Quoting Tim Donahue ([EMAIL PROTECTED]): [Fudged up quoting repaired]
>> IMHO I would say OS X is more secure by default. While both can be beat >> into submission (and it does take some beating and patches for XP :-D) >> Apple has done a pretty good job. The whole idea of taking a open >> base/kernel and build on top of it helps add a little more security >> because of the many eyes idea. And if you want to you can install gcc >> and compile some of the general Unix/Linux tools for security and >> security checking. > Does anyone have any evidence to support this? I'm usually the first one to cry "all OSes are insecure", since I believe the job of any OS distribution is to provide a foundation plus some building blocks which leaves the responsibility to secure and stabilize to its user. But if I had to compare XP and OS X, I'd say the winner by a few inches is definitely OS X. a) Core ------- OS X' core is based on a very mature kernel model, Unix, whereas XP bases on the second rewrite of a screwed up adaption of something good, namely VMS. By stripping VMS of all its great features and leaving the flaws in, Microsoft has created something VERY scary with NT. 2000 and later XP share some of this flawed codebase and have introduced gazillions of other design stupidities such as, for example, a completely unuseable swap concept. As far as code audit goes, the last time anyone had a look at XPs core was in those days Microsoft made parts of it public - around NT 3.51. OS X's core is pretty open (just download it) and reviewed by the people who give us what is essentially considered some of the security best practices. Don't forget, XPs core is reviewed by the same guys who thought IIS was safe to use and who oversee all those constantly owned web and DNS-servers, Microsoft itself runs. b) Code Maturity ---------------- A clear "win" for OS X here. Instead of inventing yet another code paradigm we have to learn before we can sufficiently audit it, Apple chose the well known and well understood BSD code base for its kernel and system tools. Now, I know not about you, but being able to obtain the source code for the tools, my OS uses and the ones, my users depend on, is something that lets me sleep slightly better at night. Not to mention, that problems such as the recently discovered zlib double-free vulnerability (if it'd apply to OS X, anyways :) can be much easier and faster fixed if I can just download and install a fixed version instead of having to wait for my favorite Redmond compiler operator to get off his lazy butt, tune out the Antitrust hearings and compile me a new version. c) Internal Mechanisms ---------------------- Just have a program fail with a malloc/realloc based segfault and you'll see the difference. d) User Space ------------- Almost no difference here. Stupid users under Linux, Unix, BSD, Windows and Mac OS X are a security hazard, period, clued ones are not (or not that much). OS X at least makes it harder for its less clued in base to run it with "Administrator" rights while especially XP and 2000 through their fragged installation and execution concept encourage the use of a poweruser or admin account for day-to-day work. Simplty put, if someone's too damn clueless to understand that 'least rights' is the way to go and running your system as root/Administrator/Poweruser, etc. is sheer foolish, (s)he deserves to get his/her harddisk formatted by some malicious program. e) Mechanisms ------------- XP's built in "Firewall" isn't all that and most of the stuff that's sold as "Personal Firewall" isn't worth its install time, but the latter's been discussed enough lately so I'll just leave it that way. OS X comes with ipf, 'nuff said. OS X uses Unix' ugo-permissions set for files, Windows uses somthing that resembles ugo, if you look at it in a drunk state with one eye closed and the other one beaten to jelly. There's more, but that's it from a 50.000 foot viewpoint. Jonas