It is possible that I am one of the few, if not only, Mac Fanatic at heart here. Macs are certainly my first love.
I love your comments Marc. Very true. Macintosh users have had to worry very little about security issues and/or being hacked. I am, of course, speaking of the majority of home users. I have a Mac at home. I've left it on and open (no firewall) and not had any attacks against it (at least not attacks that weren't geared to some type of web server by some kid that didn't know any better). I think that this is where the danger of OS 10 and security come into play. There is a cultural mentality that says Macs are more secure. It doesn't matter that this is wrong. With that mentality, supported by the nature of the traditional OS, a Mac user didn't worry much. Few people paid attention to hacking the Mac OS. Now, however, it is not a traditional Mac OS. Unix is a system that is targeted, frequently and now, the Mac OS is Unix. I shudder to think of the possibilities here. Cheers, Jeff -----Original Message----- From: Marc Maiffret [mailto:[EMAIL PROTECTED]] Sent: Monday, April 01, 2002 4:05 PM To: Paul Hosking; [EMAIL PROTECTED] Cc: 'Justin Kremer' Subject: RE: Apple vs. MS - more secure? I missed the first part of this conversation, so maybe I am restating.... Gauging the security level, or threat level, of MS software vs. Apple software, is not really dependent on how people are using the software as much as how secure the software is. to state the obvious ;-] So does Apple make software more secure than Microsoft? No. Does Microsoft make software more secure than Apple? No. Both software makes actually produce software products, which have numerous vulnerabilities within then. You don't hear about a lot of the apple ones because most people researching vulnerabilities just dont really care much about apple. Yay, lets go break into some artists computer. ;-] The vulnerabilities within apple software are there though. In fact they suffer from buffer overflows just as commonly as Microsoft does. The point is simple... MS software has obvious insecurities. Mac software also has the same insecurities and is also rather trivial to hack. The difference between the two is that not a lot of people really care about the security of apple software. It takes only a few seconds to go pounding remote holes in the various services installed with apple os 9.x. But why go waste time finding an apple os flaw that amounts to nothing when you can go punch holes in ms software which is run by a lot more people? etc... Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Paul Hosking [mailto:[EMAIL PROTECTED]] | Sent: Saturday, March 30, 2002 12:00 AM | To: [EMAIL PROTECTED] | Cc: 'Justin Kremer' | Subject: RE: Apple vs. MS - more secure? | | | I think Apple should get an award. I can't think of anyone else in | recent history who has better furthered the state of flame wars. Not | only can we draw on "MacOS vs. Windows" but Apple has managed to include | all the Unix guys too. Woohoo. :) | | All kidding (and potential flames, I hope) aside... | | On Thu, 2002-03-28 at 19:33, Bejon Parsinia wrote: | > I think the comparison you are drawing is unfair because we are talking | > about two OS' that are not even on the same playing field. MS is a HUGE | > hacking target because of it's availability on the Internet. How many | > websites do you know are hosted publicly on a Mac platform? How many | > enterprises run Mac as a Server/Workstation solution exclusively? | | I would have to disagree on this point. In this day and age, the vast | majority of desktop machines are online. And as various broadband | services become more available and popular, these connections are 24/7. | On reasonably fat pipes. Whether the platform is used as an enterprise | server is an almost moot point (ignoring the question of whether WinXP | is any more an "enterprise solution" than OSX). | | The fact is, these workstations are potential targets. They can become | liabilities to the enterprise (or even the home user). Nimda and | CodeRed points to well-known object lessons. A very large amount of the | traffic/damage created by these worms were not from unpatched servers, | but insecure workstations. | | If you network your machine, information security should be a concern. | | -- | | .: Paul Hosking . [EMAIL PROTECTED] | .: InfoSec | | .: PGP KeyID: 0x42F93AE9 | .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9 | |
