Apple v. Windows security article!
Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 08/10/2011 12:25:04 AM PDT by Swordmaker
It was pointed out in the comments that "vulnerabilities" do not translate to "exploits" on either platform... And the number of exploits on the UNIX based OSX Mac was far lower and the lack of a Registry on the Mac made it less exploitable.
The headline looks like typical hit whoring FUD
If you want on or off the Mac Ping List, Freepmail me.
Who tends to fall first at Pwn2Own?
I can understand being a cheerleader for Apple, but here’s a report stating outright that OSX isn’t quite a secure as Windows 7 - from a conference of people who love to break into things and shatter security. Maybe, just maybe, it’s not quite all as you think?
The most valuable prize, of course . . .
“Despite commonly held beliefs that Apple products draw less attention from attackers, some statistics seem to buck that notion, he says.
For example, over the past three years, 1,151 common vulnerabilities and exposures (major bugs) have affected Apple products, including third party software. The number for Windows is 1,325, not that much higher, Stamos says. “
I hate to read people who fail to express themselves in a logical manner. If you want to disprove “commonly held beliefs that Apple products draw less attention from attackers”, you have to provide data regarding, well, actual attention from attackers.
“Vulnerabilities and exposures” are *not* examples of “attention from attackers”, they are merely examples of potential avenues of attack that hypothetical attackers could use.
As for the overall thesis, it is most likely correct - the constant barrage against Microsoft over the last decade has forced them to get their act together. Apple has had an easier time, so their technology is a bit behind MS.
In practice though, the risk difference between Mac and PC is still huge, as PC:s get targeted far more often in the real world.
For the browser crack, it’s simply cash - you choose which browser you think you can break first, and go at it. Only prize for all contestants is cash.
For the laptops, in the last Pwn2Own, the value of the laptops was very close to each other, within $100 or so. The $10,000 prize for being first is the biggest prize... You crack the Sony Vaio running Windows 7 before the guy trying to crack OSX on the Macbook Pro - you get the $10,000 and the laptop - he gets nothing.
Pwn2Own kind of shows that OSX is no more secure than Windows 7; and this Blackhat report seems to indicate that it’s probably less secure. This isn’t an indictment of OSX so much as a confirmation that Win7 has really locked down security.
If you actually have the laptop in hand, why is it a challenge to hack it? I can do it with a disk I buy from Apple for $29.00, it has a Leopard on it.
Pwn2own is a microcosm of crackers who can direct exactly what happens with the target computer. The contestants come with prepared exploilts, each of which have taken MONTHS of works to locate a vulnerability, and EVERY SINGLE CRACKER targets the OSX Mac as the desirable target, first. They are not targeted all at the same time, but rather serially in 20 minute windows of opportunities to work. Since every crackers is targeting the Mac first, and they come with a guaranteed exploit, and no other computer is being target in the first 20 minute session, guess which computer "falls first?"
Perhaps you should learn about how Pwn2Own works - you have to provide REMOTE exploits. The computer is present simply to provide the ability to reset to a known configuration (factory new) and faster REMOTE access via direct LAN, rather than slower remote access.
Anything you do to the computers at Pwn2Own are restricted to what you could do remotely.
It's NOT about the cash value of the laptop, Sidelines, it's about the perceived value of the laptop the contestants WANT to win, and every time it's the Mac, not the PCs. This is not up to debate, this is historical record based on the registrants' preferences! So keep dancing.
And, again, the rules are that the competition is NOT a race... Each contestant as a serial 20 minute window to make the attempt. Followed by the next contestant, with a twenty minute window for his twenty minute crack at the target... Followed by the next contestant with his twenty minutes. If EVERY contestant registers to target the Mac first, which computer falls first? The Windows computer is sitting idle until every contestant has a crack at the Mac or it falls! Then, and only then, does the Windows computer get attacked. Those are the rules. However, because the crackers come prepared with known vulnerabilities, and the rules have been cooked in the last contest to use the PREVIOUS OS release rather than the most recent, fully patched release, the Mac has fallen in the first attempt.
How can you say THIS report says it is less secure than Windows when the body of the article says the exact OPPOSITE? OSX has 1,151 vulnerabilities in the last three years but Windows had 1,325! Windows had 174 MORE than OSX! Comments from other participants in the BlackHat stated that unlike Windows7, OSX had NO exploits in the wild! So the HEADLINE is FUD!
Swordmaker,
OK, time to think it through...
The first to crack a browser, or crack an OS gets $10,000. Now, would you choose the easiest platform for you to crack? It’s about a timed race on the same hardware. Why would you choose to crack a bank vault when a bubblegum machine is also an option?
Why do they choose to attack OSX rather than Windows, if it’s the time required to break that matters? If Windows was easier to crack, then you can give up the $1200 laptop and claim the $10,000 CASH PRIZE instead.
No, they choose the OSX platforms because they’re easier to compromise. Just like this report claims.
Your appeal to “FUD” is FUD itself - pure denial. You don’t like the answer, so you switch to something else...
Sorry, the experts speak - and say you’re wrong.
Every exploit on the Macs required user interaction to succeed.
Yes, like clicking on a web link... Trojans don't exist in the Apple universe? That's a remote exploit - you click on a remote link and you're compromised (kind of like the jailbreakme.com website and iOS).
And again - you're dodging the point. If Windows was easier to crack - with the same user interaction (it's allowed on all platforms) - then why not crack Windows, claim the $10,000 and walk away with the HUGE chunk of the prize? Why go after the "harder" computer in an attempt to win a $1200 laptop, rather than a $1000 laptop, when there's $10,000 on the line?
Answer: there is no logical reason at all. The prize money more than covers (by an order of magnitude) for the difference in value of any computers. These aren't stupid people - they'll attack what they can compromise the fastest, in an attempt to capture the big money.
Obviously you DON'T know how Pwn2Own's contests work. They win BOTH the target computer and the cash. It's not one or the other, Sidelines.
Read my posts - I didn’t say it was either/or - just that the CASH is the big prize. Who cares about a $1200 laptop versus a $1000 laptop - the big prize is the $10,000.
Now maybe you can explain how a person would attack a STRONGER computer hoping to get it, and risk losing the $10,000 cash prize? Which would you rather do - try to get a supposedly more secure (as you claim - harder to exploit) $1200 laptop, or take (as you claim - easier to exploit) $1000 laptop and $10,000 cash?
Tell me Swordmaker, if the Apple offerings are so much more secure and difficult to exploit, then why would you compete for the laptop and $10,000 cash by focusing on that tougher platform?
Go ahead - make the argument. Why crack the “vault” when the bubblegum machine is right there, and you get the $10,000 prize for cracking either one first. Does the $200 value in laptop difference really sway you such that you want to risk $10,000?
You seem to believe that this is a spur-of-the-moment decision. These exploits are honed for months ahead of the contest. Hacking the Mac nets not just the $10K, but publicity that’s worth far more to someone marketing himself as a security expert. Hacking a Windows box doesn’t get as many headlines.
You seem to think that time doesn’t matter in these competitions - if it was faster to hack the Windows box, then you would do that, since it gets you the $10,000...
Maybe you can answer - why would someone hack the harder-to-hack/slower-to-hack computer and risk the $10,000?
I guess Apple computers and products are at best no more secure than Windows, but faster to compromise too. The first part fits right in with the article here (the one that was so loudly proclaimed FUD); the second part is proven time and again at Pwn2Own.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.