamart.com.au] > To: NT System Admin Issues > [mailto:ntsysad...@lyris.sunbelt-software.com] > Sent: Sun, 05 Sep 2010 > 19:28:49 -0700 > Subject: RE: Mac and Windows mix > > > > We have pretty much eliminated all of the Mac's here. > > > > We didn't have 3rd party products to manage them so they always required so > > much manual interaction. Any global change we made we could easily automate > > with PC's thanks to group policy etc but it was always a manual change for > > the Mac's. > > > > They really aren't a corporate product imo. You only have to look to Apple > > for a corporate grade management solution to realise that it doesn't exist. > > > > They do indeed need patching (http://support.apple.com/kb/HT1222) and there > > is AV products for them. Symantec has one for example. Personally I think > > the day is coming when someone will write a decent bit of malware/virus for > > them and 99% plus will get caught out by it. There is a very misguided > > opinion amongst the Apple community that they are safe. Apple's false > > advertising only strengthens this. The facts are that Mac's are more > > vulnerable than the PC world http://www.crn.com/security/226200083 > > > > More importantly, what is the need for the Mac's in the first place? For us > > they were only sued for Adobe CS, which runs just fine on PC's. In fact > > these days Adobe is more behind the PC world than the Mac. For example, > > 64bit Photoshop was first on PC, had to wait for CS5 for Mac to get it. > > That's without going into the Flash debate :) > > > > > > > > > > > > From: David Lum [mailto:david....@nwea.org] > > Sent: Saturday, 4 September 2010 6:07 AM > > To: NT System Admin Issues > > Subject: Mac and Windows mix > > > > I would like to hear from those of you who have a mixed Windows/Mac > > environments: How do you handle management of the diverse environment? > > Presumably with Mac's there is no patching or AV. Can you use GPO's on them > > in any fashion (wondering if there's some add-in to allow equivalency). > > David Lum // SYSTEMS ENGINEER > > NORTHWEST EVALUATION ASSOCIATION > > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris <mailto:listmana...@lyris.sunbeltsoftware.com%3cmailto:listmana...@lyris > . > sunbeltsoftware.com> > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
