NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Home / News / Apple / Mac

Mac

Don't Blame the Mac, but the Browser

Mac OS is no safer than other operating systems. It's just not targeted enough

By Filip Truta, Apple News Editor

11th of April 2008, 09:05 GMT

Adjust text size:

Charlie (in the foreground) exploiting the MacBook Air at this year's 'PWN to OWN' contest

Following last month's CanSecWest conference which saw Apple's MacBook Air pwned and owned in less than two minutes, people have started talking. Apple's Macs are known for being secure, not because of the operating system's architecture,

but because of hackers' lacking interest in the platform. Safari, however, is a different matter altogether. The browser acts as a gateway to exploiting a Mac, which is exactly what Charlie Miller (famed iPhone hacker) used to compromise the Apple MacBook Air.

As such, Tom Krazit concludes: "Mac security not so much about the Mac." We couldn't agree more. "...it's not really about taking control of a computer through flaws in the operating system; it's about using the browser as the entry point into the system or hacking Web sites," Krazi quotes Mike Romo, product manager for Symantec's Mac product line. "Trojan horses and viruses are yesterday's news," said Symantec's man.

Miller's Safari exploit, Shane Macaulay's Flash flaw, Derek Callaway and Alexander Sotirov's taking control of a Vista-running laptop, all at the same contest hosted at CanSecWest, showed that security threats are more browser-focused, and less OS-focused. Adding this to the low cost-benefit of hacking Macs, Mac security really isn't about the Mac at all: "Even if Apple moved to 10 percent market share, why spend the time on the 10 percent when you can just nail 90 percent with one bug?" Miller points out.

Miller and Romo are both Mac users. Because of the whole Mac security issue, the duo is afraid people will force Apple's hand into changing the way Macs work (particularly, the few steps involved in handling certain tasks). If this occurs, the pair believes it may result in making Apple's computers more difficult to use, taking away one of its most noteworthy strong points.

TAGS:	browser \| Mac OS X \| Safari \| exploit \| security	SHARE THIS
Read by 1,827 user(s) \| Add comment \| Link to this article		TWEET THIS

Article rating:

Good (3.3/5)

3 vote(s)

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: Don on 11 Apr 2008, 15:11 GMT

reply to this comment

Your claim that " MacBook Air pwned and owned in less than two minutes" is totally false and a complete misrepresentation.

1) Miller says he worked for a week trying to come up with the exploit.
2) On the first day, he was totally unable to come up with anything that could get into the Mac.
3) On the second day, active participation on the part of a user (automated) was required. It's the old "click here for free porn" exploit, following which a user had to choose to get the porn, choose to download the exploit, and choose to install it.

Let's do some math. Recently, Sophos predicted that there will be 1,000,000 viruses for Windows computers by the end of this year (http://www.pcworld.com/article/id,144181-pg,1/article.html ). Currently, there are NO pieces of malware for the Mac in the wild. If malware writers came up with 1,000 new viruses and other malware for the Mac every week, it would take twenty years for the Mac to match the number of viruses for Windows.

Which do YOU think is more secure?

Comment #2 by: ratty on 11 Apr 2008, 17:03 GMT	reply to this comment
Well if this is so - where are the compromised Macs?

Comment #3 by: Joe Anonymous on 11 Apr 2008, 19:12 GMT

reply to this comment

I'm getting tired of these inane comments for many reasons:
1. It's just not true. There have been platforms with far lower installed base than Mac OS which had viruses (BeOS or AmigaOS, for example). Or, more relevantly, there were Vista-native viruses before Vista passed Mac OS X in installed base. If it was all about market share as this author alleges, that would not be possible.
2. Who cares what the reason is? Today, there are tens of millions of zombie Windows computers and no zombie Macs. Does it really matter WHY that is true? If you want a safe computer today, it's a Mac. It's possible that in 30 years, Apple would pass Microsoft in market share. It's also possible that Apple would then have more viruses than Windows. But why would that influence your decision on which computer to buy TODAY?

Comment #4 by: Jim Stead on 14 Apr 2008, 12:36 GMT	reply to this comment
This is just loose talk by someone who either doesn't know better or has a reason to spread falsehood. The Mac isn't impervious but is certainly much more secure than Windows is. In fact all unix OSes are similarly more secure, for a variety of reasons.

Comment #5 by: Windowsuser on 07 Jul 2008, 17:24 GMT

reply to this comment

The mac is not more "secure" really 1 million viruses? They are likely counting all versions of windows and all the variations of the same viruses. No operating system is safe, given the the source code any system can be exploited. Mac users more then window users at the moment due to the sheer fact of misplaced trust in security, a mac user would be more willing to click a link or install something thinking they are immune.

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES:

Mac

Don't Blame the Mac, but the Browser

Mac OS is no safer than other operating systems. It's just not targeted enough

TAGS:

Share, bookmark, add

SEARCH THE NEWS ARCHIVE :

MORE RELATED ARTICLES:

User opinions:

Share your opinion: