14 DAY TRIAL // Following last month's CanSecWest conference which saw Apple's MacBook Air pwned and owned in less than two minutes, people have started talking. Apple's Macs are known for being secure, not because of the operating system's architecture, but because of hackers' lacking interest in the platform. Safari, however, is a different matter altogether. The browser acts as a gateway to exploiting a Mac, which is exactly what Charlie Miller (famed iPhone hacker) used to compromise the Apple MacBook Air.
As such, Tom Krazit concludes: "Mac security not so much about the Mac." We couldn't agree more. "...it's not really about taking control of a computer through flaws in the operating system; it's about using the browser as the entry point into the system or hacking Web sites," Krazi quotes Mike Romo, product manager for Symantec's Mac product line. "Trojan horses and viruses are yesterday's news," said Symantec's man.
Miller's Safari exploit, Shane Macaulay's Flash flaw, Derek Callaway and Alexander Sotirov's taking control of a Vista-running laptop, all at the same contest hosted at CanSecWest, showed that security threats are more browser-focused, and less OS-focused. Adding this to the low cost-benefit of hacking Macs, Mac security really isn't about the Mac at all: "Even if Apple moved to 10 percent market share, why spend the time on the 10 percent when you can just nail 90 percent with one bug?" Miller points out.
Miller and Romo are both Mac users. Because of the whole Mac security issue, the duo is afraid people will force Apple's hand into changing the way Macs work (particularly, the few steps involved in handling certain tasks). If this occurs, the pair believes it may result in making Apple's computers more difficult to use, taking away one of its most noteworthy strong points.